Bonjour,
Hier au cours de la journée, mon poste c'est planté brutalement avec un message windows en fond d'écran bleu. STOP...... Si ce message apparait pour la première fois....
Suite à cela impossible d'ouvrir une session puisque après avoir saisie le mot de passe, le système redémarrait.
j'ai donc démarrer en
mode sans echec pour passer l'
antivirus AVIRA, l'antivirus a détecté 2 ou 3 virus, maintenant je peux donc ouvrir une session sans plantage mais un processus prend 100 % des ressources : SVCHOST.EXE, si j'arrete ce processus alors un message m'indique que mon pc va s'éteindre dans 40s,39s,38s....
j'ai passé combofix,
MalwareByte , RSIT.EXE
voici les comptes rendus
combofix :
ComboFix 10-03-27.03 - ADMIN 28/03/2010 11:50:19.1.1 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.811 [GMT 2:00]
Lancé depuis: d:\download\Programmes\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ADMIN\Application Data\avdrn.dat
c:\documents and settings\ADMIN\Application Data\Desktopicon
c:\documents and settings\ADMIN\Application Data\Desktopicon\eBay.ico
c:\documents and settings\ADMIN\Application Data\Desktopicon\uninst.exe
C:\logfile32.txt
C:\Thumbs.db
c:\windows\system32\Cache
c:\windows\system32\drivers\fad.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-28 ))))))))))))))))))))))))))))))))))))
.
2010-03-27 12:12 . 2010-03-27 12:12 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Avira
2010-03-15 16:36 . 2010-03-26 19:42 -------- d-----w- c:\documents and settings\Maman\Application Data\vlc
2010-03-14 10:00 . 2010-03-14 10:00 -------- d-----w- c:\program files\Unlocker
2010-03-13 10:34 . 2010-03-13 10:34 -------- d-----w- c:\program files\7-Zip
2010-03-13 10:03 . 2010-03-13 10:03 177024 ----a-w- c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\tssgn3bb.default\FlashGot.exe
2010-03-11 19:48 . 2010-03-11 19:48 -------- d-----w- c:\program files\SkipScreen
2010-03-08 22:05 . 2010-03-25 20:44 -------- d-----w- c:\program files\JDownloader
2010-03-08 08:42 . 2010-03-08 08:42 3153784 ----a-w- c:\documents and settings\ADMIN\Application Data\IDM\idmupdt.exe
2010-03-08 08:39 . 2010-03-08 10:17 198064 ----a-w- c:\documents and settings\ADMIN\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-08 08:39 . 2010-03-28 09:20 -------- d-----w- c:\documents and settings\ADMIN\Application Data\DMCache
2010-03-08 08:39 . 2010-03-12 19:45 -------- d-----w- c:\documents and settings\ADMIN\Application Data\IDM
2010-03-08 08:39 . 2010-03-08 08:43 -------- d-----w- c:\program files\Internet Download Manager
2010-03-08 08:17 . 2010-03-08 08:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 08:17 . 2010-03-08 08:17 152576 ----a-w- c:\documents and settings\ADMIN\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-03-06 18:22 . 2010-03-06 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-06 18:22 . 2010-03-06 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-06 18:22 . 2010-03-06 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-06 18:20 . 2010-03-06 18:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-06 18:11 . 2010-03-07 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-03-06 18:10 . 2010-03-08 08:24 -------- d-----w- c:\program files\DAP
2010-03-01 07:29 . 2010-03-01 07:29 -------- d-----w- c:\documents and settings\Maman\Application Data\MySQL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 09:33 . 2005-02-21 22:55 78174 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 09:33 . 2005-02-21 22:55 476582 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-28 09:09 . 2009-08-02 19:03 -------- d-----w- c:\program files\LogMeIn
2010-03-27 17:06 . 2010-03-27 17:06 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-03-27 11:42 . 2009-07-30 20:50 98304 ----a-w- c:\windows\DUMPf79e.tmp
2010-03-27 11:15 . 2010-03-27 11:15 8 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-27 11:10 . 2009-09-05 08:18 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Winamp
2010-03-26 22:46 . 2009-08-02 10:54 -------- d-----w- c:\documents and settings\ADMIN\Application Data\MySQL
2010-03-26 22:14 . 2010-02-20 20:21 -------- d-----w- c:\documents and settings\ADMIN\Application Data\vlc
2010-03-25 05:33 . 2009-08-29 10:55 48872 ----a-w- c:\documents and settings\Maman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 21:17 . 2009-09-05 07:51 -------- d-----w- c:\documents and settings\ADMIN\Application Data\dvdcss
2010-03-17 19:07 . 2010-02-06 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-12 19:06 . 2009-08-02 20:39 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Shareaza
2010-03-08 08:17 . 2005-02-21 23:06 -------- d-----w- c:\program files\Java
2010-03-07 07:49 . 2009-08-02 20:35 -------- d-----w- c:\program files\IDA
2010-03-01 08:05 . 2009-04-25 10:41 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-16 12:24 . 2009-04-25 10:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-15 12:42 . 2010-02-15 12:42 -------- d-----w- c:\documents and settings\Maman\Application Data\DivX
2010-02-13 14:52 . 2010-02-13 14:02 -------- d-----w- c:\documents and settings\ADMIN\Application Data\SoftPlug
2010-02-13 14:49 . 2010-02-13 14:49 -------- d-----w- c:\program files\LEA
2010-02-13 14:49 . 2010-02-13 14:49 -------- d-----w- c:\program files\WinPcap
2010-02-13 14:02 . 2010-02-13 14:02 -------- d-----w- c:\documents and settings\ADMIN\Application Data\LEA
2010-02-06 18:45 . 2009-08-02 10:40 48872 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-06 18:44 . 2010-02-06 18:44 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 09:44 . 2010-01-01 20:43 7 ----a-w- c:\windows\sbacknt.bin
2010-01-01 20:35 . 2009-12-30 19:07 152904 ----a-w- c:\windows\system32\vghd.scr
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Google Update"="c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-08 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-03-08 3179952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"CAP2ON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE" [2007-01-19 28288]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-30 22528]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
c:\documents and settings\ADMIN\Menu D'marrer\Programmes\D'marrage\
syspck32.exe [2004-8-5 29184]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Monitor Apache Servers.lnk - c:\www\Apache2\bin\ApacheMonitor.exe [2009-7-31 41041]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-09 19:16 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Menu Démarrer^Programmes^Démarrage^DesktopVideoPlayer.LNK]
path=c:\documents and settings\ADMIN\Menu Démarrer\Programmes\Démarrage\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\LEA\\SoftPlug\\V3.1\\SoftPlug.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [25/04/2009 12:53 717296]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/04/2009 12:41 135336]
S2 Apache2.2;Apache2.2;c:\www\Apache2\bin\httpd.exe [31/07/2009 00:21 24635]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856]
S2 RapidPort2;RapidPort2;c:\windows\SYSTEM32\DRIVERS\CAP2LPT.SYS [02/08/2009 19:24 23232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [29/06/2007 02:01 42512]
.
Contenu du dossier 'Tâches planifiées'
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811328902-211260532-3472561219-1007Core.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 19:17]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811328902-211260532-3472561219-1007UA.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-08 19:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm
uInternet Settings,ProxyOverride = *.local
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: {AF4C5FF0-87B0-4272-9895-897452A40174} = 212.27.40.240,212.27.40.241
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\tssgn3bb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260884&SearchSource=2&q=
FF - component: c:\documents and settings\ADMIN\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\tssgn3bb.default\extensions\{2eea3286-793f-4486-8324-65d038a28189}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\tssgn3bb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\tssgn3bb.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE
AddRemove-eBay Icon - c:\documents and settings\ADMIN\Application Data\Desktopicon\uninst.exe
AddRemove-GrabIt_is1 - c:\program files\GrabIt\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-03-28 11:56
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\www\MySQL\bin\mysqld-nt\" --defaults-file=\"c:\www\MySQL\my.ini\" MySQL"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3811328902-211260532-3472561219-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BB555D4-54EC-001E-844B-973D1AFE9358}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jagidcohiibejfbdklhi"=hex:61,61,00,00
"kagidcohohcjjmeacogemg"=hex:61,61,00,00
"fagidcohnhok"=hex:66,61,68,6b,61,6c,62,6e,6b,62,6c,6a,00,00
[HKEY_USERS\S-1-5-21-3811328902-211260532-3472561219-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9970E828-A5B7-26AE-1F28-48DD5EABC1C8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oalfckehhobkpmmbjcneaeggekejpf"=hex:64,61,61,65,64,69,69,62,00,85
"oaheknnghillhohccfidnaicmhjcfl"=hex:69,61,6d,64,6a,67,6b,6f,66,6b,68,66,6b,6e,
64,68,63,61,00,00
"naneeahhhbcnjkgknidaamldnhdi"=hex:69,61,6d,64,6a,67,6b,6f,66,6b,68,66,6b,6e,
64,68,63,61,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\LMIinit.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\sirenacm.dll
.
Heure de fin: 2010-03-28 11:58:45
ComboFix-quarantined-files.txt 2010-03-28 09:58
Avant-CF: 27 953 737 728 octets libres
Après-CF: 28 829 519 872 octets libres
- - End Of File - - DF116FD2F4C7913C22A09546A5FFA921
Afficher la suite