Total-Security - Page 2

Résolu
Précédent
  • 1
  • 2
  1. Albator
     
    Téléchargez ComboFix (sUBs) >> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Désactivez votre antivirus

    /!\ Fermez tous les applications, n'ouvrez aucun programmes, /!\
    /!\ Si ComboFix a besoin de redémarrer, laisser le aller. /!\

    ► Double-cliquer sur Combofix et [Exécuter]
    • Si vous utilisez Windows Vista, cliquer sur le bouton [Continuer],
    • À la ’’Limitation de garantie du logiciel’’ -> [Oui],
    • Installez la ’’Console de récupération’’ -> [Oui], <-- important <<<<<<<<
    • Attendre la fermeture de l’outil (plus d’une 40aines d’étapes).

    /!\ Notez qu'une fois que vous avez lancé ComboFix, /!\
    /!\ vous ne devez pas cliquer dans la fenêtre de ComboFix, /!\
    /!\ cela pourrait même endommager Windows. /!\

    Postez le rapport de ComboFix (C:\Combofix.txt).

    Réactiver l'antivirus et autre protection.
    0
    1. duju69 Messages postés 20 Statut Membre
       
      ComboFix 09-08-22.06 - HP_Administrateur 23/08/2009 22:43.3.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.317 [GMT 2:00]
      Running from: c:\documents and settings\HP_Administrateur\Bureau\duju.exe
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\5998c55.sys
      c:\windows\system32\drivers\9b7b994a.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_9b7b994a
      -------\Service_glaide32
      -------\Service_sfx
      -------\Service_5998c55


      ((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
      .

      2009-08-23 17:22 . 2009-08-23 17:20 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-08-23 17:18 . 2009-08-23 17:18 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
      2009-08-23 15:30 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2009-08-23 15:30 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
      2009-08-23 15:30 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
      2009-08-23 15:30 . 2009-08-23 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
      2009-08-22 18:26 . 2009-08-23 20:57 47744 ----a-w- c:\windows\system32\drivers\soqwx32.sys
      2009-08-22 14:16 . 2009-08-22 14:17 -------- d-----w- C:\rsit
      2009-08-22 10:30 . 2004-08-10 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
      2009-08-22 10:30 . 2004-08-10 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
      2009-08-22 07:21 . 2009-08-22 07:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
      2009-08-21 21:52 . 2009-08-21 21:52 4212 ---h--w- c:\windows\system32\zllictbl.dat
      2009-08-21 21:50 . 2009-08-22 10:27 -------- d-----w- c:\windows\Internet Logs
      2009-08-21 21:05 . 2009-08-21 21:05 -------- d-----w- c:\program files\Avira
      2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
      2009-08-21 18:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-08-21 18:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-08-21 16:54 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
      2009-08-21 16:49 . 2009-08-21 16:49 19675 ----a-w- c:\program files\Fichiers communs\fuqy.bin
      2009-08-21 16:49 . 2009-08-21 16:49 19390 ----a-w- c:\windows\rahubiwyga.bin
      2009-08-21 16:49 . 2009-08-21 16:49 19275 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\lilik.bin
      2009-08-21 16:49 . 2009-08-21 16:49 18716 ----a-w- c:\windows\acygahuk.reg
      2009-08-21 16:49 . 2009-08-21 16:49 18099 ----a-w- c:\windows\ituk.sys
      2009-08-21 16:49 . 2009-08-21 16:49 14701 ----a-w- c:\windows\system32\ynyxapy.reg
      2009-08-21 16:49 . 2009-08-21 16:49 14507 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\fyzi.sys
      2009-08-21 16:49 . 2009-08-21 16:49 11498 ----a-w- c:\windows\system32\yrylateget.sys
      2009-08-21 16:46 . 2009-08-21 16:46 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IECompatCache
      2009-08-21 16:45 . 2009-08-21 16:45 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
      2009-08-21 16:35 . 2009-08-21 16:35 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
      2009-08-21 16:30 . 2009-08-21 16:31 -------- dc-h--w- c:\windows\ie8
      2009-08-20 22:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-08-20 22:34 . 2009-08-20 22:46 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft
      2009-08-14 18:15 . 2009-08-14 18:15 19500 ----a-w- c:\windows\system32\poweno.pif
      2009-08-14 18:15 . 2009-08-14 18:15 14171 ----a-w- c:\windows\refik.dat
      2009-08-14 18:15 . 2009-08-14 18:15 13243 ----a-w- c:\documents and settings\All Users\Application Data\fyzanijady.sys
      2009-08-14 18:15 . 2009-08-14 18:15 12401 ----a-w- c:\documents and settings\All Users\Application Data\byvype.sys
      2009-08-14 18:15 . 2009-08-14 18:15 11906 ----a-w- c:\windows\system32\ypisev.reg
      2009-08-14 18:15 . 2009-08-14 18:15 10411 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\didyvec.com
      2009-08-13 20:01 . 2009-08-13 20:01 19190 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\jodaz.com
      2009-08-13 20:01 . 2009-08-13 20:01 16475 ----a-w- c:\program files\Fichiers communs\zuwudomeka.sys
      2009-08-13 20:01 . 2009-08-13 20:01 15845 ----a-w- c:\program files\Fichiers communs\hibaro.pif
      2009-08-13 20:01 . 2009-08-13 20:01 10029 ----a-w- c:\windows\xifelylafe.pif
      2009-08-12 12:04 . 2009-08-20 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-08-12 12:04 . 2009-08-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\windows\system32\XPSViewer
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\program files\MSBuild
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\program files\Reference Assemblies
      2009-08-06 20:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
      2009-08-06 20:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
      2009-08-06 20:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- C:\c4a1491910da40ae2997fc2758
      2009-07-26 11:46 . 2009-08-12 13:49 -------- d-----w- c:\program files\BDGest Evolution

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-08-23 17:48 . 2005-07-02 09:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
      2009-08-23 17:25 . 2005-10-29 00:56 -------- d-----w- c:\program files\Google
      2009-08-23 17:20 . 2005-01-01 15:36 -------- d-----w- c:\program files\Java
      2009-08-23 17:07 . 2006-01-13 16:34 19626 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
      2009-08-23 11:36 . 2006-09-01 11:12 -------- d-----w- c:\program files\Trend Micro
      2009-08-23 08:22 . 2008-09-19 17:20 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\uTorrent
      2009-08-21 22:25 . 2009-08-21 22:25 47744 ----a-w- c:\windows\system32\drivers\OLDAF.tmp
      2009-08-21 22:25 . 2009-08-21 22:25 47744 ----a-w- c:\windows\system32\drivers\OLDAD.tmp
      2009-08-21 20:42 . 2008-09-18 20:23 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2009-08-21 16:32 . 2009-08-21 16:32 47744 ----a-w- c:\windows\system32\drivers\OLD423.tmp
      2009-08-21 16:30 . 2009-08-21 16:30 47744 ----a-w- c:\windows\system32\drivers\OLD34A.tmp
      2009-08-21 16:27 . 2005-01-01 16:04 -------- d-----w- c:\program files\GemMasterFrench
      2009-08-21 16:27 . 2005-07-02 13:47 -------- d-----w- c:\program files\EPSON
      2009-08-21 16:27 . 2005-01-01 16:07 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-08-21 16:25 . 2008-09-28 10:36 -------- d-----w- c:\program files\eMule
      2009-08-21 16:14 . 2006-09-05 13:01 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2009-08-20 22:47 . 2009-04-07 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
      2009-08-16 13:13 . 2008-10-19 12:12 3532 ----a-w- C:\drmHeader.bin
      2009-08-14 18:15 . 2009-08-14 18:15 18764 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\locyhehyvi.bin
      2009-08-14 18:15 . 2009-08-14 18:15 15334 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\bynojivy.dat
      2009-08-14 18:15 . 2009-08-14 18:15 13601 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\wonuw.bin
      2009-08-12 11:50 . 2005-07-09 08:01 76368 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-08-06 20:39 . 2007-11-10 11:58 4530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
      2009-08-05 09:00 . 2004-08-10 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-08-02 12:52 . 2008-09-19 16:38 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-07-17 19:03 . 2009-07-17 19:03 58880 ----a-w- c:\windows\system32\SET5C.tmp
      2009-07-17 19:03 . 2004-08-10 18:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-17 16:45 . 2008-12-25 18:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\dvdcss
      2009-07-13 08:08 . 2004-08-10 18:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-06-16 14:40 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
      2009-06-16 14:40 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
      2009-06-15 10:44 . 2004-08-10 18:00 78848 ----a-w- c:\windows\system32\telnet.exe
      2009-06-15 10:44 . 2004-08-10 18:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
      2009-06-10 14:14 . 2004-08-10 18:00 85504 ----a-w- c:\windows\system32\avifil32.dll
      2009-06-10 07:21 . 2004-08-10 18:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
      2009-06-10 06:15 . 2004-08-10 18:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
      2009-06-03 19:10 . 2004-08-10 18:00 1297408 ----a-w- c:\windows\system32\quartz.dll
      2006-02-27 10:36 . 2006-02-27 10:36 4577316 ----a-w- c:\program files\emule.exe
      .

      ------- Sigcheck -------

      [-] 2004-08-10 18:00 25600 B751CE6043B33A2EFEABB2D6BA83EC67 c:\windows\system32\mspmsnsv.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-08-22 1234160]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

      c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^hp digital imaging monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^lancement rapide d'adobe reader.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^microsoft office.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^winzip quick pick.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
      backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=

      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/08/2009 17:30 108289]
      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/12/2008 23:06 55136]
      R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
      R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [02/07/2005 11:28 1252474]
      S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      IE: &Search - ?p=ZNxdm119YYFR
      TCP: {A25F16E7-6D41-4E2B-8084-C34374E04429} = 212.27.53.252,212.27.54.252
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-08-23 22:55
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\soqwx32]
      "ImagePath"="\??\c:\windows\system32\drivers\soqwx32.sys"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(576)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(1284)
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\eappprxy.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\windows\ehome\ehRecvr.exe
      c:\windows\ehome\ehSched.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\dllhost.exe
      .
      **************************************************************************
      .
      Completion time: 2009-08-23 23:11 - machine was rebooted
      ComboFix-quarantined-files.txt 2009-08-23 21:11

      Pre-Run: 43 128 180 736 octets libres
      Post-Run: 43 088 961 536 octets libres

      209 --- E O F --- 2009-08-22 16:54
      0
  2. Albator
     
    • Sélectionnez le contenu de la citation suivante :

    Rootkit::
    c:\windows\system32\drivers\soqwx32.sys  
    
    File::
    c:\program files\Fichiers communs\fuqy.bin 
    c:\windows\rahubiwyga.bin 
    c:\documents and settings\HP_Administrateur\Local Settings\Application Data\lilik.bin 
    c:\windows\acygahuk.reg 
    c:\windows\system32\ynyxapy.reg 
    c:\documents and settings\HP_Administrateur\Local Settings\Application Data\fyzi.sys 
    c:\windows\system32\yrylateget.sys 
    c:\windows\ituk.sys 
    c:\windows\system32\poweno.pif 
    c:\windows\refik.dat 
    c:\documents and settings\All Users\Application Data\fyzanijady.sys 
    c:\documents and settings\All Users\Application Data\byvype.sys 
    c:\windows\system32\ypisev.reg 
    c:\documents and settings\HP_Administrateur\Local Settings\Application Data\didyvec.com 
    c:\documents and settings\LocalService\Local Settings\Application Data\jodaz.com 
    c:\program files\Fichiers communs\zuwudomeka.sys 
    c:\program files\Fichiers communs\hibaro.pif 
    c:\windows\xifelylafe.pif 
    c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat 
    C:\drmHeader.bin 
    c:\documents and settings\HP_Administrateur\Application Data\locyhehyvi.bin 
    c:\documents and settings\HP_Administrateur\Application Data\bynojivy.dat 
    c:\documents and settings\HP_Administrateur\Application Data\wonuw.bin 

    • Copiez le texte sélectionné (CTRL+C).
    • Ouvrez le Bloc-notes (Menu Démarrer > Tout les programmes > Accessoires >..
    • Collez le texte copié dans ce Bloc-notes (CTRL+V).
    • Sauvegarder sur votre Bureau ce fichier sous le nom de CFScript.txt

    Désactiver votre antivirus et tout logiciels de protection.

    • Par un clic glisser/déposer le fichier <gras>CFScript.txt
    sur l’icône ComboFix sur votre Bureau.
    Telque cette image >>>>> http://img530.imageshack.us/img530/204/cfscriptdd4.gif <<<<<

    >> Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisé à vos risques et avec aucune garantie..".
    • Acceptez en cliquant sur "Oui"

    >> Une fenêtre bleue va apparaître avec le message : Type 1 to continue, or 2 to abort ,
    • Entrez 1 et validez.
    >>> Patientez le temps du scan. <<<
    Le Bureau va disparaître à plusieurs reprises : c'est normal!

    >> Après le scan, il est possible que ComboFix ait besoin de redémarrer le PC,
    • Laissez-le aller.

    >> Une fois complèté, un rapport va s'afficher.
    Postez le contenu de ce rapport (C:\ComboFix.txt ).

    Réactiver votre antivirus et autre protection.
    0
  3. Albator
     
    re,

    À la procédure du message précédent
    Vérifier pour la ligne suivante -> que le nom du fichier soit CFScript.txt

    • Par un clic glisser/déposer le fichier CFScript.txt sur l’icône ComboFix sur votre Bureau.
    0
    1. duju69 Messages postés 20 Statut Membre
       
      ComboFix 09-08-22.06 - HP_Administrateur 24/08/2009 18:57.5.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.210 [GMT 2:00]
      Running from: c:\documents and settings\HP_Administrateur\Bureau\duju.exe
      Command switches used :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      .

      ((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
      .

      2009-08-23 22:21 . 2009-08-23 22:21 -------- d-----w- c:\windows\ie8updates
      2009-08-23 21:09 . 2009-07-03 16:57 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
      2009-08-23 21:09 . 2009-07-03 16:57 206848 ------w- c:\windows\system32\dllcache\occache.dll
      2009-08-23 21:09 . 2009-07-03 16:57 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
      2009-08-23 21:09 . 2009-07-19 13:15 5937152 ------w- c:\windows\system32\dllcache\mshtml.dll
      2009-08-23 21:09 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
      2009-08-23 21:08 . 2009-07-03 16:57 915456 ------w- c:\windows\system32\dllcache\wininet.dll
      2009-08-23 21:08 . 2009-07-03 16:57 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
      2009-08-23 21:08 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
      2009-08-23 21:08 . 2009-07-03 16:57 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
      2009-08-23 21:08 . 2009-07-03 16:57 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
      2009-08-23 21:08 . 2009-07-03 11:01 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
      2009-08-23 21:08 . 2009-07-03 16:57 386048 ------w- c:\windows\system32\dllcache\iedkcs32.dll
      2009-08-23 21:08 . 2009-07-03 16:57 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
      2009-08-23 17:22 . 2009-08-23 17:20 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-08-23 17:18 . 2009-08-23 17:18 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
      2009-08-23 15:30 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2009-08-23 15:30 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
      2009-08-23 15:30 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
      2009-08-23 15:30 . 2009-08-23 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
      2009-08-22 14:16 . 2009-08-22 14:17 -------- d-----w- C:\rsit
      2009-08-22 10:30 . 2004-08-10 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
      2009-08-22 10:30 . 2004-08-10 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
      2009-08-22 07:21 . 2009-08-22 07:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
      2009-08-21 21:52 . 2009-08-21 21:52 4212 ---h--w- c:\windows\system32\zllictbl.dat
      2009-08-21 21:50 . 2009-08-22 10:27 -------- d-----w- c:\windows\Internet Logs
      2009-08-21 21:05 . 2009-08-21 21:05 -------- d-----w- c:\program files\Avira
      2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
      2009-08-21 18:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-08-21 18:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-08-21 16:54 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
      2009-08-21 16:46 . 2009-08-21 16:46 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IECompatCache
      2009-08-21 16:45 . 2009-08-21 16:45 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
      2009-08-21 16:35 . 2009-08-21 16:35 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
      2009-08-21 16:30 . 2009-08-21 16:31 -------- dc-h--w- c:\windows\ie8
      2009-08-20 22:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-08-20 22:34 . 2009-08-20 22:46 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft
      2009-08-12 12:04 . 2009-08-20 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-08-12 12:04 . 2009-08-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\windows\system32\XPSViewer
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\program files\MSBuild
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\program files\Reference Assemblies
      2009-08-06 20:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
      2009-08-06 20:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
      2009-08-06 20:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
      2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- C:\c4a1491910da40ae2997fc2758
      2009-07-26 11:46 . 2009-08-23 22:17 -------- d-----w- c:\program files\BDGest Evolution

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-08-23 17:48 . 2005-07-02 09:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
      2009-08-23 17:25 . 2005-10-29 00:56 -------- d-----w- c:\program files\Google
      2009-08-23 17:20 . 2005-01-01 15:36 -------- d-----w- c:\program files\Java
      2009-08-23 11:36 . 2006-09-01 11:12 -------- d-----w- c:\program files\Trend Micro
      2009-08-23 08:22 . 2008-09-19 17:20 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\uTorrent
      2009-08-21 22:25 . 2009-08-21 22:25 47744 ----a-w- c:\windows\system32\drivers\OLDAF.tmp
      2009-08-21 22:25 . 2009-08-21 22:25 47744 ----a-w- c:\windows\system32\drivers\OLDAD.tmp
      2009-08-21 20:42 . 2008-09-18 20:23 574976 ------w- c:\windows\system32\drivers\ntfs.sys
      2009-08-21 16:32 . 2009-08-21 16:32 47744 ----a-w- c:\windows\system32\drivers\OLD423.tmp
      2009-08-21 16:30 . 2009-08-21 16:30 47744 ----a-w- c:\windows\system32\drivers\OLD34A.tmp
      2009-08-21 16:27 . 2005-01-01 16:04 -------- d-----w- c:\program files\GemMasterFrench
      2009-08-21 16:27 . 2005-07-02 13:47 -------- d-----w- c:\program files\EPSON
      2009-08-21 16:27 . 2005-01-01 16:07 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-08-21 16:25 . 2008-09-28 10:36 -------- d-----w- c:\program files\eMule
      2009-08-21 16:14 . 2006-09-05 13:01 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2009-08-20 22:47 . 2009-04-07 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
      2009-08-12 11:50 . 2005-07-09 08:01 76368 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-08-06 20:39 . 2007-11-10 11:58 4530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
      2009-08-05 09:00 . 2004-08-10 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
      2009-08-02 12:52 . 2008-09-19 16:38 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-07-17 19:03 . 2009-07-17 19:03 58880 ----a-w- c:\windows\system32\SET5C.tmp
      2009-07-17 19:03 . 2004-08-10 18:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-17 16:45 . 2008-12-25 18:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\dvdcss
      2009-07-13 08:08 . 2004-08-10 18:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-07-03 16:57 . 2004-08-10 18:00 915456 ------w- c:\windows\system32\wininet.dll
      2009-06-16 14:40 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
      2009-06-16 14:40 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
      2009-06-15 10:44 . 2004-08-10 18:00 78848 ----a-w- c:\windows\system32\telnet.exe
      2009-06-15 10:44 . 2004-08-10 18:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
      2009-06-10 14:14 . 2004-08-10 18:00 85504 ----a-w- c:\windows\system32\avifil32.dll
      2009-06-10 07:21 . 2004-08-10 18:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
      2009-06-10 06:15 . 2004-08-10 18:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
      2009-06-03 19:10 . 2004-08-10 18:00 1297408 ----a-w- c:\windows\system32\quartz.dll
      2006-02-27 10:36 . 2006-02-27 10:36 4577316 ----a-w- c:\program files\emule.exe
      .

      ------- Sigcheck -------

      [-] 2004-08-10 18:00 25600 B751CE6043B33A2EFEABB2D6BA83EC67 c:\windows\system32\mspmsnsv.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-08-22 1234160]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-23 39408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]

      c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
      AutoTBar.exe [2003-9-30 57344]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^hp digital imaging monitor.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
      backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^lancement rapide d'adobe reader.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^microsoft office.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^winzip quick pick.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
      backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=

      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/08/2009 17:30 108289]
      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/12/2008 23:06 55136]
      R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
      R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [02/07/2005 11:28 1252474]
      S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      IE: &Search - ?p=ZNxdm119YYFR
      TCP: {A25F16E7-6D41-4E2B-8084-C34374E04429} = 212.27.53.252,212.27.54.252
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-08-24 19:07
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(584)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(1448)
      c:\windows\system32\webcheck.dll
      c:\windows\system32\eappprxy.dll
      .
      Completion time: 2009-08-24 19:12
      ComboFix-quarantined-files.txt 2009-08-24 17:12
      ComboFix2.txt 2009-08-24 16:19

      Pre-Run: 42 932 953 088 octets libres
      Post-Run: 42 914 398 208 octets libres

      180 --- E O F --- 2009-08-23 22:21
      0
  4. duju69 Messages postés 20 Statut Membre
     
    Voici le rapport combofix:

    ComboFix 09-08-22.06 - HP_Administrateur 24/08/2009 17:58.4.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.194 [GMT 2:00]
    Running from: c:\documents and settings\HP_Administrateur\Bureau\duju.exe
    Command switches used :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\documents and settings\All Users\Application Data\byvype.sys"
    "c:\documents and settings\All Users\Application Data\fyzanijady.sys"
    "c:\documents and settings\HP_Administrateur\Application Data\bynojivy.dat"
    "c:\documents and settings\HP_Administrateur\Application Data\locyhehyvi.bin"
    "c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat"
    "c:\documents and settings\HP_Administrateur\Application Data\wonuw.bin"
    "c:\documents and settings\HP_Administrateur\Local Settings\Application Data\didyvec.com"
    "c:\documents and settings\HP_Administrateur\Local Settings\Application Data\fyzi.sys"
    "c:\documents and settings\HP_Administrateur\Local Settings\Application Data\lilik.bin"
    "c:\documents and settings\LocalService\Local Settings\Application Data\jodaz.com"
    "C:\drmHeader.bin"
    "c:\program files\Fichiers communs\fuqy.bin"
    "c:\program files\Fichiers communs\hibaro.pif"
    "c:\program files\Fichiers communs\zuwudomeka.sys"
    "c:\windows\acygahuk.reg"
    "c:\windows\ituk.sys"
    "c:\windows\rahubiwyga.bin"
    "c:\windows\refik.dat"
    "c:\windows\system32\poweno.pif"
    "c:\windows\system32\ynyxapy.reg"
    "c:\windows\system32\ypisev.reg"
    "c:\windows\system32\yrylateget.sys"
    "c:\windows\xifelylafe.pif"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\byvype.sys
    c:\documents and settings\All Users\Application Data\fyzanijady.sys
    c:\documents and settings\HP_Administrateur\Application Data\bynojivy.dat
    c:\documents and settings\HP_Administrateur\Application Data\locyhehyvi.bin
    c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
    c:\documents and settings\HP_Administrateur\Application Data\wonuw.bin
    c:\documents and settings\HP_Administrateur\Local Settings\Application Data\didyvec.com
    c:\documents and settings\HP_Administrateur\Local Settings\Application Data\fyzi.sys
    c:\documents and settings\HP_Administrateur\Local Settings\Application Data\lilik.bin
    c:\documents and settings\LocalService\Local Settings\Application Data\jodaz.com
    C:\drmHeader.bin
    c:\program files\Fichiers communs\fuqy.bin
    c:\program files\Fichiers communs\hibaro.pif
    c:\program files\Fichiers communs\zuwudomeka.sys
    c:\windows\acygahuk.reg
    c:\windows\ituk.sys
    c:\windows\rahubiwyga.bin
    c:\windows\refik.dat
    c:\windows\system32\poweno.pif
    c:\windows\system32\ynyxapy.reg
    c:\windows\system32\ypisev.reg
    c:\windows\system32\yrylateget.sys
    c:\windows\xifelylafe.pif

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_soqwx32

    ((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
    .

    2009-08-23 22:21 . 2009-08-23 22:21 -------- d-----w- c:\windows\ie8updates
    2009-08-23 21:09 . 2009-07-03 16:57 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2009-08-23 21:09 . 2009-07-03 16:57 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2009-08-23 21:09 . 2009-07-03 16:57 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-08-23 21:09 . 2009-07-19 13:15 5937152 ------w- c:\windows\system32\dllcache\mshtml.dll
    2009-08-23 21:09 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-08-23 21:08 . 2009-07-03 16:57 915456 ------w- c:\windows\system32\dllcache\wininet.dll
    2009-08-23 21:08 . 2009-07-03 16:57 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
    2009-08-23 21:08 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-08-23 21:08 . 2009-07-03 16:57 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2009-08-23 21:08 . 2009-07-03 16:57 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2009-08-23 21:08 . 2009-07-03 11:01 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2009-08-23 21:08 . 2009-07-03 16:57 386048 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2009-08-23 21:08 . 2009-07-03 16:57 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2009-08-23 17:22 . 2009-08-23 17:20 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-08-23 17:18 . 2009-08-23 17:18 152576 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
    2009-08-23 15:30 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-08-23 15:30 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-08-23 15:30 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-08-23 15:30 . 2009-08-23 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-08-22 14:16 . 2009-08-22 14:17 -------- d-----w- C:\rsit
    2009-08-22 10:30 . 2004-08-10 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
    2009-08-22 10:30 . 2004-08-10 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
    2009-08-22 07:21 . 2009-08-22 07:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-08-21 21:52 . 2009-08-21 21:52 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2009-08-21 21:50 . 2009-08-22 10:27 -------- d-----w- c:\windows\Internet Logs
    2009-08-21 21:05 . 2009-08-21 21:05 -------- d-----w- c:\program files\Avira
    2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
    2009-08-21 18:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-21 18:15 . 2009-08-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-21 18:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-21 16:54 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2009-08-21 16:46 . 2009-08-21 16:46 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IECompatCache
    2009-08-21 16:45 . 2009-08-21 16:45 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
    2009-08-21 16:35 . 2009-08-21 16:35 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
    2009-08-21 16:30 . 2009-08-21 16:31 -------- dc-h--w- c:\windows\ie8
    2009-08-20 22:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-20 22:34 . 2009-08-20 22:46 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft
    2009-08-12 12:04 . 2009-08-20 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-12 12:04 . 2009-08-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\windows\system32\XPSViewer
    2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\program files\MSBuild
    2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-06 20:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2009-08-06 20:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2009-08-06 20:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2009-08-06 20:33 . 2009-08-06 20:33 -------- d-----w- C:\c4a1491910da40ae2997fc2758
    2009-07-26 11:46 . 2009-08-23 22:17 -------- d-----w- c:\program files\BDGest Evolution

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-23 17:48 . 2005-07-02 09:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2009-08-23 17:25 . 2005-10-29 00:56 -------- d-----w- c:\program files\Google
    2009-08-23 17:20 . 2005-01-01 15:36 -------- d-----w- c:\program files\Java
    2009-08-23 11:36 . 2006-09-01 11:12 -------- d-----w- c:\program files\Trend Micro
    2009-08-23 08:22 . 2008-09-19 17:20 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\uTorrent
    2009-08-21 22:25 . 2009-08-21 22:25 47744 ----a-w- c:\windows\system32\drivers\OLDAF.tmp
    2009-08-21 22:25 . 2009-08-21 22:25 47744 ----a-w- c:\windows\system32\drivers\OLDAD.tmp
    2009-08-21 20:42 . 2008-09-18 20:23 574976 ------w- c:\windows\system32\drivers\ntfs.sys
    2009-08-21 16:32 . 2009-08-21 16:32 47744 ----a-w- c:\windows\system32\drivers\OLD423.tmp
    2009-08-21 16:30 . 2009-08-21 16:30 47744 ----a-w- c:\windows\system32\drivers\OLD34A.tmp
    2009-08-21 16:27 . 2005-01-01 16:04 -------- d-----w- c:\program files\GemMasterFrench
    2009-08-21 16:27 . 2005-07-02 13:47 -------- d-----w- c:\program files\EPSON
    2009-08-21 16:27 . 2005-01-01 16:07 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-21 16:25 . 2008-09-28 10:36 -------- d-----w- c:\program files\eMule
    2009-08-21 16:14 . 2006-09-05 13:01 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2009-08-20 22:47 . 2009-04-07 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
    2009-08-12 11:50 . 2005-07-09 08:01 76368 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-06 20:39 . 2007-11-10 11:58 4530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2009-08-05 09:00 . 2004-08-10 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-02 12:52 . 2008-09-19 16:38 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-17 19:03 . 2009-07-17 19:03 58880 ----a-w- c:\windows\system32\SET5C.tmp
    2009-07-17 19:03 . 2004-08-10 18:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-17 16:45 . 2008-12-25 18:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\dvdcss
    2009-07-13 08:08 . 2004-08-10 18:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-03 16:57 . 2004-08-10 18:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-16 14:40 . 2004-08-10 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:40 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 10:44 . 2004-08-10 18:00 78848 ----a-w- c:\windows\system32\telnet.exe
    2009-06-15 10:44 . 2004-08-10 18:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-10 14:14 . 2004-08-10 18:00 85504 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 07:21 . 2004-08-10 18:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-08-10 18:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:10 . 2004-08-10 18:00 1297408 ----a-w- c:\windows\system32\quartz.dll
    2006-02-27 10:36 . 2006-02-27 10:36 4577316 ----a-w- c:\program files\emule.exe
    .

    ------- Sigcheck -------

    [-] 2004-08-10 18:00 25600 B751CE6043B33A2EFEABB2D6BA83EC67 c:\windows\system32\mspmsnsv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-08-22 1234160]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-23 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]

    c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-9-30 57344]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-9-30 57344]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-9-30 57344]

    c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-9-30 57344]

    c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
    AutoTBar.exe [2003-9-30 57344]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^hp digital imaging monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^lancement rapide d'adobe reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^microsoft office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^winzip quick pick.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/08/2009 17:30 108289]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/12/2008 23:06 55136]
    R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
    R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [02/07/2005 11:28 1252474]
    S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    IE: &Search - ?p=ZNxdm119YYFR
    TCP: {A25F16E7-6D41-4E2B-8084-C34374E04429} = 212.27.53.252,212.27.54.252
    DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-24 18:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(584)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3420)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\ehome\ehRecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-24 18:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-24 16:19

    Pre-Run: 42 967 470 080 octets libres
    Post-Run: 42 925 109 248 octets libres

    243 --- E O F --- 2009-08-23 22:21
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Albator
     
    Refaites un autre CFScript.txt qui ne contiendra que (faites un copier/coller) :
    Driver::
    soqwx32.sys


    Ensuite
    Supprimer ComboFix en copiant/collant dans Démarrer --> Exécuter.., ComboFix /u et valider.
    Vérifier pour supprimer les répertoires : C:\ComboFix - Qoobox

    Et produisez un nouveau rapport Log.txt avec Rsit
    Après ça, devrait être correct !?
    0
  7. duju69 Messages postés 20 Statut Membre
     
    dois je toujours désactiver antivir et le parefeu avant de faire cette opération?
    0
  8. Albator
     
    Avec Combofix donc CFScript.txt vous devez les désactiver..
    0
  9. Albator
     
    Ouvrez l'inviter de commande
    - dans menu démarrer --> exécuter.. entrez cmd et valider
    - copier /coller(par un clic-droit) ces lignes et valider pour chacunes :
    sc stop javaquickstarterservice (<- ingorer l'erreur et valider
    sc config javaquickstarterservice start= disabled

    Vous devriez enlever CCleaner du démarrage.
    Davantage utile de nettoyer avant de fermer le PC..
    Sinon, ne tenez pas compte de la ligne de CCleaner, dans les lignes suivantes à supprimer avec Hijackthis

    Relancer Hijackthis..
    - Cocher ces lignes et appuyer sur [Fix Checked]

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    ____________________________________________________________________

    - Vérifier régulièrement pour les màj de Java et Adobe.. ,

    - Aussi essayer ce logiciel; Sumo Lite, pour vérifier les màj des logiciels de votre PC :
    http://www.logiciel-freeware.net/wfdownloads-singlefile.cid-94-lid-527.htm
    0
  10. duju69 Messages postés 20 Statut Membre
     
    Grand merci Albator, je viens de lancer malware: plus rien.
    0
Précédent
  • 1
  • 2