Sujet Précédent Sujet Suivant

Comme beaucoup virus win 32 ...

Résolu/Fermé
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009 - 18 août 2009 à 20:38
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009 - 21 août 2009 à 09:06
Bonjour,
Comme beaucoup j'ai hérité d'un virus, trojan ou je ne sais quoi rot Win 32 sur mon pc et je n'arrive pas à m'en débarrasser. J'espère que vous pourrez m'aider un petit peu.

Voiçi le rapport hijackthis vu que cela peut aider.

Merçi d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:42, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\pp11.exe
C:\Documents and Settings\chris\msword98.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\sony\usbsircs\USBsircs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Documents and Settings\chris\Mes documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKLM\..\Run: [pp] C:\windows\pp11.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\chris\msword98.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pilote Remocon.lnk = C:\Program Files\sony\usbsircs\USBsircs.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:

99 réponses

Précédent
Réponse 61 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 10:03
ntfs


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 Riskware.WinNT.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.19 SPR/Tool.Cutwail.L.7
Antiy-AVL 2.0.3.7 2009.08.18 Virus/Win32.Protector.gen
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 Win32:Cutwail-W
AVG 8.5.0.406 2009.08.18 Rootkit-Pakes.M
BitDefender 7.2 2009.08.19 Rootkit.Kobcka.Patched.Gen
CAT-QuickHeal 10.00 2009.08.18 W32.Protector.C
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 BackDoor.Bulknet.404
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 Virus.Win32.Protector.c
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 Rootkit.Kobcka.Patched.Gen
Ikarus T3.1.1.68.0 2009.08.19 VirTool.WinNT.Cutwail
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 Virus.Win32.Protector.c
McAfee 5713 2009.08.18 Cutwail.gen.e
McAfee+Artemis 5713 2009.08.18 Cutwail.gen.e
McAfee-GW-Edition 6.8.5 2009.08.19 Riskware.Tool.Cutwail.L.7
Microsoft 1.4903 2009.08.19 VirTool:WinNT/Cutwail.L
NOD32 4346 2009.08.18 a variant of Win32/Wigon.LX
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 Trj/BedeTres.AL
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 Troj/NTFSKit-B
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 619584 bytes
MD5...: 4dfb45d14330ace7fd32ee8dbcf50c97
SHA1..: 68acbc940d1a1b6c60a83a47966e5ad720726511
SHA256: 1f2f208b733ef8f78cc4260c8eb10a8fe1bdf732f4c1545ea77eeed93fb15b29
ssdeep: 12288:FtK9Nb8PCil77a7zxO4yTcIsRI9tBzEtRnW4VU:F49NI3anxSccjzEtRW4

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xe1a
timedatestamp.....: 0x4a801be2 (Mon Aug 10 13:08:50 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x280 0xc44 0xc60 5.81 76a4eddb9a7527105b73100cf196a03d
.rdata 0xee0 0x8 0x20 0.40 53bc69c7adc744494f3d55825e7d5c47
.data 0xf00 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533
INIT 0xf20 0x4c 0x60 2.31 5d563cf002ad3c2ac3b51fb9d4bf721c
.reloc 0xf80 0x964a2 0x964c0 6.66 5ff6ec9b658329da07c01fc956cde0cb

( 1 imports )
> hal.dll: KeGetCurrentIrql

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
0
Réponse 62 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 10:06
beep.sys reanalisé

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.19 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.18 Win32.Banker
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set

( Topics Entertainment )

> Instant Home Design: beep.sys

( Symantec )

> Norton SystemWorks 2005: BEEP.SYS

( Compaq )

> Compaq Operating System CD: beep.sys

( NewTech Infosystems Inc. )

> CD-Maker Plus Edition: beep.sys

( The Learning Company Inc. )

> Reader Rabbits Toddler: beep.sys

( Dell )

> Reinstallation CD Microsoft Windows XP Professional: beep.sys

( Microsoft )

> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sys
> MSDN Disc 2466.2: beep.sys
> MSDN Disc 2466.1: beep.sys
> MSDN Disc 2466.4: beep.sys
> MSDN Disc 2465: beep.sys
> MSDN Disc 2464: beep.sys
> MSDN Disc 2466: beep.sys
> Windows XP: beep.sys
> Microsoft TechNet Trial Software 2002 Volume 1: beep.sys
> MSDN Disc2389: beep.sys
> MSDN disc 2455.2: beep.sys
> Windows 98 Versions: beep.sys
> MSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sys
> MSDN Disc 2438.7: beep.sys
> MSDN Disc 2438.2: beep.sys
> MSDN Disc 2438.1: beep.sys
> MSDN Disc 3264: beep.sys
> MSDN Disc 2455: beep.sys
> MSDN Disc 2438.8: beep.sys
> MSDN Disc 2428.1: beep.sys
> MSDN Disc 2428.2: beep.sys
> MSDN Disc 2428.5: beep.sys
> MSDN Disc 2428.4: beep.sys
> MSDN Disc 2428.8: beep.sys
> Platforms, SDK/DDK: beep.sys
> Internet Explorer Versions: beep.sys
> Virtual PC for Mac Windows XP Professional Edition: beep.sys
> Platforms: beep.sys
> MSDN DISC 2438.3: beep.sys
> Platforms SDKs/DDKs: beep.sys
> MSDN Disc 2053: beep.sys
> MSDN Disc 2444: beep.sys
> MSDN Disc 2443: beep.sys
> MSDN Disc 2442: beep.sys
> MSDN Disc 2441: beep.sys
> Internet Explorer: beep.sys
> MSDN Disc2428.3: beep.sys
> MSDN Disc 1550: beep.sys
> MSDN Disc 2455.6: beep.sys
> MSDN Disc 2455.1: beep.sys
> MSDN Disc 2476.1: beep.sys
> MSDN Disc 2476.2: beep.sys
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sys
> Disc 2438.5: beep.sys
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys
> MSDN Disc 2041: beep.sys
> MSDN Disc 2439.3: beep.sys
> MSDN Disc 2439.2: beep.sys
> MSDN Disc 2439.1: beep.sys
> MSDN Disc 2439.7: beep.sys
> MSDN Disc 2439.6: beep.sys
> MSDN Disc 2438: beep.sys
> MSDN Disc 2439: beep.sys
> MSDN Disc 2465.4: beep.sys
> MSDN Disc 2465.5: beep.sys
> MSDN Disc 2465.2: beep.sys
> Windows XP Professional: beep.sys
> MSDN Disc 2364: beep.sys
> Office XP Professional with FrontPage: beep.sys
> Microsoft Windows XP Professional: beep.sys
> Windows XP Professional 2002 Service Pack 1: beep.sys
> MSDN Disc 2443.1: beep.sys
> MSDN Disc 2443.2: beep.sys
> MSDN Disc 2443.4: beep.sys
> MSDN disc 2465.3: beep.sys
> MSDN Disc 2441.1: beep.sys
> MSDN Disc 2441.6: beep.sys
> MSDN Disc 2441.7: beep.sys
> MSDN Disc 2441.5: beep.sys
> MSDN Disc 2428: beep.sys
> MSDN Disc 2477.2: beep.sys
> Windows XP Home Edition: beep.sys
> Windows CE .NET Evaluation Software: beep.sys
> MSDN Disc 2307: beep.sys
> Implementing and Supporting Microsoft Windows XP Professional: beep.sys
> MSDN Disc 2464.1: beep.sys
> MSDN Disc 2464.5: beep.sys
> MSDN Disc 2439.8: beep.sys
> MSDN Disc 2440.5: beep.sys
> MSDN Disc 2440.4: beep.sys
> MSDN Disc 2440.3: beep.sys
> MSDN Disc2365: beep.sys
> MDSN Disc 2441.2: beep.sys
> Platforms, SDK/DDK, Developer Tools: beep.sys
> MSDN disc 2390: beep.sys
> MSDN Disc 2476.4: beep.sys
> Microsoft Security Resource Kit: beep.sys
> Windows 2000 Versions: beep.sys
> MSDN Disc 2444.3: beep.sys
> MSDN Disc 2444.1: beep.sys
> MSDN Disc 2444.6: beep.sys
> MSDN Disc 2444.4: beep.sys
> Virtual PC for Mac Windows XP Home Edition: beep.sys
> Windows XP eMbedded Evaluation Software: beep.sys
> MSDN Disc 2476: beep.sys
> MSDN Disc 2442.4: beep.sys
> MSDN Disc 2442.6: beep.sys
> MSDN Disc 2442.1: beep.sys
> Applications, Platforms, Servers: beep.sys
> MSDN Disc 2442.3: beep.sys
> MSDN Disc 2442.2: beep.sys
> Windows XP Tablet PC Edition: beep.sys
> Applications, Platforms: beep.sys

( Sony )

> Sony VAIO Recover CDs: BEEP.SYS

( Gateway )

> Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS,beep.sys
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:09
C'est bon pour le fichier beep.sys.
On va s'occuper de ntfs.sys.

A+
0
Réponse 63 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:08
Vérifie si le fichier suivant est corrompu ou pas en allant sur le site de virustotal :
Même manip que précédemment.

C:\WINDOWS\ServicePackFiles\I386\ntfs.sys

A+
0
Réponse 64 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 10:09
Pour le dossier beep.sys que l'on ne trouve pas vu que j'ai pas de cd xp, j'ai cru lire un truc ou il fallait copier le beep.sys du dossier dllchache pour le mettre à la place de celui du driver.

Tu en pense quoi ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:13
Non,

le fichier en cache était ici également corrompu.
ComboFix a remplacé le fichier corrompu avec un fichier de la restauration système.

Ne fais pas de manips sans m'en avertir, stp.
On a fait un premier pas mais ce n'est pas encore gagné.

A+
0
Réponse 66 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 10:16
oui oui je te demande toujours avant de toucher a quoi que ce soit
0
Réponse 67 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:19
fais les consignes du message 64 pour le fichier ntfs.sys
https://forums.commentcamarche.net/forum/affich-13946940-comme-beaucoup-virus-win-32?page=4#64

A+
0
Réponse 68 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 10:29
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.19 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.19 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 574976 bytes
MD5...: 78a08dd6a8d65e697c18e1db01c5cdca
SHA1..: c40f3c1fcbd8a61ad5f36e16971feb64407bbc66
SHA256: e0e6f3ed05068e32f1d5c2d2b38cdef4536b8656db6756c66cf6b40b60c8f3da
ssdeep: 12288:CosOm5JqnuiIT8j4l7yT68kdUDzAGOjICueFWI0m9:eJ+uiIQ4kTTkdUDE
PflFWI0

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85384
timedatestamp.....: 0x48025be5 (Sun Apr 13 19:15:49 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x17879 0x17880 6.57 7a0cc809877394dcb00f251125cde1d0
.rdata 0x17b80 0x7078 0x7080 6.30 95baacb27e75d4140da94f3e43c659d6
.data 0x1ec00 0x1b10 0x1b80 0.74 9cb37a38036e823a0152bb209239dffd
PAGE 0x20780 0x64b6b 0x64b80 6.51 7de1f4c3a0a474314fe86e158e01cd73
INIT 0x85300 0x36fe 0x3700 6.07 ded61bc7fa643b884fdf69cc4d48c308
.rsrc 0x88a00 0x3e0 0x400 3.34 7153f5b12fab0213e839e612df3320ab
.reloc 0x88e00 0x37a0 0x3800 6.73 5db2361b4571130ef61ec5a1deac3e22

( 3 imports )
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
0
Réponse 69 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:30
Ok, Super.

1/ Fais les manips du message :
https://forums.commentcamarche.net/forum/affich-13946940-comme-beaucoup-virus-win-32?page=2#37

2/ Tape succesivement les commandes suivantes dans l'invite de commandes MSDos ( démarrer --> exécuter --> tape cmd )

del c:\WINDOWS\system32\dllcache\beep.sys
copy C:\WINDOWS\system32\drivers\beep.sys c:\WINDOWS\system32\dllcache\
del c:\WINDOWS\system32\dllcache\ntfs.sys
copy C:\WINDOWS\ServicePackFiles\I386\ntfs.sys C:\WINDOWS\system32\dllcache\

Fais moi signe lorsque c'est OK.
0
Réponse 70 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 10:41
c'est fait
0
Réponse 71 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:44
Je termine un script.
retour dans 10 mn.

A+
0
Réponse 72 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 10:50
1/ Ouvre le bloc-notes ( Démarrer --> tous les programmes --> accessoires --> Bloc-notes ) et sélectionne le texte en citation.
Copie/colle ce texte dans le bloc-notes.

killall::

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Regedit32"=-
"PC Antispyware 2010"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

File::
C:\WINDOWS\system32\erofuv.dll
C:\WINDOWS\oquto.vbs
C:\Documents and Settings\All Users\Application Data\ytyzuru.com
C:\Program Files\PC_Antispyware2010
C:\WINDOWS\system32\CF30081.exe
C:\WINDOWS\system32\CF21515.exe
C:\Bug.txt
C:\Documents and Settings\chris\Application Data\nykaq.bat
C:\WINDOWS\yzury.vbs
C:\Documents and Settings\All Users\Application Data\nokamibod.vbs
C:\WINDOWS\system32\CF485.exe
C:\WINDOWS\system32\yvecyqifa.vbs
c:\windows\alegys.bin
c:\program files\Fichiers communs\ijetip.pif
c:\windows\system32\afiguky.sys
c:\windows\system32\urupajejab.scr
c:\windows\hohyg.scr
c:\documents and settings\LocalService\Application Data\icyryp.bat
c:\documents and settings\LocalService\Application Data\sisyhicik.dll
c:\documents and settings\All Users\Application Data\ketyfok.sys
c:\documents and settings\chris\more.com
c:\windows\ex23567.dat
c:\windows\uhuxy.scr
c:\windows\system32\ytew.reg
c:\windows\zimonin.scr
c:\documents and settings\chris\Application Data\jevakuc.scr
c:\windows\obyras.scr
c:\windows\system32\weryzi.scr

# Menu Fichier --> enregistrer --> une boite de dialogue va s'ouvrir
# Il y a deux lignes en bas de la fenetre :
--> la première pour le nom : tape CFScript
--> la deuxième pour le type : vérifie que l'onglet est .txt

il te reste alors à choisir l'emplacement où tu vas l'enregistrer.
Clique sur le flêche en haut jusqu'à arriver au bureau.

2) Glisse/dépose le script sur ComBoFix comme indiqué sur ce lien
http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif

Suis les invites.

# Ton bureau va disparaître à plusieurs reprises. Normal.
# L'ordinateur va redémarrer et un rapport sera crée.
# Poste le contenu dans ton prochain message.

Note : Si tu ne le trouves pas, il est en C:\Combofix.txt

A+
0
Réponse 73 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 11:01
c'est en cours
0
Réponse 74 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 11:20
ComboFix 09-08-18.01 - chris 19/08/2009 11:01.4.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.262 [GMT 2:00]
Running from: c:\documents and settings\chris\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\chris\Bureau\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\Bug.txt"
"c:\documents and settings\All Users\Application Data\ketyfok.sys"
"c:\documents and settings\All Users\Application Data\nokamibod.vbs"
"c:\documents and settings\All Users\Application Data\ytyzuru.com"
"c:\documents and settings\chris\Application Data\jevakuc.scr"
"c:\documents and settings\chris\Application Data\nykaq.bat"
"c:\documents and settings\chris\more.com"
"c:\documents and settings\LocalService\Application Data\icyryp.bat"
"c:\documents and settings\LocalService\Application Data\sisyhicik.dll"
"c:\program files\Fichiers communs\ijetip.pif"
"c:\program files\PC_Antispyware2010"
"c:\windows\alegys.bin"
"c:\windows\ex23567.dat"
"c:\windows\hohyg.scr"
"c:\windows\obyras.scr"
"c:\windows\oquto.vbs"
"c:\windows\system32\afiguky.sys"
"c:\windows\system32\CF21515.exe"
"c:\windows\system32\CF30081.exe"
"c:\windows\system32\CF485.exe"
"c:\windows\system32\erofuv.dll"
"c:\windows\system32\urupajejab.scr"
"c:\windows\system32\weryzi.scr"
"c:\windows\system32\ytew.reg"
"c:\windows\system32\yvecyqifa.vbs"
"c:\windows\uhuxy.scr"
"c:\windows\yzury.vbs"
"c:\windows\zimonin.scr"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ketyfok.sys
c:\documents and settings\All Users\Application Data\nokamibod.vbs
c:\documents and settings\All Users\Application Data\ytyzuru.com
c:\documents and settings\chris\Application Data\jevakuc.scr
c:\documents and settings\chris\Application Data\nykaq.bat
c:\documents and settings\chris\more.com
c:\documents and settings\LocalService\Application Data\icyryp.bat
c:\documents and settings\LocalService\Application Data\sisyhicik.dll
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Fichiers communs\ijetip.pif
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101465653.xe
c:\windows\alegys.bin
c:\windows\ex23567.dat
c:\windows\Fonts\ZWAdobeF.TTF
c:\windows\hohyg.scr
c:\windows\obyras.scr
c:\windows\oquto.vbs
c:\windows\system32\afiguky.sys
c:\windows\system32\erofuv.dll
c:\windows\system32\urupajejab.scr
c:\windows\system32\weryzi.scr
c:\windows\system32\ytew.reg
c:\windows\system32\yvecyqifa.vbs
c:\windows\uhuxy.scr
c:\windows\yzury.vbs
c:\windows\zimonin.scr

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-19 08:41 . 2003-04-24 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-19 05:34 . 2003-04-24 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-18 23:52 . 2009-08-18 23:52 -------- d-----w- c:\documents and settings\chris\Application Data\Malwarebytes
2009-08-18 23:52 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 23:52 . 2009-08-19 05:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 23:52 . 2009-08-18 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 23:52 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 22:53 . 2008-04-14 02:34 33792 ----a-w- c:\documents and settings\chris\mmcperf.exe
2009-08-18 21:52 . 2009-08-18 21:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-18 21:49 . 2009-08-18 21:50 -------- d-----w- C:\rsit
2009-08-18 17:29 . 2009-08-18 17:29 -------- d-----w- c:\documents and settings\chris\Application Data\HouseCall 6.6
2009-08-18 17:29 . 2009-08-18 17:29 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-17 20:06 . 2009-08-18 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 19:46 . 2009-08-17 19:46 19552 ----a-w- c:\documents and settings\chris\Local Settings\Application Data\emujahe.exe
2009-08-17 19:46 . 2009-08-17 19:46 18137 ----a-w- c:\documents and settings\chris\Application Data\okanovupeq.pif
2009-08-17 19:46 . 2009-08-17 19:46 16222 ----a-w- c:\documents and settings\chris\Local Settings\Application Data\gysah.bin
2009-08-17 19:46 . 2009-08-17 19:46 15403 ----a-w- c:\documents and settings\chris\Local Settings\Application Data\onaxa.dat
2009-08-17 19:46 . 2009-08-17 19:46 13524 ----a-w- c:\documents and settings\chris\Local Settings\Application Data\ipevybiqot.dat
2009-08-17 19:46 . 2009-08-17 19:46 12855 ----a-w- c:\program files\Fichiers communs\axatifajuc.scr
2009-08-17 19:46 . 2009-08-17 19:46 11946 ----a-w- c:\windows\ekinoh.bin
2009-08-17 19:46 . 2009-08-17 19:46 11767 ----a-w- c:\program files\Fichiers communs\oranijoqu.pif
2009-08-17 19:46 . 2009-08-17 19:46 11229 ----a-w- c:\windows\system32\izepevyq.sys
2009-08-17 19:46 . 2009-08-17 19:46 11145 ----a-w- c:\windows\naboriwaba.reg
2009-08-17 19:46 . 2009-08-17 19:46 11081 ----a-w- c:\program files\Fichiers communs\pyzyry.sys
2009-08-17 19:46 . 2009-08-17 19:46 10352 ----a-w- c:\documents and settings\chris\Application Data\utify.sys
2009-08-17 19:34 . 2009-08-17 19:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-13 15:17 . 2009-08-13 15:17 -------- d-sh--w- c:\documents and settings\jacinth\PrivacIE
2009-08-13 15:17 . 2009-08-13 15:17 -------- d-----w- c:\documents and settings\jacinth\Local Settings\Application Data\Google
2009-08-13 15:17 . 2009-08-13 15:17 -------- d-----w- c:\documents and settings\jacinth\Application Data\Drag'n Drop CD+DVD
2009-08-13 15:16 . 2009-08-13 15:16 -------- d-sh--w- c:\documents and settings\jacinth\IETldCache
2009-08-13 14:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 19:46 . 2009-08-17 19:46 17115 ----a-w- c:\program files\Fichiers communs\nypapuz.db
2009-08-13 15:05 . 2008-10-29 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-05 09:00 . 2002-12-11 23:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2004-03-19 14:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 18:03 . 2009-07-15 18:03 -------- d-----w- c:\program files\iPod
2009-07-15 18:03 . 2008-10-29 19:01 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-15 17:52 . 2009-07-15 17:52 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 21:43 . 2004-03-19 14:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 18:23 . 2009-07-03 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-03 18:19 . 2009-07-03 18:19 -------- d-----w- c:\program files\Bonjour
2009-07-03 18:19 . 2008-12-31 19:31 -------- d-----w- c:\program files\QuickTime
2009-07-03 16:57 . 2006-06-23 12:28 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-03-19 14:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-03-19 14:44 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-03-19 14:45 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-03-19 14:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-03-19 14:50 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-03-19 14:45 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2005-08-30 08:26 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-10-28 19:19 . 2008-10-28 19:19 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_07.48.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 06:15 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys
+ 2004-08-04 06:15 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-26 68856]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"VAIO Update 2"="c:\program files\sony\vaio update 2\VAIOUpdt.exe" [2004-01-17 135168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2004-02-02 1183744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-23 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-28 110592]
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-10-29 450560]
Pilote Remocon.lnk - c:\program files\sony\usbsircs\USBsircs.exe [2004-3-19 229376]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-09 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8227462283.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 11:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(572)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-08-19 11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 09:14
ComboFix2.txt 2009-08-19 07:52

Pre-Run: 14 508 904 448 octets libres
Post-Run: 14 473 953 280 octets libres

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
267 --- E O F --- 2009-08-13 15:06
0
Réponse 75 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 11:24
OK,

On avance.

Relance RSIT et poste moi le rapport.

A+
0
Réponse 76 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 11:25
Logfile of random's system information tool 1.06 (written by random/random)
Run by chris at 2009-08-19 11:25:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (48%) free of 29 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:47, on 19/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\sony\usbsircs\USBsircs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\chris\Bureau\RSIT.exe
C:\Documents and Settings\chris\Mes documents\chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pilote Remocon.lnk = C:\Program Files\sony\usbsircs\USBsircs.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 77 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 11:31
Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
# Double-clique sur OTMoveIt.exe pour le lancer.
# Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.


:Processes
explorer.exe

:files
c:\documents and settings\chris\Local Settings\Application Data\emujahe.exe
c:\documents and settings\chris\Application Data\okanovupeq.pif
c:\documents and settings\chris\Local Settings\Application Data\gysah.bin
c:\documents and settings\chris\Local Settings\Application Data\onaxa.dat
c:\documents and settings\chris\Local Settings\Application Data\ipevybiqot.dat
c:\program files\Fichiers communs\axatifajuc.scr
c:\windows\ekinoh.bin
c:\program files\Fichiers communs\oranijoqu.pif
c:\windows\system32\izepevyq.sys
c:\windows\naboriwaba.reg
c:\program files\Fichiers communs\pyzyry.sys
c:\documents and settings\chris\Application Data\utify.sys
c:\program files\Fichiers communs\nypapuz.db
C:\Documents and Settings\chris\Menu Démarrer\Programmes\Démarrage\ikowin32.exe

:Commands
[start explorer]

# clique sur MoveIt! pour lancer la suppression.
# Le résultat apparaitra dans le cadre "Results".
# Copie/colle le résultat dans ton prochain message.

Note : le rapport ( un fichier .log ) est également situé dans C:\_OTMoveIt\MovedFiles.

A+
0
Réponse 78 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 11:34
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\documents and settings\chris\Local Settings\Application Data\emujahe.exe moved successfully.
c:\documents and settings\chris\Application Data\okanovupeq.pif moved successfully.
c:\documents and settings\chris\Local Settings\Application Data\gysah.bin moved successfully.
c:\documents and settings\chris\Local Settings\Application Data\onaxa.dat moved successfully.
c:\documents and settings\chris\Local Settings\Application Data\ipevybiqot.dat moved successfully.
c:\program files\Fichiers communs\axatifajuc.scr moved successfully.
c:\windows\ekinoh.bin moved successfully.
c:\program files\Fichiers communs\oranijoqu.pif moved successfully.
c:\windows\system32\izepevyq.sys moved successfully.
c:\windows\naboriwaba.reg moved successfully.
c:\program files\Fichiers communs\pyzyry.sys moved successfully.
c:\documents and settings\chris\Application Data\utify.sys moved successfully.
c:\program files\Fichiers communs\nypapuz.db moved successfully.
File/Folder C:\Documents and Settings\chris\Menu Démarrer\Programmes\Démarrage\ikowin32.exe not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.6 log created on 08192009_113422
0
Réponse 79 / 99
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 août 2009 à 11:37
cela semble pas mal du tout.

1/ Relance malwarebytes et fais un scan complet.

# Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
# Clique sur lancer l’examen.

# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

2/ Tu vas sur le site de Kaspersky:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

# Clique sur Demarrer Online-scanner ( en bas de page à droite ) pour commencer l'analyse.
# Il te sera demandé d'installer un logiciel de Kaspersky, accepte.
# A la fin de cette analyse, clique sur enregistrer le rapport.
Poste le contenu de ce rapport dans ton prochain message.

tuto à lire pour vérifier les réglages des activeX :
https://forum.pcastuces.com/default.asp

A+
0
Réponse 80 / 99
almathus Messages postés 61 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 24 novembre 2009
19 août 2009 à 11:40
Heu je n'ai plus rien qui apparait sur le bureau !!

Je fais quoi ? redemarre ?
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses