Comme beaucoup virus win 32 ...

Résolu
almathus Messages postés 61 Statut Membre -  
almathus Messages postés 61 Statut Membre -
Bonjour,
Comme beaucoup j'ai hérité d'un virus, trojan ou je ne sais quoi rot Win 32 sur mon pc et je n'arrive pas à m'en débarrasser. J'espère que vous pourrez m'aider un petit peu.

Voiçi le rapport hijackthis vu que cela peut aider.

Merçi d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:42, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\pp11.exe
C:\Documents and Settings\chris\msword98.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\sony\usbsircs\USBsircs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Documents and Settings\chris\Mes documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\chris\msword98.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pilote Remocon.lnk = C:\Program Files\sony\usbsircs\USBsircs.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:

99 réponses

Précédent
Réponse 41 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
C'est un peu embêtant.

On va commencer par installer la console de récupération.
Essaie ceci en ligne de commande :
Démarrer --> Exécuter --> tape c:\i386\winnt32.exe /cmdcons

Dis moi si cela a marché.

A+
0
Réponse 42 / 99
almathus Messages postés 61 Statut Membre
 
désolé marche pas !!
0
Réponse 43 / 99
almathus Messages postés 61 Statut Membre
 
emplacement non disponible
0
Réponse 44 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Désolé,

J'ai contacté quelqu'un pour beep.sys.
J'aurais la réponse demain.

Essaie ceci.
Démarrer --> eécuter --> tape : C:\WINDOWS\ServicePackFiles\i386\winnt32.exe /cmdcons

Ensuite, on reessaie avec Combofix en mode sans échec. Il devrait passer.

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 99
almathus Messages postés 61 Statut Membre
 
non pas possible pour la console !!

Je redemarre en mode sans echec ?
0
Réponse 46 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Oui, tu vas pouvoir redémarrer en mode sans échec.
Mais avant, supprime l'exécutable de Combofix présent sur ton bureau.

Puis Tu vas télécharger combofix.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Redémarre ensuite en mode sans échec puis lance Combofix.

Copie/colle ce rapport dans ta prochaine réponse.

Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.

je vais attendre.

A+
0
Réponse 47 / 99
almathus Messages postés 61 Statut Membre
 
je le laisse sous ce nom là ?
0
Réponse 48 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Oui
0
Réponse 49 / 99
almathus Messages postés 61 Statut Membre
 
Re

Bon rien à faire, j'arrive pas a démarrer combofix en sans echec !!

Veut rien savoir

Je suggere une pause sommeil et si tu est dispo demain je serais là.

Indique jsute un heure depassage pour que je me connecte
.

Grand merci pour le temps passé.
0
Réponse 50 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Ok,

Le problème avec ce virus est qu'il va se relancer à chaque démarrage.
Si tu allumes le PC demain, laisse le allumer.

Je serais présent sur le forum demain matin ( à partir de 9 h jusqu'à 16 h).
Les consignes.

1/ Relance RSIT ( sur ton bureau ).
Tu ne devrais avoir qu'un seul rapport.
Poste-le.

2/ Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
# A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
# Accepte. Après la, mise à jour, le logiciel va s’ouvrir.

# Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
# Clique sur lancer l’examen.

# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

Le scan dure en moyenne 50 mn.

Je regarderais cela demain.

A+
0
Réponse 51 / 99
almathus Messages postés 61 Statut Membre
 
rapport rsit

:

Logfile of random's system information tool 1.06 (written by random/random)
Run by chris at 2009-08-19 01:49:42
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (48%) free of 29 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:46, on 19/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\ld12.exe
C:\windows\freddy58.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\chris\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\sony\usbsircs\USBsircs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\chris\Bureau\RSIT.exe
C:\Documents and Settings\chris\Mes documents\chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy58.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\chris\msword98.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pilote Remocon.lnk = C:\Program Files\sony\usbsircs\USBsircs.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 52 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
OK,

C'est pas bon signe. Il y a encore des fichiers infectieu de créer.
Bonne nuit.

A demain.
0
Réponse 53 / 99
almathus Messages postés 61 Statut Membre
 
Bonjour,

Voici le rapport malwarebyte :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2651
Windows 5.1.2600 Service Pack 3

19/08/2009 07:28:42
mbam-log-2009-08-19 (07-28-42).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 193661
Temps écoulé: 53 minute(s), 24 second(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 70

Processus mémoire infecté(s):
C:\WINDOWS\freddy58.exe (Worm.Koobface) -> Unloaded process successfully.
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Unloaded process successfully.
C:\Documents and Settings\chris\msword98.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\msword98.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC Antispyware 2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\chris\msword98.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msword98.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy58.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temp\BNA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\2FLR34G3\fb.58[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4HUV8LAB\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\pp11.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\figaro.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP278\A0029473.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0029564.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0029565.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0030576.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0030577.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031644.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0030578.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031575.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031585.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031586.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031634.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031645.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0031648.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0032634.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0032644.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0032645.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0032774.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0032785.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0032787.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033774.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033785.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033786.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033932.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033941.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033942.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033949.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033989.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP279\A0033990.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\srpira1250635712.eXE (Spyware.LdPinch) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\chris\admin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Cookies\kece.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0
Réponse 54 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Bonjour,

On avance mais comme je te le disais, il faudra absolument réussir à passer ComBoFix pour traiter cette infection.

On va vérifier pour commencer.

Relance RSIT et poste moi le rapport obtenu.

A+
0
Réponse 55 / 99
almathus Messages postés 61 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by chris at 2009-08-19 09:27:30
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (48%) free of 29 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:40, on 19/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\sony\usbsircs\USBsircs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\chris\Bureau\RSIT.exe
C:\Documents and Settings\chris\Mes documents\chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pilote Remocon.lnk = C:\Program Files\sony\usbsircs\USBsircs.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 56 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Il est toujours présent.

Tu vas vérifier si les fichiers beep.sys et ntfs.sys sont encore corrompus.
Refais les manips du message 26 :
https://forums.commentcamarche.net/forum/affich-13946940-comme-beaucoup-virus-win-32?page=2#26

et poste les deux rapports.

A+
0
Réponse 57 / 99
almathus Messages postés 61 Statut Membre
 
Je poste depuis mon portable là !!

a priori j'ai reussi a lancer conbofix

Il a redemarrer mon pc et fini le scan !!

je post le rapport en esperant qu'il soit entier
0
Réponse 58 / 99
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
OK, super.

malwarebytes a sans doute affaibli le virus et permis à combofix de passer.

A+
0
Réponse 59 / 99
almathus Messages postés 61 Statut Membre
 
log.txt combofix a priori en entier

ComboFix 09-08-10.06 - chris 19/08/2009 9:29.3.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.234 [GMT 2:00]
Running from: c:\documents and settings\chris\Bureau\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\chris\accwiz.exe
c:\documents and settings\chris\actmovie.exe
c:\documents and settings\chris\ahui.exe
c:\documents and settings\chris\alg.exe
c:\documents and settings\chris\at.exe
c:\documents and settings\chris\atmadm.exe
c:\documents and settings\chris\auditusr.exe
c:\documents and settings\chris\autochk.exe
c:\documents and settings\chris\autoconv.exe
c:\documents and settings\chris\autofmt.exe
c:\documents and settings\chris\autolfn.exe
c:\documents and settings\chris\blastcln.exe
c:\documents and settings\chris\cacls.exe
c:\documents and settings\chris\cisvc.exe
c:\documents and settings\chris\cleanmgr.exe
c:\documents and settings\chris\cliconfg.exe
c:\documents and settings\chris\clipbrd.exe
c:\documents and settings\chris\clipsrv.exe
c:\documents and settings\chris\cmmon32.exe
c:\documents and settings\chris\conime.exe
c:\documents and settings\chris\dcomcnfg.exe
c:\documents and settings\chris\ddeshare.exe
c:\documents and settings\chris\defrag.exe
c:\documents and settings\chris\dfrgfat.exe
c:\documents and settings\chris\dfrgntfs.exe
c:\documents and settings\chris\diskpart.exe
c:\documents and settings\chris\dmadmin.exe
c:\documents and settings\chris\dmremote.exe
c:\documents and settings\chris\dosx.exe
c:\documents and settings\chris\dplaysvr.exe
c:\documents and settings\chris\dpnsvr.exe
c:\documents and settings\chris\dpvsetup.exe
c:\documents and settings\chris\dumprep.exe
c:\documents and settings\chris\dvdupgrd.exe
c:\documents and settings\chris\dwwin.exe
c:\documents and settings\chris\dxdiag.exe
c:\documents and settings\chris\eudcedit.exe
c:\documents and settings\chris\extrac32.exe
c:\documents and settings\chris\fontview.exe
c:\documents and settings\chris\forcedos.exe
c:\documents and settings\chris\help.exe
c:\documents and settings\chris\krnl386.exe
c:\documents and settings\chris\locator.exe
c:\documents and settings\chris\logagent.exe
c:\documents and settings\chris\logman.exe
c:\documents and settings\chris\logonui.exe
c:\documents and settings\chris\mmc.exe
c:\documents and settings\chris\mshta.exe
c:\documents and settings\chris\mspaint.exe
c:\documents and settings\chris\narrator.exe
c:\documents and settings\chris\net.exe
c:\documents and settings\chris\net1.exe
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\avonat.pif
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\madexixyho.com
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\roqeqimevo.com
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{4FA2ED74-D426-4C11-9759-0AC6A83677E8}\RP280\A0034012.sys


.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-19 05:42 . 2009-08-19 05:42 19932 ----a-w- c:\documents and settings\All Users\Application Data\ytyzuru.com
2009-08-19 05:42 . 2009-08-19 05:42 18571 ----a-w- c:\windows\alegys.bin
2009-08-19 05:42 . 2009-08-19 05:42 17407 ----a-w- c:\program files\Fichiers communs\ijetip.pif
2009-08-19 05:42 . 2009-08-19 05:42 16484 ----a-w- c:\windows\system32\afiguky.sys
2009-08-19 05:42 . 2009-08-19 05:42 16306 ----a-w- c:\windows\system32\erofuv.dll
2009-08-19 05:42 . 2009-08-19 05:42 15016 ----a-w- c:\windows\system32\urupajejab.scr
2009-08-19 05:42 . 2009-08-19 05:42 14240 ----a-w- c:\windows\hohyg.scr
2009-08-19 05:42 . 2009-08-19 05:42 13773 ----a-w- c:\documents and settings\LocalService\Application Data\icyryp.bat
2009-08-19 05:42 . 2009-08-19 05:42 13487 ----a-w- c:\windows\oquto.vbs
2009-08-19 05:42 . 2009-08-19 05:42 10343 ----a-w- c:\documents and settings\LocalService\Application Data\sisyhicik.dll
2009-08-19 05:42 . 2009-08-19 05:42 10253 ----a-w- c:\documents and settings\All Users\Application Data\ketyfok.sys
2009-08-19 05:42 . 2009-08-19 05:44 -------- d-----w- c:\program files\PC_Antispyware2010
2009-08-19 05:34 . 2003-04-24 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-19 05:34 . 2003-04-24 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-18 23:52 . 2009-08-18 23:52 -------- d-----w- c:\documents and settings\chris\Application Data\Malwarebytes
2009-08-18 23:52 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 23:52 . 2009-08-19 05:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 23:52 . 2009-08-18 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 23:52 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 22:53 . 2008-04-14 02:34 16896 ----a-w- c:\documents and settings\chris\more.com
2009-08-18 22:48 . 2009-08-18 22:48 1 ---h--w- c:\windows\ex23567.dat
2009-08-18 21:52 . 2009-08-18 21:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-18 21:49 . 2009-08-18 21:50 -------- d-----w- C:\rsit
2009-08-18 20:24 . 2009-08-18 20:24 12249 ----a-w- c:\windows\uhuxy.scr
2009-08-18 20:24 . 2009-08-18 20:24 11416 ----a-w- c:\documents and settings\chris\Application Data\nykaq.bat
2009-08-18 20:24 . 2009-08-18 20:24 11266 ----a-w- c:\windows\system32\ytew.reg
2009-08-18 20:24 . 2009-08-18 20:24 18360 ----a-w- c:\windows\yzury.vbs
2009-08-18 20:24 . 2009-08-18 20:24 17961 ----a-w- c:\windows\zimonin.scr
2009-08-18 20:24 . 2009-08-18 20:24 16584 ----a-w- c:\documents and settings\chris\Application Data\jevakuc.scr
2009-08-18 20:24 . 2009-08-18 20:24 12052 ----a-w- c:\windows\obyras.scr
2009-08-18 20:24 . 2009-08-18 20:24 11120 ----a-w- c:\windows\system32\weryzi.scr
2009-08-18 17:29 . 2009-08-18 17:29 -------- d-----w- c:\documents and settings\chris\Application Data\HouseCall 6.6
2009-08-18 17:29 . 2009-08-18 17:29 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-17 20:06 . 2009-08-18 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 19:34 . 2009-08-17 19:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-13 15:17 . 2009-08-13 15:17 -------- d-sh--w- c:\documents and settings\jacinth\PrivacIE
2009-08-13 15:17 . 2009-08-13 15:17 -------- d-----w- c:\documents and settings\jacinth\Local Settings\Application Data\Google
2009-08-13 15:17 . 2009-08-13 15:17 -------- d-----w- c:\documents and settings\jacinth\Application Data\Drag'n Drop CD+DVD
2009-08-13 15:16 . 2009-08-13 15:16 -------- d-sh--w- c:\documents and settings\jacinth\IETldCache
2009-08-13 14:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 23:44 . 2004-08-04 06:15 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-18 20:24 . 2009-08-18 20:24 12989 ----a-w- c:\documents and settings\All Users\Application Data\nokamibod.vbs
2009-08-13 15:05 . 2008-10-29 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-05 09:00 . 2002-12-11 23:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2004-03-19 14:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 18:03 . 2009-07-15 18:03 -------- d-----w- c:\program files\iPod
2009-07-15 18:03 . 2008-10-29 19:01 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-15 17:52 . 2009-07-15 17:52 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 21:43 . 2004-03-19 14:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 18:23 . 2009-07-03 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-03 18:19 . 2009-07-03 18:19 -------- d-----w- c:\program files\Bonjour
2009-07-03 18:19 . 2008-12-31 19:31 -------- d-----w- c:\program files\QuickTime
2009-07-03 16:57 . 2006-06-23 12:28 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-03-19 14:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-03-19 14:44 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-03-19 14:45 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-03-19 14:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-03-19 14:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-03-19 14:45 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2005-08-30 08:26 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-10-28 19:19 . 2008-10-28 19:19 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-26 68856]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2004-01-17 135168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2004-02-02 1183744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-19 582619]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-23 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-28 110592]
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-10-29 450560]
Pilote Remocon.lnk - c:\program files\sony\usbsircs\USBsircs.exe [2004-3-19 229376]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-09 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8227462283.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 09:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3360)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-08-19 9:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 07:52

Pre-Run: 14 482 141 184 octets libres
Post-Run: 14 503 378 944 octets libres

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
264 --- E O F --- 2009-08-13 15:06
0
Réponse 60 / 99
almathus Messages postés 61 Statut Membre
 
beep.sys

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.18 Win32.Banker
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 4224 bytes
MD5 : da1f27d85e0d1525f6621372e7b685e9
SHA1 : e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66C
timedatestamp.....: 0x3B7D82E5 (Fri Aug 17 22:47:33 2001)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xAD 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xB80 0x3C8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xF80 0x9A 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 0 imports )


( 0 exports )

TrID : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: https://www.symantec.com?md5=da1f27d85e0d1525f6621372e7b685e9
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD : -
RDS : NSRL Reference Data Set

( Topics Entertainment )

Instant Home Design: beep.sys
( Symantec )

Norton SystemWorks 2005: BEEP.SYS
( Compaq )

Compaq Operating System CD: beep.sys
( NewTech Infosystems Inc. )

CD-Maker Plus Edition: beep.sys
( The Learning Company Inc. )

Reader Rabbits Toddler: beep.sys
( Dell )

Reinstallation CD Microsoft Windows XP Professional: beep.sys
( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS, beep.sys
( Sony )

Sony VAIO Recover CDs: BEEP.SYS
( Microsoft )

2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sysApplications, Platforms: beep.sysApplications, Platforms: beep.sysApplications, Platforms, Servers: beep.sysApplications, Platforms, Servers: beep.sysDisc 2438.5: beep.sysImplementing and Supporting Microsoft Windows XP Professional: beep.sysInternet Explorer: beep.sysInternet Explorer Versions: beep.sysMDSN Disc 2441.2: beep.sysMicrosoft Security Resource Kit: beep.sysMicrosoft TechNet Trial Software 2002 Volume 1: beep.sysMicrosoft Windows XP Professional: beep.sysMSDN Disc 1550: beep.sysMSDN Disc 2041: beep.sysMSDN Disc 2053: beep.sysMSDN Disc 2307: beep.sysMSDN Disc 2364: beep.sysMSDN disc 2390: beep.sysMSDN Disc 2428: beep.sysMSDN Disc 2428.1: beep.sysMSDN Disc 2428.2: beep.sysMSDN Disc 2428.4: beep.sysMSDN Disc 2428.5: beep.sysMSDN Disc 2428.8: beep.sysMSDN Disc 2438: beep.sysMSDN Disc 2438.1: beep.sysMSDN Disc 2438.2: beep.sysMSDN DISC 2438.3: beep.sysMSDN Disc 2438.7: beep.sysMSDN Disc 2438.8: beep.sysMSDN Disc 2439: beep.sysMSDN Disc 2439.1: beep.sysMSDN Disc 2439.2: beep.sysMSDN Disc 2439.3: beep.sysMSDN Disc 2439.6: beep.sysMSDN Disc 2439.7: beep.sysMSDN Disc 2439.8: beep.sysMSDN Disc 2440.3: beep.sysMSDN Disc 2440.4: beep.sysMSDN Disc 2440.5: beep.sysMSDN Disc 2441: beep.sysMSDN Disc 2441.1: beep.sysMSDN Disc 2441.5: beep.sysMSDN Disc 2441.6: beep.sysMSDN Disc 2441.7: beep.sysMSDN Disc 2442: beep.sysMSDN Disc 2442.1: beep.sysMSDN Disc 2442.2: beep.sysMSDN Disc 2442.3: beep.sysMSDN Disc 2442.4: beep.sysMSDN Disc 2442.6: beep.sysMSDN Disc 2443: beep.sysMSDN Disc 2443.1: beep.sysMSDN Disc 2443.2: beep.sysMSDN Disc 2443.4: beep.sysMSDN Disc 2444: beep.sysMSDN Disc 2444.1: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.3: beep.sysMSDN Disc 2444.4: beep.sysMSDN Disc 2444.6: beep.sysMSDN Disc 2455: beep.sysMSDN Disc 2455.1: beep.sysMSDN disc 2455.2: beep.sysMSDN Disc 2455.6: beep.sysMSDN Disc 2464: beep.sysMSDN Disc 2464.1: beep.sysMSDN Disc 2464.5: beep.sysMSDN Disc 2465: beep.sysMSDN Disc 2465.2: beep.sysMSDN disc 2465.3: beep.sysMSDN Disc 2465.4: beep.sysMSDN Disc 2465.5: beep.sysMSDN Disc 2466: beep.sysMSDN Disc 2466.1: beep.sysMSDN Disc 2466.2: beep.sysMSDN Disc 2466.4: beep.sysMSDN Disc 2476: beep.sysMSDN Disc 2476.1: beep.sysMSDN Disc 2476.2: beep.sysMSDN Disc 2476.4: beep.sysMSDN Disc 2477.2: beep.sysMSDN Disc 3264: beep.sysMSDN Disc2365: beep.sysMSDN Disc2389: beep.sysMSDN Disc2428.3: beep.sysMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sysOffice XP Professional with FrontPage: beep.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sysPlatforms: beep.sysPlatforms SDKs/DDKs: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK: beep.sysPlatforms, SDK/DDK, Developer Tools: beep.sysVirtual PC for Mac Windows XP Home Edition: beep.sysVirtual PC for Mac Windows XP Professional Edition: beep.sysWindows 2000 Versions: beep.sysWindows 98 Versions: beep.sysWindows CE .NET Evaluation Software: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP: beep.sysWindows XP eMbedded Evaluation Software: beep.sysWindows XP Home Edition: beep.sysWindows XP Home Edition: beep.sysWindows XP Professional: beep.sysWindows XP Professional: beep.sysWindows XP Professional 2002 Service Pack 1: beep.sysWindows XP Tablet PC Edition: beep.sys
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses