Sujet Précédent Sujet Suivant

Cheval de troie

Résolu
dede4240 Messages postés 243 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour a tous je retente ma chance car j'ai postéun message il y a quelque jour qui semble t il est passé a la trappe..
j'ai un cheval de troie sur mon ordi qui est en train de se repandre partout en gros l'ordi est ralenti et des pub intempestive apparaissent sans cesse je viens de changer d'antivirus suite a une recommandation sur un forum j'ai donc installé antivir ( avant j'avasi avast) je vous poste le rapport aprezs analyse d'antivir... j'espereque qqn pourra m'aider car je viens d'aller rue montgallet et on me demande 60 euro pour reformatter l'ordi d'apres eux c est la seule chose a faire contre un cheval de trois... merci de votre aide

AntiVir PersonalEdition Classic
Report file date: 2007-11-03 13:15

Scanning for 1036370 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BEGNY-GA1A4CHG2

Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007-11-03 13:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477c6725.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479f6776.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4791678c.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a66e4f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e63.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47986e62.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479d6e50.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e4e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475e6e21.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f6e62.qua'!
C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
[0] Archive type: ZIP
--> __c001EC51.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47636e63.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was moved to '475c6e48.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '475c6e89.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0a.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e57.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f11.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f12.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46c12e4b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f14.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f13.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4c.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4d.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f15.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f18.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f1b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '475c6f1e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '475c6f23.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f77.qua'!
C:\WINDOWS\mrofinu1000106.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46005930.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f79.qua'!
C:\WINDOWS\mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f78.qua'!
C:\WINDOWS\system32\lejygeds.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479671b9.qua'!
C:\WINDOWS\system32\nkiupqwt.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479571ca.qua'!
C:\WINDOWS\system32\spudscv.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was moved to '47a171d9.qua'!
C:\WINDOWS\system32\__c009ADE2.dat
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\b3\rarndrll2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] The file was moved to '479e72ab.qua'!
C:\WINDOWS\system32\u4\wr31drs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f7308.qua'!

End of the scan: 2007-11-03 14:07
Used time: 52:21 min

The scan has been done completely.

6463 Scanning directories
397755 Files were scanned
22 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397733 Files not concerned
6422 Archives were scanned
2 Warnings
50 Notes

42 réponses

Réponse 1 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

On va te faire ça pour 0 €.
As-tu le rapport Combofix, vu qu'il a déjà été utilisé ? Il me faut aussi un rapport Hijackthis.

Quel genre de pubs subis-tu ?

FillPCA
0
Réponse 2 / 42
Kevindu36 Messages postés 649 Statut Membre 6
 
bonjour

Fait un scan avec Bitdefender Online
https://www.bitdefender.com/toolbox/
Désactive ton antivirus pendant le scan
Puis poste le rapport génerré

++
0
Réponse 3 / 42
Yoan Messages postés 11905 Statut Modérateur 2 332
 
Ici a été posté un log hijackthis concernant le problème de dede4240.
0
Réponse 4 / 42
dede4240 Messages postés 243 Statut Membre 26
 
ca c'est le rapport combofix... le log hijackthis date de deux jours je crois (peut etre trois) j'ai pas ma l bidouillé d'apres ce que j'ai lu su rles forum depuis .. donc les info ne sont peut etre plus valable ... j'en reposte un de suite ... merci a tous ...
ComboFix 07-11-01.1 - BEGNY 2007-11-03 14:47:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1373 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\BEGNY\Favoris\Online Security Guide.lnk
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\bccdd.bak2
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\bccdd.tmp
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\giysaxlm.dllbox
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\u4

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.

2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-03 10:50 87,616 --a------ C:\WINDOWS\system32\xsphsxvb.dll
2007-11-03 10:50 81,472 --a------ C:\WINDOWS\system32\xvfjpwqx.dll
2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-03 01:07 35,328 --a------ C:\WINDOWS\system32\rqrollm.dll
2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
2007-11-02 19:03 82,496 --a------ C:\WINDOWS\system32\ehotopxw.dll
2007-11-02 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-11-02 09:46 <REP> d-------- C:\Temp\mZOr
2007-11-02 09:46 32,256 --a------ C:\WINDOWS\system32\yayyyax.dll
2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
2007-11-01 11:52 28,672 --a------ C:\Documents and Settings\BEGNY\iexplorer.exe
2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-11-01 10:35 32,256 --a------ C:\WINDOWS\system32\urqqppp.dll
2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-31 17:21 569,344 --a------ C:\WINDOWS\system32\spudsc.exe
2007-10-31 17:21 153,600 --a------ C:\WINDOWS\system32\svchost1.exe
2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-31 17:18 32,256 --a------ C:\WINDOWS\system32\ssqqonn.dll
2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-10-31 17:17 <REP> d-------- C:\Temp
2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
2007-10-04 12:40 <REP> d-------- C:\Downloads
2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 13:21 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
2007-10-31 16:21 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-10-31 16:16 278,541 --sha-w C:\WINDOWS\Fonts\svchost.exe
2007-10-24 13:12 --------- d-----w C:\Program Files\Java
2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-09-23 19:41 --------- d-----w C:\Program Files\Google
2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
2007-09-20 16:25 --------- d-----w C:\Program Files\key
2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67A0AFC4-E872-4DB3-8770-FA65BD4F61D6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC619BCA-2BF3-4D49-B815-91BC5ACEB12A}]
C:\Program Files\Lauyan\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ED5DA7-9ECD-4808-8947-B0E81FFE4941}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB04895-840B-40C8-A787-CF56360009E9}]
C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6980035-9529-4F1F-BC04-1B846166C7A9}]
C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-31 17:16]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 12:11]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\giysaxlm]
giysaxlm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 14:52:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 14:53:49 - machine was rebooted
.
--- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

OK. On continue tout ici alors. Rapports :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:36, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\services.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [787e34f4] rundll32.exe "C:\WINDOWS\system32\spfnrmss.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00198CA.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
End of file - 7742 bytes

RAPPORT D AVG:
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:41:12 01/11/2007

+ Résultat de l'analyse:

HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé.
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\IENCLOHL\8154ff2675af1b6e0677560871425153[1].zip/b138.exe -> Downloader.Agent.cbx : Nettoyé.
:mozilla.22:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.10:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.12:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.7:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.8:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\BEGNY\Cookies\begny@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.

FillPCA
0
Réponse 6 / 42
Kevindu36 Messages postés 649 Statut Membre 6
 
bonjour

Fait un scan avec Bitdefender Online
https://www.bitdefender.com/toolbox/
Désactive ton antivirus pendant le scan
Puis poste le rapport génerré

++
0
Réponse 7 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ * Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
* Une invite te demandera si tu veux supprimer les fichiers, clique YES.
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

2/ * Télécharger smitfraudfix (de S!Ri) sur le bureau : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Clique sur smitfraudfix.exe
* Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
* Ferme l'application en tapant sur la touche Q.

3/ Edite les deux rapports précédents et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 8 / 42
dede4240 Messages postés 243 Statut Membre 26
 
le nouveau rapport hijackthis....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:34, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 9 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Hello Kevindu36,

Un scan en ligne sera inefficace ici.

FillPCA
0
Réponse 10 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Ok. Peux-tu faire ceci ? http://www.commentcamarche.net/forum/affich 3942183 cheval de troie#7

FillPCA
0
Réponse 11 / 42
Kevindu36 Messages postés 649 Statut Membre 6
 
Salut

je sais mais c'était pour voir si il y avait d'autre infection !!!

++
0
Réponse 12 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Il y en a d'autres. Vundo, d'après le rapports combofix et ceci :
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

FillPCA
0
Réponse 13 / 42
dede4240 Messages postés 243 Statut Membre 26
 
rapport vundo
le hijackthis plante maintenant... j'ai peut etre telechargé trop de truc de protection ??
VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 15:07:19 03/11/2007

Listing files found while scanning....

No infected files were found.
0
Réponse 14 / 42
dede4240 Messages postés 243 Statut Membre 26
 
LE RAPPORT SmitFraudFix v2.246 MERCI ;)

Rapport fait à 15:15:10,65, 03/11/2007
Executé à partir de C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BEGNY

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BEGNY\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BEGNY\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5006EG Wireless Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 213.36.80.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer=213.36.80.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer=213.36.80.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 15 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ # Double clique combofix.exe et suis les invites.
# Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

2/ * Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
* Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
* Clique sur l'onglet "diagnostic du PC" puis "analyser".
* Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
* Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
* Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

Edite les rapports demandés.

FillPCA
0
Réponse 16 / 42
dede4240 Messages postés 243 Statut Membre 26
 
nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:09, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 17 / 42
dede4240 Messages postés 243 Statut Membre 26
 
ComboFix 07-11-01.1 - BEGNY 2007-11-03 15:27:01.3 - NTFSx86
Running from: C:\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\geedc.dll
C:\z.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.

2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-03 15:07 <REP> d-------- C:\VundoFix Backups
2007-11-03 14:55 82 --a------ C:\n.bat
2007-11-03 14:55 0 --a------ C:\z.dat
2007-11-03 14:54 35,328 --a------ C:\WINDOWS\system32\gebxvww.dll
2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-03 10:50 87,616 --a------ C:\WINDOWS\system32\xsphsxvb.dll
2007-11-03 10:50 81,472 --a------ C:\WINDOWS\system32\xvfjpwqx.dll
2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-03 01:07 35,328 --a------ C:\WINDOWS\system32\rqrollm.dll
2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
2007-11-02 19:03 82,496 --a------ C:\WINDOWS\system32\ehotopxw.dll
2007-11-02 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-11-02 09:46 <REP> d-------- C:\Temp\mZOr
2007-11-02 09:46 32,256 --a------ C:\WINDOWS\system32\yayyyax.dll
2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
2007-11-01 11:52 28,672 --a------ C:\Documents and Settings\BEGNY\iexplorer.exe
2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-31 17:21 569,344 --a------ C:\WINDOWS\system32\spudsc.exe
2007-10-31 17:21 153,600 --a------ C:\WINDOWS\system32\svchost1.exe
2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-10-31 17:17 <REP> d-------- C:\Temp
2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
2007-10-04 12:40 <REP> d-------- C:\Downloads
2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
2007-10-24 13:12 --------- d-----w C:\Program Files\Java
2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-09-23 19:41 --------- d-----w C:\Program Files\Google
2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
2007-09-20 16:25 --------- d-----w C:\Program Files\key
2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2007-09-19 20:01 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-03_14.53.14.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-03 14:03:42 22,486 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
- 2001-09-28 12:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 12:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2002-01-05 02:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 02:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2002-01-05 02:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-05 02:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-05 01:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67A0AFC4-E872-4DB3-8770-FA65BD4F61D6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC619BCA-2BF3-4D49-B815-91BC5ACEB12A}]
C:\Program Files\Lauyan\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-03 14:54 35328 --a------ C:\WINDOWS\system32\gebxvww.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ED5DA7-9ECD-4808-8947-B0E81FFE4941}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB04895-840B-40C8-A787-CF56360009E9}]
C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6980035-9529-4F1F-BC04-1B846166C7A9}]
C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 12:11]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\gebxvww.dll [2007-11-03 14:54 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxvww]
gebxvww.dll 2007-11-03 14:54 35328 C:\WINDOWS\system32\gebxvww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\giysaxlm]
giysaxlm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 15:32:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 15:34:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-03 14:53
.
--- E O F ---

rapport PCA
# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :03/11/2007 15:37:38
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\pca\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.fr/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
02 - BHO: - {67A0AFC4-E872-4DB3-8770-FA65BD4F61D6} -
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
02 - BHO: - {AC619BCA-2BF3-4D49-B815-91BC5ACEB12A} - C:\Program Files\Lauyan\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
02 - BHO: - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\gebxvww.dll
02 - BHO: - {C6ED5DA7-9ECD-4808-8947-B0E81FFE4941} - C:\WINDOWS\system32\jkhhi.dll
02 - BHO: - {DAB04895-840B-40C8-A787-CF56360009E9} - C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll
02 - BHO: - {E6980035-9529-4F1F-BC04-1B846166C7A9} - C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [HControl] - C:\WINDOWS\ATK0100\HControl.exe
04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\..\RUN: [SkyTel] - SkyTel.EXE
04 - HKLM\..\RUN: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKLM\..\RUN: [NeroFilterCheck] - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
04 - HKLM\..\RUN: [Host Process] - C:\WINDOWS\Fonts\svchost.exe
04 - HKLM\..\RUN: [avgnt] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKLU\..\RUN: [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ATK0100\HControl.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ATK0100\HControl.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ATK0100\HControl.exe
04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [swg] - C:\WINDOWS\ATK0100\HControl.exe
04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [ctfmon.exe] - RTHDCPL.EXE
04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [msnmsgr] - SkyTel.EXE
04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [BitComet] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - Global Startup: Adobe Gamma Loader.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
08 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
08 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} -
09 - Extra 'Tools' menuitem: - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} -
09 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
15 - trusted zone: http . localhost
//O16 - Objets ActiveX
O16 - DPF : Windows Genuine Advantage Validation Tool - {17492023-C23A-453E-A040-C7C580BBF700} - C:\WINDOWS\system32\LegitCheckControl.DLL
O16 - DPF : Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Adobe LM Service] - "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [AntiVir PersonalEdition Classic Scheduler] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: [AntiVir PersonalEdition Classic Guard] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: [ASP.NET State Service] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [] - %SystemRoot%\System32\Ati2evxx.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\System32\msdtc.exe
O23 - Service: [NBService] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: [NMIndexingService] - "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
O23 - Service: [NMSAccessU] - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\System32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [Syntek AVStream USB2.0 WebCam Service] - %SystemRoot%\System32\StkCSrv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{BD8A66A2-59AB-492B-96B9-05428D9412ED}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [TabletService] - C:\WINDOWS\system32\Tablet.exe
O23 - Service: [Telnet] - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
0
Réponse 18 / 42
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ * Sélectionne le texte suivant :

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAB04895-840B-40C8-A787-CF56360009E9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6980035-9529-4F1F-BC04-1B846166C7A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6ED5DA7-9ECD-4808-8947-B0E81FFE4941}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC619BCA-2BF3-4D49-B815-91BC5ACEB12A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67A0AFC4-E872-4DB3-8770-FA65BD4F61D6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxvww]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\giysaxlm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"=-

File::
C:\WINDOWS\system32\jkhhi.dll
C:\n.bat
C:\z.dat
C:\WINDOWS\system32\gebxvww.dll
C:\WINDOWS\system32\xsphsxvb.dll
C:\WINDOWS\system32\xvfjpwqx.dll
C:\WINDOWS\system32\rqrollm.dll
C:\WINDOWS\system32\ehotopxw.dll
C:\WINDOWS\system32\yayyyax.dll
C:\WINDOWS\system32\spudsc.exe
C:\WINDOWS\system32\svchost1.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\e1\caws83122.exe.dll

Folder::
C:\Temp\mZOr
C:\WINDOWS\system32\e1

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

3/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREng.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

4/ Edite le rapport Combofix, Diaghelp, SREng et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 19 / 42
dede4240 Messages postés 243 Statut Membre 26
 
ComboFix 07-11-01.1 - BEGNY 2007-11-03 16:09:38.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1432 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
Command switches used :: C:\Downloads\CFScript.txt
* Created a new restore point

FILE::
C:\n.bat
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\e1\caws83122.exe.dll
C:\WINDOWS\system32\ehotopxw.dll
C:\WINDOWS\system32\gebxvww.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\rqrollm.dll
C:\WINDOWS\system32\spudsc.exe
C:\WINDOWS\system32\svchost1.exe
C:\WINDOWS\system32\xsphsxvb.dll
C:\WINDOWS\system32\xvfjpwqx.dll
C:\WINDOWS\system32\yayyyax.dll
C:\z.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.bat
C:\Temp\mZOr
C:\Temp\mZOr\tOasF.log
C:\WINDOWS\system32\ehotopxw.dll
C:\WINDOWS\system32\gebxvww.dll
C:\WINDOWS\system32\rqrollm.dll
C:\WINDOWS\system32\spudsc.exe
C:\WINDOWS\system32\svchost1.exe
C:\WINDOWS\system32\xsphsxvb.dll
C:\WINDOWS\system32\xvfjpwqx.dll
C:\z.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.

2007-11-03 15:36 <REP> d-------- C:\pca
2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-03 15:07 <REP> d-------- C:\VundoFix Backups
2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
2007-11-02 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
2007-11-01 11:52 28,672 --a------ C:\Documents and Settings\BEGNY\iexplorer.exe
2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-10-31 17:17 <REP> d-------- C:\Temp
2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
2007-10-04 12:40 <REP> d-------- C:\Downloads
2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
2007-10-24 13:12 --------- d-----w C:\Program Files\Java
2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-09-23 19:41 --------- d-----w C:\Program Files\Google
2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
2007-09-20 16:25 --------- d-----w C:\Program Files\key
2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2007-09-19 20:01 4,614,656 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-03_14.53.14.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-03 14:03:42 22,486 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
- 2001-09-28 12:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 12:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2002-01-05 02:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 02:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2002-01-05 02:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-05 02:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-05 01:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 12:11]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 16:13:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 16:15:00 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-03 15:34
C:\ComboFix3.txt ... 2007-11-03 14:53
.
--- E O F ---
0
Réponse 20 / 42
dede4240 Messages postés 243 Statut Membre 26
 
j ai un soucis sur le site de malekal car il me demande d'uploader un fichier mais ca ne fonctionne ca charge pendant longtemps sans succes
http://upload.malekal.com/ j'ai l'impression que tant que l'upload n'est pas faite, ca bloque les reste du programme ...
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses