Sujet Précédent Sujet Suivant

Trojan coriace!

Résolu
deicidenono Messages postés 16 Statut Membre -  
 deicidenono -
Bonjour.
Aidez moi!! Mon ordi est infecté, et pas moyen de nettoyer. Avast detecte et supprime de nouveau vers a chaque demarrage.
AVG anti spy ne voi rien, spy doctor lui, supprime; mai apparemment le virus change de nom et d'emplacement au redemarrage, et a egalement tendance a faire des petits.
Il a donc plusieur nom, mai le plus souvent c'est un " W32:onlinegames-". Je poste d'ores et deja mon rapport Hijackthis.
Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:13:47, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\pfdncx.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
O4 - HKLM\..\Run: [ravqqsgmon] C:\Program Files\NetMeeting\ravqqsgmon.exe
O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: qjgpri.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Win32 Debug Service (MSDebugsvc) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Wireless Service (WZCSRVC) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
A voir également:

54 réponses

Réponse 1 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Salut,

Tu possèdes Avast!, tu n'es donc pas, pour moi et beaucoup d'autres helpers, protégé au mieux. Je te recommande d'en changer pour Avira Antivir, qui est beaucoup plus performant et réactif. Le petit défaut est qu'il est en anglais, c'est pourquoi voici quelques liens qui t'aideront à en changer sans problème:
- Tutoriel: http://forum.malekal.com/ftopic4192.php
- Comparatif de Malekal: http://forum.malekal.com/ftopic3528.php
- Comparatif de PC INpact: http://www.pcinpact.com/actu/news/31149-Antivirus-resultats-dun-test-de-performances.htm
Saches que ce petit défaut de langage n'est rien comparé aux grands apports d'Antivir.

Si tu l'installes, tu dois désinstaller Avast! !

Fais un scan avec Antivir et poste le rapport qu'il te donne.

Amicalement,
0
Réponse 2 / 54
deicidenono
 
J'ai eu beaucou de mal avec antivir, une foi installé, le pense que le lombric a fait de la resistance. Mon pc a commencé a buggé dans tou les sens.
Bref, en mode sans echec, j'ai reussi. Voilà donc le rapport.

AntiVir PersonalEdition Classic
Report file date: jeudi 30 août 2007 12:28

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Arnaud
Computer name: FUJITSU-9756B35

Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 30 août 2007 12:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
17 processes with 17 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\ervugl.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DiskMan32>=sz:ervugl.exe
[INFO] The file was moved to '474c9c37.qua'!
C:\WINDOWS\ervugl.exe
[DETECTION] Contains suspicious code HEUR/Malware
C:\WINDOWS\DbgHlp32.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DbgHlp32>=sz:DbgHlp32.exe
[INFO] The file was moved to '473d9c2a.qua'!
C:\WINDOWS\DbgHlp32.exe
[DETECTION] Contains suspicious code HEUR/Malware
C:\Program Files\NetMeeting\ravqqsgmon.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<ravqqsgmon>=sz:ravqqsgmon.exe
[INFO] The file was moved to '474c9c2c.qua'!
C:\Program Files\NetMeeting\ravqqsgmon.exe
[DETECTION] Contains suspicious code HEUR/Malware

The registry was scanned ( '20' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\ie7.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '470d9c37.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\A5IJQXJZ\101[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47079c12.qua'!
C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\VNOE8SG2\sms[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47499c58.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47079c37.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[2].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '468c51e4.qua'!
C:\Program Files\Internet Explorer\LSASS.DAT
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47179c9f.qua'!
C:\Program Files\NetMeeting\ravqqsgmon.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '474c9ce9.qua'!
C:\WINDOWS\bymrzk.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47439d28.qua'!
C:\WINDOWS\jhmjuc.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47439d18.qua'!
C:\WINDOWS\video.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473a9d1d.qua'!
C:\WINDOWS\system32\101.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47079d69.qua'!
C:\WINDOWS\system32\ayvxas.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '474c9db4.qua'!
C:\WINDOWS\system32\DbgHlp32.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473d9da1.qua'!
C:\WINDOWS\system32\DiskMan32.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47499da9.qua'!
C:\WINDOWS\system32\evbbnp.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47389db8.qua'!
C:\WINDOWS\system32\ie7.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '470d9da9.qua'!
C:\WINDOWS\system32\jzipri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\myfpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\NVDispDrv.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '471a9df8.qua'!
C:\WINDOWS\system32\pgqmnj.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47479e0d.qua'!
C:\WINDOWS\system32\qhdpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\qhfins.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473c9e1c.qua'!
C:\WINDOWS\system32\qhfpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\qjgpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\wgfpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\wlhins.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473e9e2e.qua'!
C:\WINDOWS\system32\wlhpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: jeudi 30 août 2007 12:37
Used time: 09:34 min

The scan has been done completely.

1598 Scanning directories
58996 Files were scanned
30 viruses and/or unwanted programs were found
30 classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
58936 Files not concerned
753 Archives were scanned
8 Warnings
0 Notes
0 Hidden objects were found
0
Réponse 3 / 54
deicidenono Messages postés 16 Statut Membre
 
En fait, en mode normal, le rapport est different.
Dans le doute le poste aussi :

AntiVir PersonalEdition Classic
Report file date: jeudi 30 août 2007 12:28

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Arnaud
Computer name: FUJITSU-9756B35

Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 30 août 2007 12:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
17 processes with 17 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\ervugl.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DiskMan32>=sz:ervugl.exe
[INFO] The file was moved to '474c9c37.qua'!
C:\WINDOWS\ervugl.exe
[DETECTION] Contains suspicious code HEUR/Malware
C:\WINDOWS\DbgHlp32.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DbgHlp32>=sz:DbgHlp32.exe
[INFO] The file was moved to '473d9c2a.qua'!
C:\WINDOWS\DbgHlp32.exe
[DETECTION] Contains suspicious code HEUR/Malware
C:\Program Files\NetMeeting\ravqqsgmon.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<ravqqsgmon>=sz:ravqqsgmon.exe
[INFO] The file was moved to '474c9c2c.qua'!
C:\Program Files\NetMeeting\ravqqsgmon.exe
[DETECTION] Contains suspicious code HEUR/Malware

The registry was scanned ( '20' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\ie7.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '470d9c37.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\A5IJQXJZ\101[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47079c12.qua'!
C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\VNOE8SG2\sms[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47499c58.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[1].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47079c37.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[2].exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '468c51e4.qua'!
C:\Program Files\Internet Explorer\LSASS.DAT
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47179c9f.qua'!
C:\Program Files\NetMeeting\ravqqsgmon.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '474c9ce9.qua'!
C:\WINDOWS\bymrzk.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47439d28.qua'!
C:\WINDOWS\jhmjuc.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47439d18.qua'!
C:\WINDOWS\video.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473a9d1d.qua'!
C:\WINDOWS\system32\101.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47079d69.qua'!
C:\WINDOWS\system32\ayvxas.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '474c9db4.qua'!
C:\WINDOWS\system32\DbgHlp32.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473d9da1.qua'!
C:\WINDOWS\system32\DiskMan32.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47499da9.qua'!
C:\WINDOWS\system32\evbbnp.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47389db8.qua'!
C:\WINDOWS\system32\ie7.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '470d9da9.qua'!
C:\WINDOWS\system32\jzipri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\myfpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\NVDispDrv.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '471a9df8.qua'!
C:\WINDOWS\system32\pgqmnj.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47479e0d.qua'!
C:\WINDOWS\system32\qhdpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\qhfins.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473c9e1c.qua'!
C:\WINDOWS\system32\qhfpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\qjgpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\wgfpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\wlhins.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '473e9e2e.qua'!
C:\WINDOWS\system32\wlhpri.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: jeudi 30 août 2007 12:37
Used time: 09:34 min

The scan has been done completely.

1598 Scanning directories
58996 Files were scanned
30 viruses and/or unwanted programs were found
30 classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
58936 Files not concerned
753 Archives were scanned
8 Warnings
0 Notes
0 Hidden objects were found

Merci a toi!
0
Réponse 4 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Salut,

Faudrait un peu faire attention à ce que tu fais sur Internet !
Tu es infecté par:
- Troj/PWS-ANT
- WORM_DLONLINEG.A
- Beaucoup d'autres et c'est pas joli ! Ca va être plutôt long !

Peux tu reposter un HiJackThis stp.

Je vais te préparer une procédure. Patiente jusqu'à ce soir au moins.

Bonne journée !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 54
deicidenono
 
Le truc, je t'explique. Cet ordi, portable, revien de reparation constructeur, la carte mere et le dur son logiquemen tou neuf!!!!
Le probleme existe depui son retour, mercredi en l'occurence. Donc, je sai pa a quoi tu fai allusion en parlan de ma navigation internet, mai je pense pouvoir plaider non coupable!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:35:47, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: qhdpri.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Win32 Debug Service (MSDebugsvc) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Wireless Service (WZCSRVC) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
0
Réponse 6 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Salut,

Désolé pour le retard aussi, mais j'ai eut un peu de mal. On va essayer de faire les choses dans l'ordre pour pas se planter en route.

/!\ ATTENTION /!\: si tu n'arrives pas à faire une étape, signale le moi, mais ne poursuit pas sans mon avis !

Fais ceci:
1. Services:
- Vas dans le menu Demarrer / executer / tape services.msc
- Cherche ie7.exe dans la liste / Double cliques dessus / Positionne le type de démarrage sur Désactivé
- Cherche ntsokele.exe dans la liste / Double cliques dessus / Positionne le type de démarrage sur Désactivé

2. HiJackThis
- Relance HiJackThis
- Choisis l'option "Do a system scan only"
- Coches les lignes suivantes: 
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe 

O20 - AppInit_DLLs: qhdpri.dll

O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)

O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)

- Cliques sur "Fix Checked"

3. Combofix
- Télécharge Combofix ici: http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton bureau ! Nulle part d'autre !
- Il va te poser une question, réponds par 1 et enter pour valider.
- Après le scan, un rapport sera généré, poste le ici.

4. HiJackThis
- Poste un nouveau rapport

Bon courage,
0
Réponse 7 / 54
deicidenono
 
Salut a toi O vertigO !
ET BIEN.....Je ne sui pa allé bien loin.
Je ne voi pa de IE7.exe .
0
Réponse 8 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Ok, ce n'est pas grave, je m'y attendais un peu. Continues la manipulation. Il est possible que tu ne trouve pas ntsokele.exe aussi.
0
Réponse 9 / 54
deicidenono Messages postés 16 Statut Membre
 
Alors alors... combo fix :

ComboFix 07-08-30.3 - "Arnaud" 2007-08-31 14:17:25.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1458 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Autorun.inf
C:\WINDOWS\system\7.exe
C:\WINDOWS\system\system32.vxd
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_MSDEBUGSVC
-------\LEGACY_NPF
-------\LEGACY_REMOTEDBG
-------\LEGACY_WIN32DDS
-------\LEGACY_WZCSRVC
-------\MSDebugsvc
-------\NPF
-------\WZCSRVC

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

2007-08-31 14:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 12:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-30 12:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-08-29 22:08 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-29 22:08 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-29 22:08 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-29 22:08 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-29 22:08 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\PC Tools
2007-08-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-29 21:36 64 --a------ C:\WINDOWS\system32\Deleteme.bat
2007-08-29 21:35 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\WinRAR
2007-08-29 21:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-29 21:22 <REP> d-------- C:\Program Files\Spyware Doctor
2007-08-29 20:00 <REP> d-------- C:\WINDOWS\pss
2007-08-29 17:25 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\Sony Corporation
2007-08-29 14:28 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2007-08-29 14:28 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2007-08-29 14:28 2,973,696 --a------ C:\WINDOWS\system32\ipla6.dll
2007-08-29 14:28 2,785,280 --a------ C:\WINDOWS\system32\iplm6.dll
2007-08-29 14:28 2,686,976 --a------ C:\WINDOWS\system32\iplm5.dll
2007-08-29 14:28 2,531,328 --a------ C:\WINDOWS\system32\iplp6.dll
2007-08-29 14:28 2,502,656 --a------ C:\WINDOWS\system32\iplpx.dll
2007-08-29 14:28 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-08-29 14:27 <REP> d-------- C:\Program Files\Sony
2007-08-29 14:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-08-29 14:20 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-29 14:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-29 14:19 <REP> d-------- C:\Program Files\Matrox Imaging
2007-08-29 14:07 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-29 13:48 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-28 15:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-28 15:23 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-28 15:23 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-28 15:23 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-28 15:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-28 15:22 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-28 15:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-28 15:16 <REP> d---s---- C:\DOCUME~1\Arnaud\UserData
2007-08-28 15:05 <REP> d-------- C:\VundoFix Backups
2007-08-28 14:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-28 14:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-28 13:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-28 13:22 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-08-28 13:22 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-08-28 13:22 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-28 13:22 <REP> d-------- C:\Program Files\Alwil Software
2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\tlrini.dll
2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\qhcini.dll
2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\myfini.dll
2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\gjj.exe
2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\21.exe
2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\20.exe
2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\xyhini.dll
2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\wgeini.dll
2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\jhaini.dll
2007-08-28 12:24 98 --a------ C:\WINDOWS\system32\wlgini.dll
2007-08-28 12:24 58 --a------ C:\WINDOWS\system32\qheini.dll
2007-08-28 12:23 50 --a------ C:\WINDOWS\system32\qjgini.dll
2007-08-28 12:23 150 --a------ C:\WINDOWS\system32\jziini.dll
2007-08-28 12:23 105 --a------ C:\WINDOWS\system32\wdcini.dll
2007-08-28 12:23 102 --a------ C:\WINDOWS\system32\dhdini.dll
2007-07-13 09:09 <REP> d-------- C:\WINDOWS\uninstall
2007-07-13 09:03 45,056 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2007-07-13 09:03 217,600 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2007-07-12 18:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-12 18:03 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-07-12 18:03 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-12 18:02 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-12 18:02 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-07-12 16:32 <REP> d-------- C:\WINDOWS\system32\Lang
2007-07-12 16:30 481,280 --a------ C:\WINDOWS\unfspad.exe
2007-07-12 16:30 22,912 --a------ C:\WINDOWS\system32\drivers\fspad.sys
2007-07-12 16:30 18 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-07-12 16:30 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-07-12 16:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-07-12 16:30 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-12 16:30 <REP> d-------- C:\WINDOWS\system32\localeFspadCpl
2007-07-12 16:30 <REP> d-------- C:\Program Files\CONEXANT
2007-07-12 16:30 <REP> d-------- C:\Program Files\AVC Finger-sensing Pad Driver
2007-07-12 16:28 6,144 --a------ C:\WINDOWS\system32\WinIo.sys
2007-07-12 16:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-07-12 16:28 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-12 18:02 9388 --a------ C:\WINDOWS\system32\drivers\iaStor.PNF
2007-07-12 18:02 7280 --a------ C:\WINDOWS\system32\drivers\viamraid.PNF
2007-07-12 18:02 6984 --a------ C:\WINDOWS\system32\drivers\SiSRaid.PNF
2007-07-12 18:02 63240 --a------ C:\WINDOWS\system32\drivers\Si3112r.PNF
2007-07-12 18:02 20152 --a------ C:\WINDOWS\system32\drivers\INFCACHE.1
2007-07-12 18:02 12432 --a------ C:\WINDOWS\system32\drivers\adpu320.PNF
2007-07-12 18:02 12204 --a------ C:\WINDOWS\system32\drivers\nvraid.PNF
2007-07-12 18:02 10828 --a------ C:\WINDOWS\system32\drivers\iaAHCI.PNF

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" []
"FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [2006-09-05 20:29]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 10:42]
"nwiz"="nwiz.exe" [2006-08-16 10:42 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 18:26]
"TIMHost"="C:\WINDOWS\TIMHost.exe" []
"RAVZXMON"="C:\Program Files\Internet Explorer\LSASS.EXE" []
"RAVDHMON"="C:\Program Files\Internet Explorer\RAVDHMON.exe" []
"RAV00B2"="C:\WINDOWS\system32\RAV00B2.exe" []
"RAV009B"="C:\WINDOWS\system32\RAV009B.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{12311A42-AC1B-158F-FD32-5674345F23A1}"= C:\WINDOWS\system32\dhapri.dll [ ]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [ ]
"{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
"{4F12545B-1212-1314-5679-4512ACEF8904}"= C:\WINDOWS\system32\wddpri.dll [ ]
"{74123FF1-8371-9834-9021-184518451FA7}"= C:\WINDOWS\system32\qjgpri.dll [ ]
"{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]
"{66368135-64FA-BC34-DA32-DCF4FD431C96}"= C:\WINDOWS\system32\qhfpri.dll [ ]
"{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
"{252D2432-37A2-324F-2A54-21BF5CF2F1A2}"= C:\WINDOWS\system32\jhapri.dll [ ]
"{625AB2F3-234A-7469-2F43-E341713ABFA6}"= C:\WINDOWS\system32\wgfpri.dll [ ]
"{6562452F-FA36-BA4F-892A-FF5FBBAC5316}"= C:\WINDOWS\system32\myfpri.dll [ ]
"{46368135-64FA-BC34-DA32-DCF4FD431C94}"= C:\WINDOWS\system32\qhdpri.dll [ ]
"{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\tlupri.dll [ ]
"{A13AF41A-21B1-131B-1BFC-D2A90DF4A2BA}"= C:\WINDOWS\system32\xyipri.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
Debugger=C:\WINDOWS\system\2.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys
R1 WINIO;WINIO;\??\C:\WINDOWS\system32\WinIo.sys
R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S2 ie7;Telepho;C:\WINDOWS\system32\ie7.exe
S2 Rasautol;Remote Help Session Manager;C:\WINDOWS\system32\ntsokele.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 14:20:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
nmhly = 6.tmp.exe????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 14:23:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-31 14:23

--- E O F ---

Et Hijack :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:24:31, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 10 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Es tu certain d'avoir coché tout ce que j'avais demandé dans HiJackThis ?
O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing) 

O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)


Par hasard, ton PC n'aurait il pas servi de nid de reproduction pour trojan en manque d'affection ? :lol:
0
Réponse 11 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Après les avoir fixé, refais un rapport Combofix stp.
0
Réponse 12 / 54
deicidenono Messages postés 16 Statut Membre
 
Je peu t'assuré les avoir coché la premiere foi!
Cette foi, combofix n'a pa redemarré l'ordi avan son rapport. Et entre temp, antivir m'a detecté deux autre virus. Je sui censé en faire
koi? Quarantaine? supprimé? ...
Enfin, voilà le rapport :

ComboFix 07-08-30.3 - "Arnaud" 2007-08-31 16:08:28.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1518 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

2007-08-31 14:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 12:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-30 12:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-08-29 22:08 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-29 22:08 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-29 22:08 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-29 22:08 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-29 22:08 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\PC Tools
2007-08-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-29 21:36 64 --a------ C:\WINDOWS\system32\Deleteme.bat
2007-08-29 21:35 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\WinRAR
2007-08-29 21:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-29 21:22 <REP> d-------- C:\Program Files\Spyware Doctor
2007-08-29 20:00 <REP> d-------- C:\WINDOWS\pss
2007-08-29 17:25 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\Sony Corporation
2007-08-29 14:28 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2007-08-29 14:28 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2007-08-29 14:28 2,973,696 --a------ C:\WINDOWS\system32\ipla6.dll
2007-08-29 14:28 2,785,280 --a------ C:\WINDOWS\system32\iplm6.dll
2007-08-29 14:28 2,686,976 --a------ C:\WINDOWS\system32\iplm5.dll
2007-08-29 14:28 2,531,328 --a------ C:\WINDOWS\system32\iplp6.dll
2007-08-29 14:28 2,502,656 --a------ C:\WINDOWS\system32\iplpx.dll
2007-08-29 14:28 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-08-29 14:27 <REP> d-------- C:\Program Files\Sony
2007-08-29 14:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-08-29 14:20 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-29 14:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-29 14:19 <REP> d-------- C:\Program Files\Matrox Imaging
2007-08-29 14:07 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-29 13:48 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-28 15:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-28 15:23 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-08-28 15:23 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-28 15:23 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-28 15:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-28 15:22 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-28 15:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-28 15:16 <REP> d---s---- C:\DOCUME~1\Arnaud\UserData
2007-08-28 15:05 <REP> d-------- C:\VundoFix Backups
2007-08-28 14:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-28 14:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-28 13:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-28 13:22 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-08-28 13:22 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-08-28 13:22 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-28 13:22 <REP> d-------- C:\Program Files\Alwil Software
2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\tlrini.dll
2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\qhcini.dll
2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\myfini.dll
2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\gjj.exe
2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\21.exe
2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\20.exe
2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\xyhini.dll
2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\wgeini.dll
2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\jhaini.dll
2007-08-28 12:24 98 --a------ C:\WINDOWS\system32\wlgini.dll
2007-08-28 12:24 58 --a------ C:\WINDOWS\system32\qheini.dll
2007-08-28 12:23 50 --a------ C:\WINDOWS\system32\qjgini.dll
2007-08-28 12:23 150 --a------ C:\WINDOWS\system32\jziini.dll
2007-08-28 12:23 105 --a------ C:\WINDOWS\system32\wdcini.dll
2007-08-28 12:23 102 --a------ C:\WINDOWS\system32\dhdini.dll
2007-07-13 09:09 <REP> d-------- C:\WINDOWS\uninstall
2007-07-13 09:03 45,056 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2007-07-13 09:03 217,600 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2007-07-12 18:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-07-12 18:03 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-07-12 18:03 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-07-12 18:02 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-12 18:02 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-07-12 16:32 <REP> d-------- C:\WINDOWS\system32\Lang
2007-07-12 16:30 481,280 --a------ C:\WINDOWS\unfspad.exe
2007-07-12 16:30 22,912 --a------ C:\WINDOWS\system32\drivers\fspad.sys
2007-07-12 16:30 18 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-07-12 16:30 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-07-12 16:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-07-12 16:30 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-12 16:30 <REP> d-------- C:\WINDOWS\system32\localeFspadCpl
2007-07-12 16:30 <REP> d-------- C:\Program Files\CONEXANT
2007-07-12 16:30 <REP> d-------- C:\Program Files\AVC Finger-sensing Pad Driver
2007-07-12 16:28 6,144 --a------ C:\WINDOWS\system32\WinIo.sys
2007-07-12 16:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-07-12 16:28 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-12 18:02 9388 --a------ C:\WINDOWS\system32\drivers\iaStor.PNF
2007-07-12 18:02 7280 --a------ C:\WINDOWS\system32\drivers\viamraid.PNF
2007-07-12 18:02 6984 --a------ C:\WINDOWS\system32\drivers\SiSRaid.PNF
2007-07-12 18:02 63240 --a------ C:\WINDOWS\system32\drivers\Si3112r.PNF
2007-07-12 18:02 20152 --a------ C:\WINDOWS\system32\drivers\INFCACHE.1
2007-07-12 18:02 12432 --a------ C:\WINDOWS\system32\drivers\adpu320.PNF
2007-07-12 18:02 12204 --a------ C:\WINDOWS\system32\drivers\nvraid.PNF
2007-07-12 18:02 10828 --a------ C:\WINDOWS\system32\drivers\iaAHCI.PNF

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" []
"FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [2006-09-05 20:29]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 10:42]
"nwiz"="nwiz.exe" [2006-08-16 10:42 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 18:26]
"TIMHost"="C:\WINDOWS\TIMHost.exe" []
"RAVZXMON"="C:\Program Files\Internet Explorer\LSASS.EXE" []
"RAVDHMON"="C:\Program Files\Internet Explorer\RAVDHMON.exe" []
"RAV00B2"="C:\WINDOWS\system32\RAV00B2.exe" []
"RAV009B"="C:\WINDOWS\system32\RAV009B.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{12311A42-AC1B-158F-FD32-5674345F23A1}"= C:\WINDOWS\system32\dhapri.dll [ ]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [ ]
"{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
"{4F12545B-1212-1314-5679-4512ACEF8904}"= C:\WINDOWS\system32\wddpri.dll [ ]
"{74123FF1-8371-9834-9021-184518451FA7}"= C:\WINDOWS\system32\qjgpri.dll [ ]
"{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]
"{66368135-64FA-BC34-DA32-DCF4FD431C96}"= C:\WINDOWS\system32\qhfpri.dll [ ]
"{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
"{252D2432-37A2-324F-2A54-21BF5CF2F1A2}"= C:\WINDOWS\system32\jhapri.dll [ ]
"{625AB2F3-234A-7469-2F43-E341713ABFA6}"= C:\WINDOWS\system32\wgfpri.dll [ ]
"{6562452F-FA36-BA4F-892A-FF5FBBAC5316}"= C:\WINDOWS\system32\myfpri.dll [ ]
"{46368135-64FA-BC34-DA32-DCF4FD431C94}"= C:\WINDOWS\system32\qhdpri.dll [ ]
"{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\tlupri.dll [ ]
"{A13AF41A-21B1-131B-1BFC-D2A90DF4A2BA}"= C:\WINDOWS\system32\xyipri.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
Debugger=C:\WINDOWS\system\2.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys
R1 WINIO;WINIO;\??\C:\WINDOWS\system32\WinIo.sys
R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S2 ie7;Telepho;C:\WINDOWS\system32\ie7.exe
S2 Rasautol;Remote Help Session Manager;C:\WINDOWS\system32\ntsokele.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 16:10:19
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
nmhly = 6.tmp.exe????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 16:12:30
C:\ComboFix-quarantined-files.txt ... 2007-08-31 16:12
C:\ComboFix2.txt ... 2007-08-31 14:23

--- E O F ---
0
Réponse 13 / 54
O VertigO Messages postés 862 Statut Membre 32
 
OK, on va dire... un de moins.
Lorsqu' Antivir te détecte quelque chose, mets le en quarantaine ;)

- Relance HiJackThis
- Choisis l'option "Do a system scan only"
- Coches les lignes suivantes: 
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe

- Cliques sur "Fix Checked"
- Poste ensuite un nouveau rapport.
0
Réponse 14 / 54
deicidenono Messages postés 16 Statut Membre
 
voili

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:25:12, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 15 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Salut,

Pourrais tu regarder dans tes services après ces deux ci: (démarrer / exécuter / services.msc): 
Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe
Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe


Si tu les as, désactive-les.

Ton PC va t il mieux au fait ?
0
Réponse 16 / 54
deicidenono
 
Bonjour a toi O vertigO !

Alors, g un " Remote Help Session Manager " just, et un "Telepho £^*ù°"#&² .....", mai pas precisement comme toi tu di.

Sinon oui le pc tourne bien mieu deja, au demarrage surtt. Ya pa photo! Mai antivir continu de detecter!
0
Réponse 17 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Bonsoir !

Vraiment désolé pour le retard, mais je suis extrêmement occupé ce week-end... Donc voici la suite:

- Désactive la restauration système (pour ce faire, Panneau de configuration / Système / Restauration Système)
- Désactive les services que tu as trouvé car ils sont néfastes.
- Redémarre ton ordinateur
- Vois s'il sont réapparus dans ta liste des services (Démarrer / Exécuter / services.msc). S'ils ne sont plus dans ta liste de services, coches-les à nouveau dans HiJackThis comme au poste 10. S'ils sont revenu, passe l'étape HiJackThis
- Rends toi ensuite en mode sans échec (Après le bip d'allumage de l'ordinateur mais avant le logo Windows, tapotes sur la touche F8).
- Fais une analyse avec Antivir et AVG Antispyware.
- Poste leurs rapports ici, ainsi qu'un nouveau log HiJackThis.

Content que çà soit déjà mieux !
0
Réponse 18 / 54
deicidenono
 
heu.... mai commen tu les desactive?!
0
Réponse 19 / 54
O VertigO Messages postés 862 Statut Membre 32
 
Double cliques dessus / Positionne le type de démarrage sur Désactivé
0
Réponse 20 / 54
deicidenono
 
mai en fait, j'ai pa le choix.J'ai uniquement " demarrer". Et il est en mode de demarrage automatique.
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses