Sujet Précédent Sujet Suivant

Aide pour netoyer mon PC SVP!!

midou -  
mordez Messages postés 1 Statut Membre -
Bonjour a tous
j'ai un gros soucis avec mon PC
Microsoft Security essentails me trouve le rootkit rustock
c'est mon ordi de travail et je ne peux plus bosser merci de me filer un coup de main ca serrait hyper sympa

voici mon log hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:57, on 26/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\1K\1KSQL75.EXE
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 1kupdate.lnk = C:\1K\1KUPDATE.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (lmimaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
A voir également:

17 réponses

Réponse 1 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Salut,

Télécharge GenProc

Lance le, puis poste le rapport qui s'ouvrira
0
Réponse 2 / 17
midou
 
Rapport GenProc 2.640 [1] - 26/10/2009 à 11:09:22
@ Windows XP Service Pack 3 - Mode normal
@ Google Chrome (3.0.195.27) [Navigateur par défaut]

~~ CM DISK ERROR ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:35, on 26/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\1K\1KSQL75.EXE
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\alex_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 1kupdate.lnk = C:\1K\1KUPDATE.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (lmimaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
0
Réponse 3 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Fais ceci :

-+-+-+-> ZHPDiag <-+-+-+-

[x] Télécharge ZHPDiag ( de Nicolas coolman ).

[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau

[x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

[x] Rend toi sur www.cjoint.com

[x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] "

[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

[x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message
0
Réponse 4 / 17
midou
 
voici le lien

https://www.cjoint.com/?kAlGoT4Zk1
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-+-> ComboFix <-+-+-+-

[x] Télécharge ComboFix ( de sUBs ) à cette adresse.

[x] /!\ Fermez toutes les fenêtres de programme ouvertes /!\

[x] /!\ Désactivez toutes les protections résidentes ( Antivirus, Pare-Feu, AntiSpyware ) /!\

[x] Double clique sur " Combofix.exe "

[x] Suis les indications qui sont données à l'écran, à un moment tu auras un message te demandant d'installer la console de récupération, fais le

[x] Combofix va maintenant déconnecter ton PC d'internet

[x] Pendant le scan, ne touche à rien ( souris, clavier )

[x] A la fin du scan, le rapport s'ouvrira automatiquement, copie/colle le dans ton prochain message.

[o] Nb : Si jamais il ne s'ouvrait pas, il se trouve sous C:\Combofix.txt
0
Réponse 6 / 17
midou
 
désolé maios le site de combofix en marche pas
0
Réponse 7 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Chez moi il marche, c'est surement le virus qui t'en bloque l'accès.

Télécharge le à partir de ce lien :
http://sd-1.archive-host.com/membres/up/17959594961240255/CCM.exe
0
Réponse 8 / 17
midou
 
vraiment merci pour ton temps

ComboFix 08-12-17.01 - alex 2009-10-26 12:03:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.944 [GMT 1:00]
Lancé depuis: c:\documents and settings\alex\Mes documents\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-26 au 2009-10-26 ))))))))))))))))))))))))))))))))))))
.

2009-10-26 11:19 . 2009-10-26 11:23 <REP> d-------- c:\program files\ZHPDiag
2009-10-26 11:09 . 2009-10-26 11:09 <REP> d-------- C:\GenProc
2009-10-26 09:41 . 2009-10-26 09:41 53 --a------ c:\windows\system32\Partizan.RRI
2009-10-26 09:39 . 2008-04-13 11:51 101,120 --a------ c:\windows\system32\drivers\bthpan.sys
2009-10-26 09:39 . 2008-04-13 11:51 101,120 --a--c--- c:\windows\system32\dllcache\bthpan.sys
2009-10-26 09:38 . 2008-04-13 19:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-10-26 09:38 . 2008-04-13 19:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-10-26 09:38 . 2008-04-13 11:46 59,136 --a------ c:\windows\system32\drivers\rfcomm.sys
2009-10-26 09:38 . 2008-04-13 11:46 59,136 --a--c--- c:\windows\system32\dllcache\rfcomm.sys
2009-10-26 09:38 . 2008-04-13 19:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-10-26 09:38 . 2008-04-13 19:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-10-26 09:38 . 2008-04-13 11:46 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys
2009-10-26 09:38 . 2008-04-13 11:46 17,024 --a--c--- c:\windows\system32\dllcache\bthenum.sys
2009-10-26 09:38 . 2008-04-13 19:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-10-26 09:38 . 2008-04-13 19:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-10-23 11:23 . 2009-10-23 11:23 <REP> d-------- c:\windows\RestoreSafeDeleted
2009-10-23 11:08 . 2009-10-26 09:38 29,584 --a------ c:\windows\system32\drivers\regguard.sys
2009-10-23 11:08 . 2009-10-23 11:10 (2) -rahs-ot- c:\windows\winstart.bat
2009-10-23 11:07 . 2009-10-23 11:07 34,760 --a------ c:\windows\system32\drivers\Partizan.sys
2009-10-23 11:07 . 2009-10-23 11:28 32,480 --a------ c:\windows\system32\Partizan.exe
2009-10-23 11:06 . 2008-12-22 16:04 20,192 --a------ c:\windows\WinBait.org
2009-10-23 11:06 . 2008-12-22 16:04 20,192 --a------ c:\windows\WinBait.exe
2009-10-23 11:05 . 2009-10-23 11:09 <REP> d-------- c:\program files\Greatis
2009-10-23 09:38 . 2009-10-23 09:38 <REP> d-------- c:\program files\Sophos
2009-10-23 09:21 . 2009-10-23 09:21 63 --a------ c:\windows\wininit.ini
2009-10-21 23:13 . 2009-10-21 23:13 664 --a------ c:\windows\system32\d3d9caps.dat
2009-10-21 02:00 . 2009-10-21 02:00 <REP> d--hs---- c:\documents and settings\Default User\IETldCache
2009-10-20 20:07 . 2009-08-06 18:23 274,288 --a------ c:\windows\system32\mucltui.dll
2009-10-20 20:07 . 2009-08-06 18:23 215,920 --a------ c:\windows\system32\muweb.dll
2009-10-20 20:07 . 2009-08-06 18:23 18,288 --a------ c:\windows\system32\mucltui.dll.mui
2009-10-20 11:25 . 2009-10-26 12:06 47,744 --a------ c:\windows\system32\drivers\soqwx32.sys
2009-10-20 11:23 . 2009-10-01 10:29 195,440 --------- c:\windows\system32\MpSigStub.exe
2009-10-20 11:21 . 2009-10-20 11:22 <REP> d-------- c:\program files\Microsoft Security Essentials
2009-10-16 02:04 . 2009-10-16 02:04 <REP> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-10-16 02:03 . 2009-10-16 02:03 127 --a------ c:\windows\system32\MRT.INI
2009-10-12 17:05 . 2009-10-12 17:12 <REP> d-------- c:\program files\Spyware Doctor
2009-10-12 17:05 . 2009-10-12 17:06 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-10-12 17:05 . 2009-10-26 10:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-10-12 17:05 . 2009-10-12 17:05 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-12 17:05 . 2009-10-12 17:05 <REP> d-------- c:\documents and settings\alex\Application Data\PC Tools
2009-10-12 17:05 . 2008-12-11 07:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-10-12 17:05 . 2009-04-03 10:18 130,936 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-10-12 17:05 . 2008-12-18 11:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-12 17:05 . 2008-12-10 10:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-10-08 09:02 . 2009-10-08 09:02 <REP> d-------- c:\program files\Trend Micro
2009-10-08 08:56 . 2009-10-08 08:56 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 08:56 . 2009-10-08 08:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-08 08:56 . 2009-10-08 08:56 <REP> d-------- c:\documents and settings\alex\Application Data\Malwarebytes
2009-10-08 08:56 . 2009-09-10 13:54 38,224 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 08:56 . 2009-09-10 13:53 19,160 --a------ c:\windows\system32\drivers\mbam.sys
2009-10-06 09:50 . 2009-10-06 09:50 552 --a------ c:\windows\system32\d3d8caps.dat
2009-10-02 08:58 . 2009-10-23 09:45 32 --a------ c:\windows\[u]0/u
2009-10-02 08:58 . 2009-10-02 08:58 0 --a------ c:\windows\system32\[u]0/u
2009-10-02 08:57 . 2008-04-13 10:46 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS
2009-10-02 08:57 . 2008-04-13 10:46 18,944 --a--c--- c:\windows\system32\dllcache\bthusb.sys
2009-10-01 16:24 . 2009-10-01 16:24 <REP> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 11:05 --------- d-----w c:\documents and settings\alex\Application Data\Skype
2009-10-26 10:52 --------- d-----w c:\documents and settings\alex\Application Data\FileZilla
2009-10-26 08:46 --------- d-----w c:\documents and settings\alex\Application Data\skypePM
2009-10-26 08:36 --------- d-----w c:\program files\LogMeIn
2009-10-23 10:33 --------- d-----w c:\program files\TomTom HOME 2
2009-10-23 10:27 --------- d-----w c:\program files\trademanager
2009-10-23 08:50 --------- d-----w c:\documents and settings\alex\Application Data\FMZilla
2009-10-23 08:09 --------- d-----w c:\program files\McAfee
2009-10-22 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 13:43 --------- d-----w c:\program files\FileZilla FTP Client
2009-10-02 07:43 87,352 ----a-w c:\windows\system32\LMIinit.dll
2009-10-02 07:43 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 07:43 28,984 ----a-w c:\windows\system32\LMIport.dll
2009-09-25 08:31 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-09-25 08:25 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-09-16 08:22 79,816 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 08:22 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 08:22 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-09-16 08:22 34,248 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-09-16 08:22 214,664 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 136,192 ----a-w c:\windows\system32\msv1_0.dll
2009-09-11 12:55 --------- d-----w c:\documents and settings\alex\Application Data\uTorrent
2009-09-07 16:22 25,248 ----a-w c:\windows\system32\lmimirr.dll
2009-09-07 16:22 11,552 ----a-w c:\windows\system32\lmimirr2.dll
2009-09-04 21:04 58,880 ----a-w c:\windows\system32\msasn1.dll
2009-09-03 08:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-03 08:33 --------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-03 08:33 --------- d-----w c:\documents and settings\alex\Application Data\Apple Computer
2009-09-03 08:32 --------- d-----w c:\program files\QuickTime
2009-08-29 07:56 916,480 ----a-w c:\windows\system32\wininet.dll
2009-08-27 10:02 --------- d-----w c:\documents and settings\alex\Application Data\AdobeUM
2009-08-27 09:18 --------- d-----w c:\documents and settings\All Users\Application Data\10701874
2009-08-26 08:01 247,326 ----a-w c:\windows\system32\strmdll.dll
2009-08-17 21:33 1,193,832 ----a-w c:\windows\system32\FM20.DLL
2009-08-06 17:24 96,480 ----a-w c:\windows\system32\cdm.dll
2009-08-06 17:24 53,472 ----a-w c:\windows\system32\wuauclt.exe
2009-08-06 17:24 44,768 ----a-w c:\windows\system32\wups2.dll
2009-08-06 17:24 35,552 ----a-w c:\windows\system32\wups.dll
2009-08-06 17:24 327,896 ----a-w c:\windows\system32\wucltui.dll
2009-08-06 17:24 209,632 ----a-w c:\windows\system32\wuweb.dll
2009-08-06 17:23 575,704 ----a-w c:\windows\system32\wuapi.dll
2009-08-06 17:23 1,929,952 ----a-w c:\windows\system32\wuaueng.dll
2009-08-05 12:13 262,144 ----a-w C:\ntuser.dat
2009-08-05 09:00 205,312 ----a-w c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-05-11 13:01 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-05-26 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Regrun2"="c:\progra~1\Greatis\REGRUN~1\WatchDog.exe" [2008-12-22 383712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-11 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-11 86016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"RegRun WinBait"="c:\windows\winbait.exe" [2008-12-22 20192]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"nwiz"="nwiz.exe" [2009-05-11 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 c:\windows\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2009-05-11 c:\windows\Alcmtr.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
1kupdate.lnk - c:\1k\1KUPDATE.EXE [2009-05-11 337912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 08:43 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msmpsvc]
@="Service"

[HKLM\~\startupfolder\c:^documents and settings^alex^menu démarrer^programmes^démarrage^ikowin32.exe]
path=c:\documents and settings\alex\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKLM\~\startupfolder\c:^documents and settings^alex^menu démarrer^programmes^démarrage^onenote 2007 screen clipper and launcher.lnk]
path=c:\documents and settings\alex\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^adobe reader speed launch.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^windows search.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobecs4servicemanager]
--a------ 2008-08-14 06:58 611712 c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-05-11 13:55 133104 c:\documents and settings\alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\intellipoint]
--a------ 2009-05-28 16:43 1468296 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2009-05-28 16:55 1501064 c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-05-26 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
-rahs---- 2009-03-05 15:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-05-19 16:52 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2009-06-22 09:33 287536 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluetoothauthenticationagent]
--a------ 2008-04-14 13:00 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2009-05-11 13:23 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 bthidbus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
R0 partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-10-23 34760]
R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-12 130936]
R2 lmiinfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2009-05-12 47640]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-12 348752]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe" [2008-12-19 199000]
R3 regguard;RegGuard;\??\c:\windows\system32\Drivers\regguard.sys [2009-10-23 29584]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys []
S1 bc4f2e6b;bc4f2e6b;c:\windows\system32\drivers\bc4f2e6b.sys []
S3 ivtbtbus;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 memsweep2;MEMSWEEP2;\??\c:\windows\system32\3D.tmp []
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2009-05-11 18004]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0412ac9a-5f06-11de-870a-001e8ce0d2d3}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c8360a0-5981-11de-8708-001e8ce0d2d3}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{486ee378-9d49-11de-872a-001e8ce0d2d3}]
\shell\autorun\command - LogMeInIgnition\LMIIgnition.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb2c6cff-7767-11de-871b-001e8ce0d2d3}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

*Newly Created Service* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1935655697-682003330-1003Core.job
- c:\documents and settings\alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 13:55]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1935655697-682003330-1003UA.job
- c:\documents and settings\alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 13:55]

2009-10-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 11:22]

2009-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 11:22]

2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]

2009-10-26 c:\windows\Tasks\User_Feed_Synchronization-{438A5409-2154-46AC-BA1F-68C7FEF3C359}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-aliim - c:\program files\trademanager\aliim.exe
MSConfigStartUp-bttray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
MSConfigStartUp-GroupManager - c:\program files\Norton Internet Security 2009\groupmanager.exe
MSConfigStartUp-ituneshelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-promoreg - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-search protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe

.
------- Examen supplémentaire -------
.
mDefault_Page_URL = hxxp://fr.yahoo.com
mDefault_Search_URL = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
mSearch Page = hxxp://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
FF - ProfilePath - c:\documents and settings\alex\Application Data\Mozilla\Firefox\Profiles\8bz2rv59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\alex\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 12:05:13
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\memsweep2]
"ImagePath"="\??\c:\windows\system32\3D.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soqwx32]
"ImagePath"="\??\c:\windows\system32\drivers\soqwx32.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(924)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\webcheck.dll
.
Heure de fin: 2009-10-26 12:08:13
ComboFix-quarantined-files.txt 2009-10-26 11:08:05

Avant-CF: 46 069 424 128 octets libres
Après-CF: 46,211,846,144 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

305 --- E O F --- 2009-10-22 01:20:30
0
Réponse 9 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> CFScript <-+-+-+-

[x] Crée un nouveau fichier texte ( .txt )

[x] Copie/Colle ceci dedans :


File::
c:\windows\system32\drivers\soqwx32.sys
c:\windows\system32\Partizan.exe
c:\windows\system32\drivers\Partizan.sys
c:\windows\system32\drivers\regguard.sys
c:\windows\system32\Partizan.RRI
c:\windows\winstart.bat

Driver::
partizan
regguard

Rootkit::
soqwx32



[x] Puis enregistre le en CFScript.txt sur ton bureau

[x] Fais glisser le fichier CFScript.txt sur l'icone de ComboFix.

[x] Combofix effectuera la tache demandée dans le script, puis ouvrira un rapport.

[x] Copie/Colle son contenu dans ton prochain message

Nb : Le rapport est sauvegardé sous C:\Combofix.txt
0
Réponse 10 / 17
midou
 
ComboFix 08-12-17.01 - alex 2009-10-26 12:46:09.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.825 [GMT 1:00]
Lancé depuis: c:\documents and settings\alex\Mes documents\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\alex\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

.
- Mode FONCTIONNALITES REDUITES -

FILE ::
c:\windows\system32\drivers\Partizan.sys
c:\windows\system32\drivers\regguard.sys
c:\windows\system32\drivers\soqwx32.sys
c:\windows\system32\Partizan.exe
c:\windows\system32\Partizan.RRI
c:\windows\winstart.bat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Partizan.sys
c:\windows\system32\drivers\regguard.sys
c:\windows\system32\drivers\soqwx32.sys
c:\windows\system32\Partizan.exe
c:\windows\system32\Partizan.RRI
c:\windows\winstart.bat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-26 au 2009-10-26 ))))))))))))))))))))))))))))))))))))
.

2009-10-26 11:19 . 2009-10-26 11:23 <REP> d-------- c:\program files\ZHPDiag
2009-10-26 11:09 . 2009-10-26 11:09 <REP> d-------- C:\GenProc
2009-10-26 09:39 . 2008-04-13 11:51 101,120 --a------ c:\windows\system32\drivers\bthpan.sys
2009-10-26 09:39 . 2008-04-13 11:51 101,120 --a--c--- c:\windows\system32\dllcache\bthpan.sys
2009-10-26 09:38 . 2008-04-13 19:34 153,088 --a------ c:\windows\system32\irftp.exe
2009-10-26 09:38 . 2008-04-13 19:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-10-26 09:38 . 2008-04-13 11:46 59,136 --a------ c:\windows\system32\drivers\rfcomm.sys
2009-10-26 09:38 . 2008-04-13 11:46 59,136 --a--c--- c:\windows\system32\dllcache\rfcomm.sys
2009-10-26 09:38 . 2008-04-13 19:33 29,184 --a------ c:\windows\system32\irmon.dll
2009-10-26 09:38 . 2008-04-13 19:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-10-26 09:38 . 2008-04-13 11:46 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys
2009-10-26 09:38 . 2008-04-13 11:46 17,024 --a--c--- c:\windows\system32\dllcache\bthenum.sys
2009-10-26 09:38 . 2008-04-13 19:33 8,192 --a------ c:\windows\system32\wshirda.dll
2009-10-26 09:38 . 2008-04-13 19:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-10-23 11:23 . 2009-10-23 11:23 <REP> d-------- c:\windows\RestoreSafeDeleted
2009-10-23 11:06 . 2008-12-22 16:04 20,192 --a------ c:\windows\WinBait.org
2009-10-23 11:06 . 2008-12-22 16:04 20,192 --a------ c:\windows\WinBait.exe
2009-10-23 11:05 . 2009-10-23 11:09 <REP> d-------- c:\program files\Greatis
2009-10-23 09:38 . 2009-10-23 09:38 <REP> d-------- c:\program files\Sophos
2009-10-23 09:21 . 2009-10-23 09:21 63 --a------ c:\windows\wininit.ini
2009-10-21 23:13 . 2009-10-21 23:13 664 --a------ c:\windows\system32\d3d9caps.dat
2009-10-21 02:00 . 2009-10-21 02:00 <REP> d--hs---- c:\documents and settings\Default User\IETldCache
2009-10-20 20:07 . 2009-08-06 18:23 274,288 --a------ c:\windows\system32\mucltui.dll
2009-10-20 20:07 . 2009-08-06 18:23 215,920 --a------ c:\windows\system32\muweb.dll
2009-10-20 20:07 . 2009-08-06 18:23 18,288 --a------ c:\windows\system32\mucltui.dll.mui
2009-10-20 11:23 . 2009-10-01 10:29 195,440 --------- c:\windows\system32\MpSigStub.exe
2009-10-20 11:21 . 2009-10-20 11:22 <REP> d-------- c:\program files\Microsoft Security Essentials
2009-10-16 02:04 . 2009-10-16 02:04 <REP> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-10-16 02:03 . 2009-10-16 02:03 127 --a------ c:\windows\system32\MRT.INI
2009-10-12 17:05 . 2009-10-12 17:12 <REP> d-------- c:\program files\Spyware Doctor
2009-10-12 17:05 . 2009-10-12 17:06 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-10-12 17:05 . 2009-10-26 12:54 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-10-12 17:05 . 2009-10-12 17:05 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-12 17:05 . 2009-10-12 17:05 <REP> d-------- c:\documents and settings\alex\Application Data\PC Tools
2009-10-12 17:05 . 2008-12-11 07:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-10-12 17:05 . 2009-04-03 10:18 130,936 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-10-12 17:05 . 2008-12-18 11:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-12 17:05 . 2008-12-10 10:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-10-08 09:02 . 2009-10-08 09:02 <REP> d-------- c:\program files\Trend Micro
2009-10-08 08:56 . 2009-10-08 08:56 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 08:56 . 2009-10-08 08:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-08 08:56 . 2009-10-08 08:56 <REP> d-------- c:\documents and settings\alex\Application Data\Malwarebytes
2009-10-08 08:56 . 2009-09-10 13:54 38,224 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 08:56 . 2009-09-10 13:53 19,160 --a------ c:\windows\system32\drivers\mbam.sys
2009-10-06 09:50 . 2009-10-06 09:50 552 --a------ c:\windows\system32\d3d8caps.dat
2009-10-02 08:58 . 2009-10-23 09:45 32 --a------ c:\windows\[u]0/u
2009-10-02 08:58 . 2009-10-02 08:58 0 --a------ c:\windows\system32\[u]0/u
2009-10-02 08:57 . 2008-04-13 10:46 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS
2009-10-02 08:57 . 2008-04-13 10:46 18,944 --a--c--- c:\windows\system32\dllcache\bthusb.sys
2009-10-01 16:24 . 2009-10-01 16:24 <REP> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 11:56 --------- d-----w c:\documents and settings\alex\Application Data\Skype
2009-10-26 11:48 --------- d-----w c:\documents and settings\alex\Application Data\FileZilla
2009-10-26 08:46 --------- d-----w c:\documents and settings\alex\Application Data\skypePM
2009-10-26 08:36 --------- d-----w c:\program files\LogMeIn
2009-10-23 10:33 --------- d-----w c:\program files\TomTom HOME 2
2009-10-23 10:27 --------- d-----w c:\program files\trademanager
2009-10-23 08:50 --------- d-----w c:\documents and settings\alex\Application Data\FMZilla
2009-10-23 08:09 --------- d-----w c:\program files\McAfee
2009-10-22 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 13:43 --------- d-----w c:\program files\FileZilla FTP Client
2009-10-02 07:43 87,352 ----a-w c:\windows\system32\LMIinit.dll
2009-10-02 07:43 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 07:43 28,984 ----a-w c:\windows\system32\LMIport.dll
2009-09-25 08:31 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-09-25 08:25 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-09-16 08:22 79,816 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 08:22 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 08:22 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-09-16 08:22 34,248 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-09-16 08:22 214,664 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 136,192 ----a-w c:\windows\system32\msv1_0.dll
2009-09-11 12:55 --------- d-----w c:\documents and settings\alex\Application Data\uTorrent
2009-09-07 16:22 25,248 ----a-w c:\windows\system32\lmimirr.dll
2009-09-07 16:22 11,552 ----a-w c:\windows\system32\lmimirr2.dll
2009-09-04 21:04 58,880 ----a-w c:\windows\system32\msasn1.dll
2009-09-03 08:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-03 08:33 --------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-03 08:33 --------- d-----w c:\documents and settings\alex\Application Data\Apple Computer
2009-09-03 08:32 --------- d-----w c:\program files\QuickTime
2009-08-29 07:56 916,480 ----a-w c:\windows\system32\wininet.dll
2009-08-27 10:02 --------- d-----w c:\documents and settings\alex\Application Data\AdobeUM
2009-08-27 09:18 --------- d-----w c:\documents and settings\All Users\Application Data\10701874
2009-08-26 08:01 247,326 ----a-w c:\windows\system32\strmdll.dll
2009-08-17 21:33 1,193,832 ----a-w c:\windows\system32\FM20.DLL
2009-08-06 17:24 96,480 ----a-w c:\windows\system32\cdm.dll
2009-08-06 17:24 53,472 ----a-w c:\windows\system32\wuauclt.exe
2009-08-06 17:24 44,768 ----a-w c:\windows\system32\wups2.dll
2009-08-06 17:24 35,552 ----a-w c:\windows\system32\wups.dll
2009-08-06 17:24 327,896 ----a-w c:\windows\system32\wucltui.dll
2009-08-06 17:24 209,632 ----a-w c:\windows\system32\wuweb.dll
2009-08-06 17:23 575,704 ----a-w c:\windows\system32\wuapi.dll
2009-08-06 17:23 1,929,952 ----a-w c:\windows\system32\wuaueng.dll
2009-08-05 12:13 262,144 ----a-w C:\ntuser.dat
2009-08-05 09:00 205,312 ----a-w c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-05-11 13:01 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2009-10-26_12.06.23,23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-26 11:55:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8d4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-05-26 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Regrun2"="c:\progra~1\Greatis\REGRUN~1\WatchDog.exe" [2008-12-22 383712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-11 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-11 86016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"RegRun WinBait"="c:\windows\winbait.exe" [2008-12-22 20192]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"nwiz"="nwiz.exe" [2009-05-11 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 c:\windows\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2009-05-11 c:\windows\Alcmtr.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
1kupdate.lnk - c:\1k\1KUPDATE.EXE [2009-05-11 337912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 08:43 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msmpsvc]
@="Service"

[HKLM\~\startupfolder\c:^documents and settings^alex^menu démarrer^programmes^démarrage^ikowin32.exe]
path=c:\documents and settings\alex\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKLM\~\startupfolder\c:^documents and settings^alex^menu démarrer^programmes^démarrage^onenote 2007 screen clipper and launcher.lnk]
path=c:\documents and settings\alex\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^adobe reader speed launch.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^application data^microsoft^shortcuts^windows search.lnk]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobecs4servicemanager]
--a------ 2008-08-14 06:58 611712 c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-05-11 13:55 133104 c:\documents and settings\alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\intellipoint]
--a------ 2009-05-28 16:43 1468296 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2009-05-28 16:55 1501064 c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-05-26 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer]
-rahs---- 2009-03-05 15:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-05-19 16:52 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2009-06-22 09:33 287536 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluetoothauthenticationagent]
--a------ 2008-04-14 13:00 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2009-05-11 13:23 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 bthidbus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-12 130936]
R2 lmiinfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2009-05-12 47640]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-12 348752]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe" [2008-12-19 199000]
R3 regguard;RegGuard;\??\c:\windows\system32\Drivers\regguard.sys []
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys []
S0 partizan;Partizan;c:\windows\system32\drivers\Partizan.sys []
S1 bc4f2e6b;bc4f2e6b;c:\windows\system32\drivers\bc4f2e6b.sys []
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys []
S3 ivtbtbus;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 memsweep2;MEMSWEEP2;\??\c:\windows\system32\3D.tmp []
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2009-05-11 18004]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0412ac9a-5f06-11de-870a-001e8ce0d2d3}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c8360a0-5981-11de-8708-001e8ce0d2d3}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{486ee378-9d49-11de-872a-001e8ce0d2d3}]
\shell\autorun\command - LogMeInIgnition\LMIIgnition.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb2c6cff-7767-11de-871b-001e8ce0d2d3}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1935655697-682003330-1003Core.job
- c:\documents and settings\alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 13:55]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1935655697-682003330-1003UA.job
- c:\documents and settings\alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 13:55]

2009-10-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 11:22]

2009-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 11:22]

2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]

2009-10-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]

2009-10-26 c:\windows\Tasks\User_Feed_Synchronization-{438A5409-2154-46AC-BA1F-68C7FEF3C359}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
FF - ProfilePath - c:\documents and settings\alex\Application Data\Mozilla\Firefox\Profiles\8bz2rv59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\alex\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 12:53:14
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\memsweep2]
"ImagePath"="\??\c:\windows\system32\3D.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\LMIinit.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4404)
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe
c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-10-26 13:00:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-26 12:00:33
ComboFix2.txt 2009-10-26 11:08:30

Avant-CF: 46 103 121 920 octets libres
Après-CF: 46,563,319,808 octets libres

323 --- E O F --- 2009-10-22 01:20:30
0
Réponse 11 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Bien, fais maintenant ceci :

-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-

[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Lance un scan complet !

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message
0
Réponse 12 / 17
midou
 
voici le resultat du scan
par contre micrtosoft security essential continue de m'alerter comme quoi je suis infecter par le rootkit

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3034
Windows 5.1.2600 Service Pack 3

26/10/2009 16:17:54
mbam-log-2009-10-26 (16-17-48).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 171311
Temps écoulé: 2 hour(s), 7 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\10701874 (Rogue.Multiple) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\10701874\10701874 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\10701874\pc10701874ins (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\alex\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
0
Réponse 13 / 17
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Fais un nouveau ZHPDiag
0
Réponse 14 / 17
febva31
 
vas dans le menu démarer et dans executer tu tapes "msconfig" ensuite dans service et tu fait "masquer les services microsfots" ensuite désactive tout sauf les programe que tu sais ce que sais . redémare ton pc et si tu a toujours le problème bas je sais pa
0
Réponse 15 / 17
midou
 
merci a tous pour votre précieuse aide
0
Réponse 16 / 17
anish21 Messages postés 225 Statut Membre 37
 
alors sa marche?
0
Réponse 17 / 17
mordez Messages postés 1 Statut Membre
 
oui ca marche enfin (enfin je ca a l'air de marcher )
0