Ovfsthxnjyvbpmt.dll = cheval de troie. Help !

laurent -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Si j'en crois les recherches effectuées sur votre site, je suis uinfecté par le virus Sekena ou je ne sais plus quoi .... ^^
En tout cas ce fichier pose problème...
Que dois je faire pour supprimer ce cheval de troie ?

Merci d'avance pour voqs réponses ^^
Configuration: Windows Vista Internet Explorer 7.0

7 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonjour,

    --> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    --> Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

    --> Clique sur Continue à l'écran Disclaimer.

    --> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    --> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  2. laurent
     
    J'ai bien lancé le random's system information tool..

    étape "listing event logs".. il reste vraiment peu de barre de progression à franchir, mais ça ne bouge toujours pas....
    C'est normal que ce soit aussi long ?
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Non.

    --> Désactive l'UAC le temps de la désinfection.

    /!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

    --> Télécharge ComboFix (de sUBs) sur ton Bureau.
    --> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
    --> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    0
  4. laurent
     
    c'est bon, je poste les deux rapports :

    log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by STEEVE at 2009-08-26 20:55:34
    Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
    System drive C: has 197 GB (64%) free of 305 GB
    Total RAM: 2047 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:58:22, on 26/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
    C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe
    C:\Program Files\Zango\bin\10.3.85.0\Weather.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\STEEVE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCFA71B\windows-xp-service-pack-2-sp2-_windows_xp_service_pack_2_msdn_francais_12824[1].exe
    c:\f3ec3b91d374ec7d2d9e394e\i386\update\update.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Users\STEEVE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C85D6R43\RSIT[1].exe
    C:\Program Files\trend micro\STEEVE.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
    O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Users\STEEVE\Desktop\Titan Poker\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Users\STEEVE\Desktop\Titan Poker\casino.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu peux faire la procédure avec ComboFix.
    0
  7. laurent
     
    Combofix a terminé son opération, voici le log qu'il me transmet :

    ComboFix 09-08-26.05 - STEEVE 26/08/2009 21:46.2.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2047.1136 [GMT 1:00]
    Running from: c:\users\STEEVE\reste\Documents\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ShoppingReport
    c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    c:\program files\ShoppingReport\Uninst.exe
    c:\program files\zango
    c:\program files\zango\bin\10.3.85.0\arrow.ico
    c:\program files\zango\bin\10.3.85.0\CntntCntr.dll
    c:\program files\zango\bin\10.3.85.0\copyright.txt
    c:\program files\zango\bin\10.3.85.0\CoreSrv.dll
    c:\program files\zango\bin\10.3.85.0\firefox\extensions\chrome.manifest
    c:\program files\zango\bin\10.3.85.0\firefox\extensions\components\npclntax.xpt
    c:\program files\zango\bin\10.3.85.0\firefox\extensions\install.rdf
    c:\program files\zango\bin\10.3.85.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
    c:\program files\zango\bin\10.3.85.0\HostIE.dll
    c:\program files\zango\bin\10.3.85.0\HostOE.dll
    c:\program files\zango\bin\10.3.85.0\HostOL.dll
    c:\program files\zango\bin\10.3.85.0\link.ico
    c:\program files\zango\bin\10.3.85.0\OEAddOn.exe
    c:\program files\zango\bin\10.3.85.0\Srv.exe
    c:\program files\zango\bin\10.3.85.0\Toolbar.dll
    c:\program files\zango\bin\10.3.85.0\Wallpaper.dll
    c:\program files\zango\bin\10.3.85.0\Weather.exe
    c:\program files\zango\bin\10.3.85.0\WeSkin.dll
    c:\program files\zango\bin\10.3.85.0\ZangoSA.exe
    c:\program files\zango\bin\10.3.85.0\ZangoSAAX.dll
    c:\program files\zango\bin\10.3.85.0\ZangoSADF.exe
    c:\program files\zango\bin\10.3.85.0\ZangoSAHook.dll
    c:\program files\zango\bin\10.3.85.0\ZangoUninstaller.exe
    c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Weather.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk
    c:\programdata\ZangoSA
    c:\programdata\ZangoSA\ZangoSA.dat
    c:\programdata\ZangoSA\ZangoSA_kyf.dat
    c:\programdata\ZangoSA\ZangoSAAbout.mht
    c:\programdata\ZangoSA\ZangoSAau.dat
    c:\programdata\ZangoSA\ZangoSAEULA.mht
    c:\users\STEEVE\AppData\Roaming\WeatherDPA
    c:\users\STEEVE\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
    c:\users\STEEVE\AppData\Roaming\Zango
    c:\windows\system32\drivers\ovfsthxowgshcnq.sys
    c:\windows\system32\ovfsthxbfbepege.dll
    c:\windows\system32\ovfsthxctboetel.dat
    c:\windows\system32\ovfsthxevtminxs.dat
    c:\windows\system32\ovfsthxlog.dat
    c:\windows\System32\ovfsthxmrdqimpl.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthxpniywpic

    ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
    .

    2009-08-26 20:52 . 2009-08-26 20:54 -------- d-----w- c:\users\STEEVE\AppData\Local\temp
    2009-08-26 20:52 . 2009-08-26 20:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2009-08-26 20:52 . 2009-08-26 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-26 19:55 . 2009-08-26 19:58 -------- d-----w- c:\program files\trend micro
    2009-08-26 19:55 . 2009-08-26 19:59 -------- d-----w- C:\rsit

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-26 20:53 . 2008-01-21 08:04 679192 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-26 20:53 . 2008-01-21 08:04 128212 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-21 17:22 . 2008-11-02 14:49 -------- d-----w- c:\users\STEEVE\AppData\Roaming\LimeWire
    2009-07-31 21:15 . 2008-11-26 12:18 -------- d-----w- c:\program files\Everest Poker
    2009-07-24 11:13 . 2009-07-24 11:13 1915520 ----a-w- c:\users\STEEVE\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-06-01 13:31 . 2009-06-01 13:31 604416 ----a-w- c:\windows\system32\TUProgSt.exe
    2009-06-01 13:31 . 2009-06-01 13:31 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2009-06-01 13:17 . 2009-06-01 13:17 86576 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
    2009-06-01 13:17 . 2009-06-01 13:17 392728 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
    2009-06-01 13:17 . 2009-06-01 13:17 135680 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    2009-06-01 13:17 . 2009-06-01 13:17 132672 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
    2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-01_16.00.05 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:56 . 2009-07-02 10:03 54364 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:03 . 2009-07-01 19:33 76800 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-07 17:27 . 2009-07-01 19:33 12378 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939114007-804831884-1596719110-1000_UserData.bin
    - 2008-05-07 17:27 . 2009-06-01 15:55 12378 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939114007-804831884-1596719110-1000_UserData.bin
    + 2008-05-07 19:43 . 2009-07-24 11:13 88590 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
    + 2008-05-07 17:25 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-07 17:25 . 2009-06-01 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-08-26 20:54 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-07 17:25 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-07 17:25 . 2009-06-01 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-10-21 19:28 . 2009-06-01 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-10-21 19:28 . 2009-07-07 12:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-10-21 19:28 . 2009-06-01 13:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-10-21 19:28 . 2009-07-07 12:51 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-21 19:28 . 2009-06-01 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-10-21 19:28 . 2009-07-07 12:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-06-01 13:55 . 2009-06-01 13:55 25088 c:\windows\Installer\1a95d8.msi
    + 2009-06-01 13:55 . 2009-06-01 13:55 28160 c:\windows\Installer\1a95c4.msi
    + 2009-06-01 13:55 . 2009-06-01 13:55 59904 c:\windows\Installer\1a95aa.msi
    + 2008-05-09 17:22 . 2009-06-13 15:44 290912 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 10:33 . 2009-08-26 20:53 595748 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-01 15:46 595748 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-06-01 15:46 105078 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-08-26 20:53 105078 c:\windows\System32\perfc009.dat
    + 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
    + 2008-11-02 14:48 . 2008-11-02 14:48 369152 c:\windows\Installer\d8150c.msi
    + 2008-11-02 14:47 . 2008-11-02 14:47 561664 c:\windows\Installer\d81508.msi
    + 2009-04-12 18:50 . 2009-04-12 18:50 167424 c:\windows\Installer\b2ef77.msi
    + 2009-04-12 18:49 . 2009-04-12 18:49 242176 c:\windows\Installer\b2ef73.msi
    + 2009-04-19 18:36 . 2009-04-19 18:36 228352 c:\windows\Installer\af9c4.msi
    + 2008-10-05 13:02 . 2008-10-05 13:02 167424 c:\windows\Installer\a397c6.msi
    + 2008-05-07 18:40 . 2008-05-07 18:40 100352 c:\windows\Installer\58d61.msi
    + 2008-05-07 18:32 . 2008-05-07 18:32 269312 c:\windows\Installer\58d57.msi
    + 2008-07-29 22:09 . 2008-07-29 22:09 158720 c:\windows\Installer\546e07.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 504832 c:\windows\Installer\277fd2.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 514560 c:\windows\Installer\277fcc.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 506880 c:\windows\Installer\277fc7.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 516608 c:\windows\Installer\277fc1.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 513024 c:\windows\Installer\277fbb.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 513536 c:\windows\Installer\277fb5.msi
    + 2008-05-07 20:34 . 2008-05-07 20:34 505344 c:\windows\Installer\277fb0.msi
    + 2009-06-01 13:30 . 2009-06-01 13:30 821760 c:\windows\Installer\1c3bb.msi
    + 2009-06-01 13:55 . 2009-06-01 13:55 431104 c:\windows\Installer\1a95de.msi
    + 2009-06-01 13:55 . 2009-06-01 13:55 140288 c:\windows\Installer\1a95bf.msi
    + 2009-06-01 13:55 . 2009-06-01 13:55 202752 c:\windows\Installer\1a95b4.msi
    + 2009-06-01 13:55 . 2009-06-01 13:55 152576 c:\windows\Installer\1a95af.msi
    + 2009-06-01 13:54 . 2009-06-01 13:54 107008 c:\windows\Installer\1a95a5.msi
    + 2009-06-01 13:54 . 2009-06-01 13:54 301056 c:\windows\Installer\1a95a0.msi
    + 2008-09-23 13:29 . 2008-09-23 13:29 331264 c:\windows\Installer\142d8b.msi
    + 2009-05-18 16:29 . 2009-05-18 16:29 1129472 c:\windows\Installer\e7fecc.msi
    + 2008-05-07 17:59 . 2008-05-07 17:59 3673088 c:\windows\Installer\bc86e.msi
    + 2008-05-07 20:00 . 2008-05-07 20:00 3430912 c:\windows\Installer\7e699.msi
    + 2008-05-07 18:38 . 2008-05-07 18:38 7782912 c:\windows\Installer\58d5c.msi
    + 2009-04-19 15:30 . 2009-04-19 15:30 3966976 c:\windows\Installer\4cf821.msi
    + 2009-04-19 15:28 . 2009-04-19 15:28 3293696 c:\windows\Installer\4cf4f8.msi
    + 2009-04-19 15:26 . 2009-04-19 15:26 1659392 c:\windows\Installer\4cf3ef.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 1657856 c:\windows\Installer\277fe2.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 1657344 c:\windows\Installer\277fdd.msi
    + 2008-05-07 20:35 . 2008-05-07 20:35 1666048 c:\windows\Installer\277fd7.msi
    + 2008-05-07 20:34 . 2008-05-07 20:34 2366464 c:\windows\Installer\277fab.msi
    + 2008-05-07 20:34 . 2008-05-07 20:34 1645568 c:\windows\Installer\277fa6.msi
    + 2008-05-07 20:34 . 2008-05-07 20:34 2027520 c:\windows\Installer\277fa0.msi
    + 2008-05-07 20:34 . 2008-05-07 20:34 1754112 c:\windows\Installer\277f9b.msi
    + 2008-05-07 20:34 . 2008-05-07 20:34 2418176 c:\windows\Installer\277f96.msi
    + 2009-04-27 15:34 . 2009-04-27 15:34 8348160 c:\windows\Installer\1c4c2.msp
    + 2009-03-09 19:43 . 2009-03-09 19:43 8992256 c:\windows\Installer\18c9c48.msi
    + 2009-03-09 19:43 . 2009-03-09 19:43 1549312 c:\windows\Installer\18c9c43.msi
    + 2008-05-07 20:37 . 2008-05-07 20:37 15830016 c:\windows\Installer\277fe8.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SoftwareHelper"="c:\users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableInstallerDetection"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{5B0DE3D8-767C-4940-AD81-75CDAB687ED2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{98D76340-F6AA-4340-9F97-6A1EACFAAF05}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{C8BACF73-42D1-494E-B920-59D44A97E765}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{268089B5-A644-457F-AB22-A77755BA4761}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{2B82D65A-5578-4E5C-85F4-21ED1471080B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{C9FF0A94-0F63-42F4-BCA2-2D21C93FBE47}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{4A217428-0FDF-4DB7-993A-D6D4482AD844}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{354F5A61-D589-46EE-84A0-55D8DCD1154A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{8067ADC1-A0AB-49DD-B655-DE1E94AAFA03}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{2AE92903-1A21-48AB-ADA6-E83C715B0DA6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [01/06/2009 13:52 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [01/06/2009 13:52 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [01/06/2009 13:52 51792]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [01/06/2009 14:31 604416]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/05/2008 19:01 1153368]
    S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 11:34 507136]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [26/10/2008 13:39 28224]
    S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [23/09/2008 14:27 83496]
    S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [23/09/2008 14:27 15016]
    S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [23/09/2008 14:27 109992]
    S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s916mgmt.sys [23/09/2008 14:28 103976]
    S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [23/09/2008 14:27 100008]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://lo.st/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-26 21:54
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\System32\IoctlSvc.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\windows\System32\wbem\WMIADAP.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-26 21:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-26 20:58
    ComboFix2.txt 2009-06-01 16:02

    Pre-Run: 207 083 352 064 octets libres
    Post-Run: 208 116 191 232 octets libres

    285 --- E O F --- 2008-05-07 19:48

    Dois-je faire autre chose ?
    0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Menu Démarrer > Exécuter > Tape combofix /u et valide.

    Tu souhaites garder Avast ?
    0