Infecté

Résolu
grego33 -  
fix200 Messages postés 3365 Statut Contributeur sécurité -
Bonjour,

j'ai un gros problème d'ordi. j'était infecté (par bravia je crois) et je le suis tjs. now mon ordi redémarre sans arrêt toutes les 5 minutes... HELP !

j'ai un ancien post sous grego33 pour que vous sachiez tout ce que j'ai fait...

merci à celui qui pourra m'aider !!

102 réponses

Précédent
Réponse 21 / 102
grego33
 
c'est possible de faire sans dans le mode sans échec? parce que je pense que ca va redémarrer en plein pendant le programme...
0
Réponse 22 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
C'est possible de faire sans dans le mode sans échec? parce que je pense que ca va redémarrer en plein pendant le programme...


-> En mode sans échec avec prise en charge réseau. ,
0
Réponse 23 / 102
grego33
 
l'ordi redémarre meme en mode sans échec et combofix ne démarre pas..
0
Réponse 24 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
Re,

As-tu le CD de windows ?

Toujours avec le MSE avec prise en charge réseau :

On essaye de lancer Combo puis on vois si le pc redémarre.

Fais un clic droit ici

Choisis "Enregistrer la cible du lien..." Au lieu de Combofix.exe -> Tape Moi.exe .

Clique sur "enregistrer" et laisse le téléchargement ce faire.

Ensuite exécute Combofix exactement comme expliqué ...


++++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 102
grego33
 
voila le rapport:

ComboFix 09-08-10.06 - Greeegooo 16.08.2009 17:03.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.1014.805 [GMT 2:00]
Running from: c:\documents and settings\Greeegooo\Desktop\Moi.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Installer\feb3.msi
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\wisdstr.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\beep.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 13:07 . 2009-08-16 13:07 -------- d-----w- C:\_OTL
2009-08-16 12:26 . 2009-08-16 13:26 -------- d-----w- C:\UsbFix
2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-16 09:03 . 2009-08-16 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-14 16:12 . 2009-08-14 16:12 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\Malwarebytes
2009-08-14 16:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 16:11 . 2009-08-14 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-14 16:11 . 2009-08-14 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 16:11 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 15:50 . 2009-08-16 15:07 -------- d-----w- c:\windows\temp01
2009-08-14 15:48 . 2009-08-14 15:48 -------- d-----w- C:\_OTM
2009-08-14 15:23 . 2009-08-14 15:23 -------- d-----w- C:\rsit
2009-08-12 16:28 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 13:29 . 2009-08-12 13:29 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-05 15:01 . 2009-08-05 15:01 152576 ----a-w- c:\documents and settings\Greeegooo\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 18:29 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 09:18 . 2008-02-24 17:32 -------- d-----w- c:\program files\Lavasoft
2009-08-15 19:25 . 2007-12-25 18:10 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\uTorrent
2009-08-12 20:55 . 2007-12-27 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 13:29 . 2004-08-11 17:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-05 15:02 . 2007-12-14 17:39 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-11 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 19:32 . 2007-12-26 15:36 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\LimeWire
2009-07-25 03:23 . 2009-02-17 19:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-11 17:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\iTunes
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\iPod
2009-07-16 15:07 . 2008-04-10 16:28 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 15:01 . 2009-07-16 15:01 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 21:43 . 2004-08-11 17:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 13:48 . 2009-07-03 13:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-06-26 16:50 . 2004-08-11 17:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-11 17:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2004-08-11 17:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 17:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 12:01 . 2009-06-15 12:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-12 12:31 . 2004-08-11 17:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 17:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-11 17:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2004-08-11 17:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-11 17:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 16:26 . 2009-06-04 16:26 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\French\setup.exe
2009-06-03 19:09 . 2004-08-11 17:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 05:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-12 13:29 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 13:29 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_16.55.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 18:54 . 2009-08-14 18:54 99840 c:\windows\temp01\wmpshell.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 45568 c:\windows\temp01\wmi2xml.dll
+ 2009-08-14 19:49 . 2009-08-14 19:49 20480 c:\windows\temp01\wlcomm.exe
+ 2009-08-15 18:36 . 2009-08-15 18:36 17408 c:\windows\temp01\winshfhc.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 99328 c:\windows\temp01\winscard.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 98304 c:\windows\temp01\wav.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 81920 c:\windows\temp01\Vqf.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 96256 c:\windows\temp01\vlc.exe
+ 2009-08-15 09:56 . 2009-08-15 09:56 25600 c:\windows\temp01\utildll.dll
+ 2009-08-16 09:17 . 2009-08-16 09:17 26112 c:\windows\temp01\userinit.exe
+ 2009-08-16 12:27 . 2009-08-16 12:27 26368 c:\windows\temp01\USBSTOR.SYS
+ 2009-08-16 09:18 . 2009-08-16 09:18 94208 c:\windows\temp01\UpgradeW.dll
+ 2009-08-16 09:20 . 2009-08-16 09:20 90112 c:\windows\temp01\trkwks.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 31232 c:\windows\temp01\traffic.dll
+ 2009-08-14 17:00 . 2009-08-14 17:00 10240 c:\windows\temp01\System.dll
+ 2009-08-15 18:51 . 2009-08-15 18:51 56832 c:\windows\temp01\sol.exe
+ 2009-08-14 18:51 . 2009-08-14 18:51 98304 c:\windows\temp01\slbiop.dll
+ 2009-08-16 09:03 . 2009-08-16 09:03 57344 c:\windows\temp01\setup.exe
+ 2009-08-16 09:10 . 2009-08-16 09:10 71680 c:\windows\temp01\setup.dll
+ 2009-08-16 12:30 . 2009-08-16 12:30 26624 c:\windows\temp01\setpath.exe
+ 2009-08-16 09:20 . 2009-08-16 09:20 39424 c:\windows\temp01\sens.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 69632 c:\windows\temp01\scarddlg.dll
+ 2009-08-14 21:24 . 2009-08-14 21:24 61440 c:\windows\temp01\rchelp.dll
+ 2009-08-16 09:20 . 2009-08-16 09:20 34304 c:\windows\temp01\pstorsvc.dll
+ 2009-08-16 09:20 . 2009-08-16 09:20 96768 c:\windows\temp01\psbase.dll
+ 2009-08-16 08:44 . 2009-08-16 08:44 65536 c:\windows\temp01\npjp2.dll
+ 2009-08-16 09:22 . 2009-08-16 09:22 10240 c:\windows\temp01\netcfg.exe
+ 2009-08-15 18:59 . 2009-08-15 18:59 17920 c:\windows\temp01\nddeapi.dll
+ 2009-08-16 09:06 . 2009-08-16 09:06 78848 c:\windows\temp01\msiexec.exe
+ 2009-08-16 09:17 . 2009-08-16 09:17 22016 c:\windows\temp01\mpnotify.exe
+ 2009-08-15 18:48 . 2009-08-15 18:48 86016 c:\windows\temp01\mp3PRO_hlp.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 94208 c:\windows\temp01\mp3PRO_dmo.dll
+ 2009-08-15 12:34 . 2009-08-15 12:34 12160 c:\windows\temp01\mouhid.sys
+ 2009-08-16 12:28 . 2009-08-16 12:28 19456 c:\windows\temp01\mode.com
+ 2009-08-14 18:51 . 2009-08-14 18:51 17408 c:\windows\temp01\mcicda.dll
+ 2009-08-16 09:18 . 2009-08-16 09:18 72704 c:\windows\temp01\LSInstallTools.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 12800 c:\windows\temp01\libwav_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 41472 c:\windows\temp01\libvout_directx_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 11776 c:\windows\temp01\libvoc_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 16384 c:\windows\temp01\libvobsub_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 23040 c:\windows\temp01\libvcd_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 17408 c:\windows\temp01\libty_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 81920 c:\windows\temp01\libts_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 10752 c:\windows\temp01\libsgimb_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 52736 c:\windows\temp01\libsap_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 22016 c:\windows\temp01\libreal_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 10240 c:\windows\temp01\librawdv_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 12800 c:\windows\temp01\libpva_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 27136 c:\windows\temp01\libps_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 45568 c:\windows\temp01\libplaylist_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 37888 c:\windows\temp01\libogg_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 15872 c:\windows\temp01\libnuv_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 13312 c:\windows\temp01\libnsv_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 10240 c:\windows\temp01\libnsc_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 92160 c:\windows\temp01\libmpgatofixed32_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 12288 c:\windows\temp01\libmpga_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 12800 c:\windows\temp01\libmpeg_audio_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 58368 c:\windows\temp01\libmpc_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 11776 c:\windows\temp01\libmjpeg_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 12800 c:\windows\temp01\libm3u_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 10240 c:\windows\temp01\liblinear_resampler_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 20480 c:\windows\temp01\libhotkeys_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 10240 c:\windows\temp01\libfake_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 12800 c:\windows\temp01\libdts_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 11264 c:\windows\temp01\libdolby_surround_decoder_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 13312 c:\windows\temp01\libcinepak_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 23040 c:\windows\temp01\libbandlimited_resampler_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 59392 c:\windows\temp01\libavi_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 50688 c:\windows\temp01\libasf_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 21504 c:\windows\temp01\libaraw_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 18432 c:\windows\temp01\libaout_directx_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 10752 c:\windows\temp01\libaiff_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 12288 c:\windows\temp01\libaccess_file_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 13312 c:\windows\temp01\libaccess_directory_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 40960 c:\windows\temp01\liba52tofloat32_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 10752 c:\windows\temp01\liba52_plugin.dll
+ 2009-08-16 09:02 . 2009-08-16 09:02 43520 c:\windows\temp01\kav2010_9.0.0.459FR.exe
+ 2009-08-14 18:51 . 2009-08-14 18:51 81920 c:\windows\temp01\iTunes.dll
+ 2009-08-16 09:03 . 2009-08-16 09:03 14848 c:\windows\temp01\InstallOptions.dll
+ 2009-08-16 08:41 . 2009-08-16 08:41 54784 c:\windows\temp01\icmui.dll
+ 2009-08-15 12:34 . 2009-08-15 12:34 10368 c:\windows\temp01\hidusb.sys
+ 2009-08-15 12:34 . 2009-08-15 12:34 24960 c:\windows\temp01\HIDPARSE.SYS
+ 2009-08-15 12:34 . 2009-08-15 12:34 36864 c:\windows\temp01\HIDCLASS.SYS
+ 2009-08-14 17:00 . 2009-08-14 17:00 58880 c:\windows\temp01\helper.exe
+ 2009-08-15 18:49 . 2009-08-15 18:49 77824 c:\windows\temp01\Generatr.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 26624 c:\windows\temp01\fxsdrv.dll
+ 2009-08-16 08:45 . 2009-08-16 08:45 38400 c:\windows\temp01\FSSync.dll
+ 2009-08-14 19:49 . 2009-08-14 19:49 80384 c:\windows\temp01\faultrep.dll
+ 2009-08-16 12:30 . 2009-08-16 12:30 22016 c:\windows\temp01\EchoX.exe
+ 2009-08-14 18:06 . 2009-08-14 18:06 92672 c:\windows\temp01\dskquota.dll
+ 2009-08-16 08:19 . 2009-08-16 08:19 45568 c:\windows\temp01\drwtsn32.exe
+ 2009-08-14 19:50 . 2009-08-14 19:50 60928 c:\windows\temp01\dpnhupnp.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 61440 c:\windows\temp01\dnssd.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 48128 c:\windows\temp01\DLBKUI5C.DLL
+ 2009-08-14 18:06 . 2009-08-14 18:06 87040 c:\windows\temp01\DLBKDR5C.DLL
+ 2009-08-14 18:03 . 2009-08-14 18:03 51200 c:\windows\temp01\dfrgres.dll
+ 2009-08-16 08:41 . 2009-08-16 08:41 18432 c:\windows\temp01\deskperf.dll
+ 2009-08-16 08:41 . 2009-08-16 08:41 16896 c:\windows\temp01\deskmon.dll
+ 2009-08-16 08:41 . 2009-08-16 08:41 16384 c:\windows\temp01\deskadp.dll
+ 2009-08-14 18:03 . 2009-08-14 18:03 25088 c:\windows\temp01\defrag.exe
+ 2009-08-15 18:48 . 2009-08-15 18:48 57344 c:\windows\temp01\DefConvertor.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 74752 c:\windows\temp01\cryptdlg.dll
+ 2009-08-14 19:49 . 2009-08-14 19:49 52736 c:\windows\temp01\conproxy.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 36864 c:\windows\temp01\CLMedia.dll
+ 2009-08-16 09:35 . 2009-08-16 09:35 64000 c:\windows\temp01\cleanmgr.exe
+ 2009-08-16 09:18 . 2009-08-16 09:18 19456 c:\windows\temp01\cleanapi.exe
+ 2009-08-14 21:24 . 2009-08-14 21:24 22016 c:\windows\temp01\ccmainrc.dll
+ 2009-08-16 08:57 . 2009-08-16 08:57 43520 c:\windows\temp01\avpref.dll
+ 2009-08-14 18:54 . 2009-08-14 18:54 84992 c:\windows\temp01\avifil32.dll
+ 2009-08-14 21:24 . 2009-08-14 21:24 11264 c:\windows\temp01\avconfigrc.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 86016 c:\windows\temp01\AudioPluginMgr.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 73728 c:\windows\temp01\Aiff.dll
+ 2009-08-16 09:18 . 2009-08-16 09:18 79872 c:\windows\temp01\AAWDriverTool.exe
- 2008-01-02 00:48 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-01-02 00:48 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-05-16 18:59 . 2009-05-16 18:59 19472 c:\windows\system32\drivers\klmouflt.sys
+ 2009-05-13 15:46 . 2009-05-13 15:46 31760 c:\windows\system32\drivers\klim5.sys
+ 2008-12-15 18:41 . 2008-12-15 18:41 33808 c:\windows\system32\drivers\klbg.sys
+ 2007-12-20 17:50 . 2009-08-16 15:00 29184 c:\windows\system32\dllcache\beep.sys
+ 2009-08-14 18:51 . 2009-08-14 18:51 5632 c:\windows\temp01\softpub.dll
+ 2009-08-14 21:24 . 2009-08-14 21:24 7680 c:\windows\temp01\schedr.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 4608 c:\windows\temp01\mssip32.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 8192 c:\windows\temp01\libxa_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7168 c:\windows\temp01\libugly_resampler_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 9728 c:\windows\temp01\libtta_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7680 c:\windows\temp01\libsimple_channel_mixer_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7680 c:\windows\temp01\libs16tofloat32swab_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7680 c:\windows\temp01\libs16tofloat32_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7168 c:\windows\temp01\libs16tofixed32_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 8192 c:\windows\temp01\libmpgv_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 8192 c:\windows\temp01\libm4a_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 8704 c:\windows\temp01\liblpcm_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 8192 c:\windows\temp01\libfloat32tou8_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 8704 c:\windows\temp01\libfloat32tou16_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 8192 c:\windows\temp01\libfloat32tos8_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7680 c:\windows\temp01\libfloat32tos16_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 8192 c:\windows\temp01\libfloat32_mixer_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 9216 c:\windows\temp01\libflac_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7168 c:\windows\temp01\libfixed32tos16_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7680 c:\windows\temp01\libfixed32tofloat32_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7680 c:\windows\temp01\libdtstospdif_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 9216 c:\windows\temp01\libdtssys_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 8704 c:\windows\temp01\libau_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 7168 c:\windows\temp01\liba52tospdif_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 9216 c:\windows\temp01\liba52sys_plugin.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 4096 c:\windows\temp01\ksuser.dll
+ 2009-08-14 18:05 . 2009-08-14 18:05 6656 c:\windows\temp01\HCAppRes.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 6656 c:\windows\temp01\fxsres.dll
+ 2009-08-16 12:30 . 2009-08-16 12:30 9216 c:\windows\temp01\find.exe
+ 2009-08-16 09:20 . 2009-08-16 09:20 7680 c:\windows\temp01\drvins32.exe
+ 2007-12-20 17:50 . 2004-08-04 05:00 4224 c:\windows\system32\drivers\beep.sys
- 2004-08-11 17:00 . 2004-08-04 05:00 4224 c:\windows\system32\drivers\beep.sys
+ 2009-08-16 09:10 . 2009-08-16 09:10 187392 c:\windows\temp01\xpsp1res.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 163840 c:\windows\temp01\WNASPI32.DLL
+ 2009-08-15 18:48 . 2009-08-15 18:48 283648 c:\windows\temp01\winhlp32.exe
+ 2009-08-15 07:12 . 2009-08-15 07:12 175104 c:\windows\temp01\w32time.dll
+ 2009-08-15 09:56 . 2009-08-15 09:56 135680 c:\windows\temp01\taskmgr.exe
+ 2009-08-16 09:20 . 2009-08-16 09:20 249856 c:\windows\temp01\tapisrv.dll
+ 2009-08-15 18:56 . 2009-08-15 18:56 179200 c:\windows\temp01\tak_deco_lib.dll
+ 2009-08-16 09:20 . 2009-08-16 09:20 333952 c:\windows\temp01\srv.sys
+ 2009-08-16 09:20 . 2009-08-16 09:20 171008 c:\windows\temp01\srsvc.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 306176 c:\windows\temp01\slbcsp.dll
+ 2009-08-14 18:54 . 2009-08-14 18:54 152064 c:\windows\temp01\shmedia.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 171008 c:\windows\temp01\sccsccp.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 169984 c:\windows\temp01\sccbase.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 233472 c:\windows\temp01\ro1420c.dll
+ 2009-08-15 09:51 . 2009-08-15 09:51 143360 c:\windows\temp01\npqtplugin2.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 270336 c:\windows\temp01\newtrf.dll
+ 2009-08-15 06:55 . 2009-08-15 06:56 247808 c:\windows\temp01\newdev.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 200704 c:\windows\temp01\NetRecorder.dll
+ 2009-08-16 09:20 . 2009-08-16 09:20 171008 c:\windows\temp01\netmsg.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 102400 c:\windows\temp01\neRSDB.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 159744 c:\windows\temp01\neroscsi.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 282624 c:\windows\temp01\neroErr.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 102400 c:\windows\temp01\NeHDBlkAccess.dll
+ 2009-08-14 17:00 . 2009-08-14 17:00 261632 c:\windows\temp01\mucltui.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 290816 c:\windows\temp01\msvcrt.dll
+ 2009-08-16 09:08 . 2009-08-16 09:08 271360 c:\windows\temp01\msihnd.dll
+ 2009-08-15 18:59 . 2009-08-15 18:59 126976 c:\windows\temp01\mshearts.exe
+ 2009-08-16 08:21 . 2009-08-16 08:21 123904 c:\windows\temp01\mofd.dll
+ 2009-08-14 19:50 . 2009-08-14 19:50 212992 c:\windows\temp01\MFPLAT.dll
+ 2009-08-16 09:18 . 2009-08-16 09:18 101888 c:\windows\temp01\mEXEFunc.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 194560 c:\windows\temp01\libtheora_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 107008 c:\windows\temp01\libspeex_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 175104 c:\windows\temp01\libpng_plugin.dll
+ 2009-08-15 10:01 . 2009-08-15 10:01 138240 c:\windows\temp01\libmp4_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 111616 c:\windows\temp01\liblibmpeg2_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 134656 c:\windows\temp01\libflacdec_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 291840 c:\windows\temp01\libfaad_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 223232 c:\windows\temp01\libdvdnav_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 148992 c:\windows\temp01\libdtstofloat32_plugin.dll
+ 2009-08-15 07:21 . 2009-08-15 07:21 115200 c:\windows\temp01\libdshow_plugin.dll
+ 2009-08-16 09:21 . 2009-08-16 09:21 290304 c:\windows\temp01\klif.sys
+ 2009-08-16 08:45 . 2009-08-16 08:45 282624 c:\windows\temp01\kave.dll
+ 2009-08-16 08:44 . 2009-08-16 08:44 208896 c:\windows\temp01\jkernel.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 107008 c:\windows\temp01\iTunesRegistry.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 118784 c:\windows\temp01\iTunesLocalized.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 196608 c:\windows\temp01\ISOFS.dll
+ 2009-08-14 18:51 . 2009-08-14 18:51 147456 c:\windows\temp01\initpki.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 241664 c:\windows\temp01\ims.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 131072 c:\windows\temp01\image.dll
+ 2009-08-16 08:38 . 2009-08-16 08:38 147456 c:\windows\temp01\igfxpph.dll
+ 2009-08-15 06:59 . 2009-08-15 06:59 254976 c:\windows\temp01\icm32.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 192512 c:\windows\temp01\fxswzrd.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 154112 c:\windows\temp01\fxsui.dll
+ 2009-08-16 12:27 . 2009-08-16 12:27 143744 c:\windows\temp01\Fastfat.SYS
+ 2009-08-15 18:48 . 2009-08-15 18:48 225280 c:\windows\temp01\Dws114x.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 139264 c:\windows\temp01\DriveLocker.dll
+ 2009-08-14 18:06 . 2009-08-14 18:06 352256 c:\windows\temp01\DLBKUTIL.DLL
+ 2009-08-16 09:18 . 2009-08-16 09:18 312320 c:\windows\temp01\DIFxAPI.dll
+ 2009-08-14 18:03 . 2009-08-14 18:03 105472 c:\windows\temp01\dfrgntfs.exe
+ 2009-08-15 18:48 . 2009-08-15 18:48 233472 c:\windows\temp01\cr2200cs.dll
+ 2009-08-14 19:50 . 2009-08-14 19:50 122368 c:\windows\temp01\consync.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 278528 c:\windows\temp01\cdu920.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 258048 c:\windows\temp01\CDROM.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 241664 c:\windows\temp01\cdr50s.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 233472 c:\windows\temp01\cdr100.dll
+ 2009-08-15 18:48 . 2009-08-15 18:48 204800 c:\windows\temp01\CDCopy.dll
+ 2009-08-16 09:14 . 2009-08-16 09:14 212992 c:\windows\temp01\avwmi.dll
+ 2009-08-14 21:24 . 2009-08-14 21:24 271360 c:\windows\temp01\avconfig.exe
+ 2009-08-16 09:20 . 2009-08-16 09:20 296976 c:\windows\system32\drivers\klif.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickHelp2_McciTrayApp"="c:\program files\QuickHelp2\QuickHelp.exe" [2008-07-09 1874944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-14 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [21.11.2008 19:34 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.11.2008 20:05 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.11.2008 20:05 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.11.2008 20:06 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [25.11.2008 18:12 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.11.2008 20:06 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [25.11.2008 18:11 97704]
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Greeegooo\Application Data\Mozilla\Firefox\Profiles\wdngv137.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2013104259-2867668384-94150872-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ce,2b,f6,d1,e7,cb,6f,85,08,e3,f8,7e,79,c9,77,ea,09,46,c6,6c,18,a5,18,
3e,89,c9,6e,27,7c,18,b5,cf,04,c8,16,95,32,1c,34,00,bf,8a,cf,65,43,02,78,24,\
"??"=hex:c8,61,dd,40,7d,c7,58,0b,ab,d0,c0,83,73,29,e6,c8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-08-16 17:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 15:12
ComboFix2.txt 2009-08-14 16:59

Pre-Run: 6'786'240'512 bytes free
Post-Run: 6'688'231'424 bytes free

405 --- E O F --- 2009-08-15 06:58
0
Réponse 26 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
Impec :)

Refais OTL comme expliqué stp.

0
Réponse 27 / 102
grego33
 
http://www.cijoint.fr/cjlink.php?file=cj200908/cijvWj7I2j.txt
0
Réponse 28 / 102
Utilisateur anonyme
 
O4 - HKLM..\Run: [braviax] C:\WINDOWS\System32\braviax.exe

lol^^
0
Réponse 29 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
Re ,

EDIT :

NE FAIS PAS LA PROCEDURE JE TE PREPARE UNE AUTRE.

++
0
Réponse 30 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
/!\ Attention /!\

|=> Script écrit spécialement pour cet ordinateur , toute autre transportation pourrait endommager sévèrement votre système <=|


▶ Copie le texte ci-dessous :


File::
C:\WINDOWS\braviax.exe
C:\WINDOWS\System32\cru629.dat
C:\WINDOWS\cru629.dat
C:\WINDOWS\System32\wisdstr.exe
C:\WINDOWS\System32\braviax.exe

Driver::
yagnn*.sys

▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

▶ Sauvegarde ce fichier sous le nom de CFScript.txt

/!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
(!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

=> Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé.

▶ Après redémarrage, poste le contenu du rapport Combofix.txt


Je dois partir , je te fais signe dés mon retour.

A+
0
Réponse 31 / 102
grego33
 
voila le rapport:

ComboFix 09-08-10.06 - Greeegooo 16.08.2009 17:54.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.1014.659 [GMT 2:00]
Running from: c:\documents and settings\Greeegooo\Desktop\Moi.exe
Command switches used :: c:\documents and settings\Greeegooo\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\braviax.exe"
"c:\windows\cru629.dat"
"c:\windows\System32\braviax.exe"
"c:\windows\System32\cru629.dat"
"c:\windows\System32\wisdstr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\System32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\wisdstr.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\beep.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 13:07 . 2009-08-16 13:07 -------- d-----w- C:\_OTL
2009-08-16 12:26 . 2009-08-16 13:26 -------- d-----w- C:\UsbFix
2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-16 09:03 . 2009-08-16 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-14 16:12 . 2009-08-14 16:12 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\Malwarebytes
2009-08-14 16:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 16:11 . 2009-08-14 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-14 16:11 . 2009-08-14 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 16:11 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 15:50 . 2009-08-16 15:57 -------- d-----w- c:\windows\temp01
2009-08-14 15:48 . 2009-08-14 15:48 -------- d-----w- C:\_OTM
2009-08-14 15:23 . 2009-08-14 15:23 -------- d-----w- C:\rsit
2009-08-12 16:28 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 13:29 . 2009-08-12 13:29 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-05 15:01 . 2009-08-05 15:01 152576 ----a-w- c:\documents and settings\Greeegooo\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 18:29 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 09:18 . 2008-02-24 17:32 -------- d-----w- c:\program files\Lavasoft
2009-08-15 19:25 . 2007-12-25 18:10 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\uTorrent
2009-08-12 20:55 . 2007-12-27 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 13:29 . 2004-08-11 17:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-05 15:02 . 2007-12-14 17:39 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-11 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 19:32 . 2007-12-26 15:36 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\LimeWire
2009-07-25 03:23 . 2009-02-17 19:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-11 17:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\iTunes
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\iPod
2009-07-16 15:07 . 2008-04-10 16:28 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 15:01 . 2009-07-16 15:01 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 21:43 . 2004-08-11 17:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 13:48 . 2009-07-03 13:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-06-26 16:50 . 2004-08-11 17:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-11 17:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2004-08-11 17:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 17:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 12:01 . 2009-06-15 12:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-12 12:31 . 2004-08-11 17:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 17:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-11 17:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2004-08-11 17:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-11 17:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 16:26 . 2009-06-04 16:26 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\French\setup.exe
2009-06-03 19:09 . 2004-08-11 17:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-16_15.09.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 15:59 . 2009-08-16 15:59 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
+ 2007-12-20 17:50 . 2009-08-16 15:47 29184 c:\windows\system32\dllcache\beep.sys
- 2007-12-20 17:50 . 2009-08-16 15:00 29184 c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickHelp2_McciTrayApp"="c:\program files\QuickHelp2\QuickHelp.exe" [2008-07-09 1874944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-14 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [21.11.2008 19:34 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.11.2008 20:05 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.11.2008 20:05 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.11.2008 20:06 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [25.11.2008 18:12 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.11.2008 20:06 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [25.11.2008 18:11 97704]
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Greeegooo\Application Data\Mozilla\Firefox\Profiles\wdngv137.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 18:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2013104259-2867668384-94150872-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ce,2b,f6,d1,e7,cb,6f,85,08,e3,f8,7e,79,c9,77,ea,09,46,c6,6c,18,a5,18,
3e,89,c9,6e,27,7c,18,b5,cf,04,c8,16,95,32,1c,34,00,bf,8a,cf,65,43,02,78,24,\
"??"=hex:c8,61,dd,40,7d,c7,58,0b,ab,d0,c0,83,73,29,e6,c8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-16 18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 16:05
ComboFix2.txt 2009-08-16 15:12
ComboFix3.txt 2009-08-14 16:59

Pre-Run: 5'633'744'896 bytes free
Post-Run: 5'612'974'080 bytes free

205 --- E O F --- 2009-08-15 06:58
0
Réponse 32 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
RE,

Je suis sur que l'infection c'est rebalancée ...

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

▶ Double-clique sur RSIT.exe afin de lancer RSIT.

▶ Clique sur Continue à l'écran " Disclaimer of warranty ".

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.


▶ Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

=> Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemdrive%\rsit ou C:\rsit

+++
0
Réponse 33 / 102
grego33
 
y a que le log.txt qui est apparu... j'ai pas l'impression qu'il ai fait un scan...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Greeegooo at 2009-08-16 19:52:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (5%) free of 109 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:24, on 14.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\QuickHelp2\QuickHelp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Greeegooo\msword98.exe
C:\Documents and Settings\Greeegooo\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN17.tmp
C:\Documents and Settings\Greeegooo\Desktop\RSIT.exe
C:\Program Files\HijackThis\Greeegooo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ch/ig/dell?hl=en&client=dell-row&channel=ch&ibd=4071215
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/de-ch?c=ch&l=en&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ch/ig/dell?hl=en&client=dell-row&channel=ch&ibd=4071215
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickHelp2_McciTrayApp] "C:\Program Files\QuickHelp2\QuickHelp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Greeegooo\msword98.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 34 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
Re ,

Bon braviax tu commence a sérieusement m'énerver ... !!!

On va faire une little vérif :

Télécharge Gmer (by Przemyslaw Gmerek)

▶ Dézippe gmer ,cliques sur l'onglet rootkit,lances le scan, des lignes rouges vont apparaitre.

* Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
0
Réponse 35 / 102
grego33
 
gmer ne se lance pas... par contre je touche du bois mais il ne redémarre plus.
0
Réponse 36 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
Re,

Attends un peu , je te prépare la suite ...

@+
0
Réponse 37 / 102
fix200 Messages postés 3365 Statut Contributeur sécurité 158
 
Je suis de retour ,

Question : tu as le CD de Windows pour une éventuelle réparation ?

Fais moi TOUTE cette manipe dans l ordre :

Si vous êtes sous vista: désactivez l'UAC

Télécharge SDFix de andymanchesta

Tutoriel SDFix

▶ Installe le puis redémarre en mode sans échec

▶ Sous XP: fais un double clique sur: C:\SDFix\RunThis.bat
=>Sous Vista: fais un clic droit sur C:\SDFix\RunThis.bat et choisis "exécuter en tant qu'administrateur"

▶ Appuie sur la touche Y pour commencer le processus de nettoyage.

> Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

▶ Appuie sur une touche pour redémarrer le PC.

▶ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

▶ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

▶ Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

▶ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum


=> Si SDfix ne se lance pas (ça arrive)

* Démarrer -> Exécuter
* Copie/colle ceci dans la fenêtre :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* patiente le temps du scan...

===================================================

Démarrer => exécuter

Tape : combofix /u

Valide par OK

ComboFix va redémarrer puis se supprimer

===================================================

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS /!\

_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=========================================================

============> A lire, Impératif <============


Télécharge ComboFix (de sUBs) sur ton bureau :

Fais un clic droit ici

Choisis "Enregistrer la cible du lien..." Au lieu de Combofix.exe -> Tape Moi.exe .

Clique sur "enregistrer" et laisse le téléchargement ce faire.



AVANT d'utiliser ComboFix :

/!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
(!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


▶ Double clique sur Combofix.exe afin de le lancer (Sous Vista: Clique droit et choisir exécuter en tant qu'administrateur")

▶ Il va te demander d'installer le console de récupération , reconnecte toi juste le temps de la télécharger , ensuite coupe ta connexion internet .

* En cas de problèmes d'installation, Tuto
Sous XP
Sous Vista

▶ Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.


!!!!! NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS, CLAVIER.....) !!!!!

▶ A la fin du scan , il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection , laisse le faire ....


▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc notes en fin d'analyse,

▶ Réactive toutes tes défenses , reviens sur le forum puis copie et colle le rapport dans ton a ta prochaine réponse


Note :
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

@ +
0
Réponse 38 / 102
grego33
 
rapport de sdfix:


[b]SDFix: Version 1.240 [/b]
Run by Greeegooo on 16.08.2009 at 20:59

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Resetting AppInit_DLLs value


Rebooting


[b]Infected beep.sys Found![/b]

beep.sys File Locations:

"C:\WINDOWS\system32\dllcache\beep.sys" 29184 16.08.2009 20:50
"C:\WINDOWS\system32\dllcache\cache\beep.sys" 4224 04.08.2004 07:00
"C:\WINDOWS\system32\drivers\beep.sys" 29184 16.08.2009 20:50

Infected File Listed Below:

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys

File copied to Backups Folder
Attempting to replace beep.sys with original version


Original beep.sys Restored

"C:\WINDOWS\system32\dllcache\beep.sys" 4224 07.08.2008 15:27
"C:\WINDOWS\system32\dllcache\cache\beep.sys" 4224 04.08.2004 07:00
"C:\WINDOWS\system32\drivers\beep.sys" 4224 07.08.2008 15:27



[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\braviax.exe - Deleted
C:\WINDOWS\cru629.dat - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\cru629.dat - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 21:06:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\braviax.exe [3388] 0x86407A00

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000155

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Disabled:Windows Live Call"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 2 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 16 Aug 2009 248,083 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e2110c803604799bad6cc14ba892658\BIT2.tmp"
Sun 23 Dec 2007 857 ...HR --- "C:\Documents and Settings\Greeegooo\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]




rapport de combofix:

ComboFix 09-08-10.06 - Greeegooo 16.08.2009 21:09.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.1014.576 [GMT 2:00]
Running from: c:\documents and settings\Greeegooo\Desktop\Moi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

.
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 18:59 . 2009-08-16 18:59 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-08-16 18:57 . 2009-08-16 18:57 -------- d-----w- c:\windows\ERUNT
2009-08-16 18:54 . 2009-08-16 19:08 -------- d-----w- C:\SDFix
2009-08-16 16:26 . 2009-03-03 09:21 9985 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-16 16:26 . 2009-08-16 16:25 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-16 16:26 . 2008-10-20 06:38 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-16 16:25 . 2009-08-16 16:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-16 09:03 . 2009-08-16 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-14 16:12 . 2009-08-14 16:12 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\Malwarebytes
2009-08-14 16:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 16:11 . 2009-08-14 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-14 16:11 . 2009-08-14 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 16:11 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 15:50 . 2009-08-16 19:12 -------- d-----w- c:\windows\temp01
2009-08-14 15:48 . 2009-08-14 15:48 -------- d-----w- C:\_OTM
2009-08-14 15:23 . 2009-08-14 15:23 -------- d-----w- C:\rsit
2009-08-12 16:28 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 13:29 . 2009-08-12 13:29 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-05 15:01 . 2009-08-05 15:01 152576 ----a-w- c:\documents and settings\Greeegooo\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 18:29 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 16:25 . 2008-02-24 17:32 -------- d-----w- c:\program files\Lavasoft
2009-08-16 16:25 . 2007-12-20 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-16 16:15 . 2009-08-16 16:15 -------- d-----w- c:\program files\Avira
2009-08-16 16:15 . 2009-08-16 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-15 19:25 . 2007-12-25 18:10 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\uTorrent
2009-08-12 20:55 . 2007-12-27 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 13:29 . 2004-08-11 17:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-05 15:02 . 2007-12-14 17:39 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2004-08-11 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 19:32 . 2007-12-26 15:36 -------- d-----w- c:\documents and settings\Greeegooo\Application Data\LimeWire
2009-07-25 03:23 . 2009-02-17 19:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-11 17:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\iTunes
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\iPod
2009-07-16 15:07 . 2008-04-10 16:28 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 15:01 . 2009-07-16 15:01 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 21:43 . 2004-08-11 17:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2004-08-11 17:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-11 17:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2004-08-11 17:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 17:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-11 17:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 17:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-11 17:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2004-08-11 17:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-11 17:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 16:26 . 2009-06-04 16:26 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\French\setup.exe
2009-06-03 19:09 . 2004-08-11 17:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 05:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-12 13:29 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 13:29 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-08-16_15.09.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-16 19:02 . 2009-08-16 19:02 16384 c:\windows\temp\Perflib_Perfdata_584.dat
+ 2009-08-16 16:27 . 2009-08-16 16:27 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
- 2008-03-06 18:32 . 2009-07-25 18:33 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-03-06 18:32 . 2009-08-16 16:26 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-08-16 16:27 . 2009-08-16 16:27 64160 c:\windows\system32\drivers\Lbd.sys
+ 2009-08-16 16:15 . 2009-03-30 08:32 96104 c:\windows\system32\drivers\avipbb.sys
+ 2009-08-16 16:15 . 2009-02-13 10:28 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2009-08-16 16:15 . 2009-02-13 10:17 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2007-12-20 17:50 . 2008-08-07 13:27 4224 c:\windows\system32\drivers\beep.sys
- 2007-12-20 17:50 . 2004-08-04 05:00 4224 c:\windows\system32\drivers\beep.sys
+ 2007-12-20 17:50 . 2008-08-07 13:27 4224 c:\windows\system32\dllcache\beep.sys
+ 2009-08-16 16:25 . 2009-08-16 16:25 570368 c:\windows\Installer\60892.msi
+ 2009-08-16 18:57 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-08-16 18:57 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-08-16 18:57 . 2009-08-16 18:57 1384448 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-08-16 18:57 . 2009-08-16 18:57 6709248 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-08-16 18:57 . 2009-08-16 18:57 1384448 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-08-16 18:57 . 2009-08-16 18:57 6709248 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickHelp2_McciTrayApp"="c:\program files\QuickHelp2\QuickHelp.exe" [2008-07-09 1874944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-16 520024]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-14 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.08.2009 18:27 64160]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16.08.2009 18:15 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [21.11.2008 19:34 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.11.2008 20:05 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.11.2008 20:05 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.11.2008 20:06 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [25.11.2008 18:12 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.11.2008 20:06 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [25.11.2008 18:11 97704]
.
Contents of the 'Scheduled Tasks' folder

2009-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:27]

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
HKLM-Run-braviax - braviax.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Greeegooo\Application Data\Mozilla\Firefox\Profiles\wdngv137.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 21:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

? [3388]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2013104259-2867668384-94150872-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ce,2b,f6,d1,e7,cb,6f,85,08,e3,f8,7e,79,c9,77,ea,09,46,c6,6c,18,a5,18,
3e,89,c9,6e,27,7c,18,b5,cf,04,c8,16,95,32,1c,34,00,bf,8a,cf,65,43,02,78,24,\
"??"=hex:c8,61,dd,40,7d,c7,58,0b,ab,d0,c0,83,73,29,e6,c8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-08-16 21:15
ComboFix-quarantined-files.txt 2009-08-16 19:15
ComboFix2.txt 2009-08-16 16:05
ComboFix3.txt 2009-08-16 15:12
ComboFix4.txt 2009-08-14 16:59

Pre-Run: 5'242'445'824 bytes free
Post-Run: 5'211'447'296 bytes free

208 --- E O F --- 2009-08-15 06:58
0
Réponse 39 / 102
grego33
 
j'ai oublié, oui j'ai le cd de windows
0
Réponse 40 / 102
grego33
 
re, je vais arreter pour today, je reprend demain !

merci en tout cas pour tout ce que t'as fait, j'espère que t'es la demain.

ciao bonne soirée
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Je pense être infecté par un virus
Spiricraft -
Malekal_morte- -

2 réponses