Cheval de troie

Résolu
dede4240 Messages postés 243 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour a tous je retente ma chance car j'ai postéun message il y a quelque jour qui semble t il est passé a la trappe..
j'ai un cheval de troie sur mon ordi qui est en train de se repandre partout en gros l'ordi est ralenti et des pub intempestive apparaissent sans cesse je viens de changer d'antivirus suite a une recommandation sur un forum j'ai donc installé antivir ( avant j'avasi avast) je vous poste le rapport aprezs analyse d'antivir... j'espereque qqn pourra m'aider car je viens d'aller rue montgallet et on me demande 60 euro pour reformatter l'ordi d'apres eux c est la seule chose a faire contre un cheval de trois... merci de votre aide

AntiVir PersonalEdition Classic
Report file date: 2007-11-03 13:15

Scanning for 1036370 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BEGNY-GA1A4CHG2

Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007-11-03 13:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477c6725.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479f6776.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4791678c.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a66e4f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e63.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47986e62.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479d6e50.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e4e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475e6e21.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f6e62.qua'!
C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
[0] Archive type: ZIP
--> __c001EC51.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47636e63.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was moved to '475c6e48.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '475c6e89.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0a.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e57.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f11.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f12.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46c12e4b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f14.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f13.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4c.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4d.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f15.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f18.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f1b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '475c6f1e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '475c6f23.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f77.qua'!
C:\WINDOWS\mrofinu1000106.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46005930.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f79.qua'!
C:\WINDOWS\mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f78.qua'!
C:\WINDOWS\system32\lejygeds.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479671b9.qua'!
C:\WINDOWS\system32\nkiupqwt.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479571ca.qua'!
C:\WINDOWS\system32\spudscv.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was moved to '47a171d9.qua'!
C:\WINDOWS\system32\__c009ADE2.dat
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\b3\rarndrll2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] The file was moved to '479e72ab.qua'!
C:\WINDOWS\system32\u4\wr31drs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f7308.qua'!

End of the scan: 2007-11-03 14:07
Used time: 52:21 min

The scan has been done completely.

6463 Scanning directories
397755 Files were scanned
22 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397733 Files not concerned
6422 Archives were scanned
2 Warnings
50 Notes
Configuration: Windows XP
Internet Explorer 7.0
firefox

42 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un cheval de Troie est détecté sur le PC, provoquant ralentissements et affichage intempestif de publicités, avec un rapport AntiVir décrivant de nombreuses détections et des éléments déplacés en quarantaine.
La réponse propose OTMoveIt pour supprimer des fichiers indésirables, CCleaner pour nettoyer le système et AVG Anti-Spyware pour une analyse complète et la mise en quarantaine des menaces.
En parallèle, un scan en ligne Bitdefender est conseillé pour vérifier l'étendue de l'infection et générer un rapport, puis il est recommandé de redémarrer selon les instructions et de sauvegarder les rapports.
Le rapport affiche 22 menaces détectées et 37 fichiers mis en quarantaine après un balayage de près de 397 755 fichiers, ce qui confirme l'infection et l'efficacité des mesures préconisées.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    On va te faire ça pour 0 €.
    As-tu le rapport Combofix, vu qu'il a déjà été utilisé ? Il me faut aussi un rapport Hijackthis.

    Quel genre de pubs subis-tu ?

    FillPCA
    0
  2. Yoan Messages postés 11905 Statut Modérateur 2 356
     
    Ici a été posté un log hijackthis concernant le problème de dede4240.
    0
  3. dede4240 Messages postés 243 Statut Membre 26
     
    ca c'est le rapport combofix... le log hijackthis date de deux jours je crois (peut etre trois) j'ai pas ma l bidouillé d'apres ce que j'ai lu su rles forum depuis .. donc les info ne sont peut etre plus valable ... j'en reposte un de suite ... merci a tous ...
    ComboFix 07-11-01.1 - BEGNY 2007-11-03 14:47:36.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1373 [GMT 1:00]
    Running from: C:\Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\BEGNY\Favoris\Online Security Guide.lnk
    C:\Program Files\Temporary
    C:\Program Files\Temporary\wininstall.exe
    C:\Program Files\WinAble
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\system32\b3
    C:\WINDOWS\system32\bccdd.bak2
    C:\WINDOWS\system32\bccdd.ini
    C:\WINDOWS\system32\bccdd.ini2
    C:\WINDOWS\system32\bccdd.tmp
    C:\WINDOWS\system32\ddccb.dll
    C:\WINDOWS\system32\e1
    C:\WINDOWS\system32\e1\caws83122.exe
    C:\WINDOWS\system32\giysaxlm.dllbox
    C:\WINDOWS\system32\jkkll.dll
    C:\WINDOWS\system32\llkkj.bak1
    C:\WINDOWS\system32\llkkj.ini
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\u4

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
    2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-03 10:50 87,616 --a------ C:\WINDOWS\system32\xsphsxvb.dll
    2007-11-03 10:50 81,472 --a------ C:\WINDOWS\system32\xvfjpwqx.dll
    2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
    2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
    2007-11-03 01:07 35,328 --a------ C:\WINDOWS\system32\rqrollm.dll
    2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
    2007-11-02 19:03 82,496 --a------ C:\WINDOWS\system32\ehotopxw.dll
    2007-11-02 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
    2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
    2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
    2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
    2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
    2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
    2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
    2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
    2007-11-02 09:46 <REP> d-------- C:\Temp\mZOr
    2007-11-02 09:46 32,256 --a------ C:\WINDOWS\system32\yayyyax.dll
    2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-01 11:52 28,672 --a------ C:\Documents and Settings\BEGNY\iexplorer.exe
    2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2007-11-01 10:35 32,256 --a------ C:\WINDOWS\system32\urqqppp.dll
    2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-31 17:21 569,344 --a------ C:\WINDOWS\system32\spudsc.exe
    2007-10-31 17:21 153,600 --a------ C:\WINDOWS\system32\svchost1.exe
    2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-10-31 17:18 32,256 --a------ C:\WINDOWS\system32\ssqqonn.dll
    2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-10-31 17:17 <REP> d-------- C:\Temp
    2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
    2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
    2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
    2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
    2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
    2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
    2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
    2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
    2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
    2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
    2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
    2007-10-04 12:40 <REP> d-------- C:\Downloads
    2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
    2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
    2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 13:21 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
    2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
    2007-10-31 16:21 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
    2007-10-31 16:16 278,541 --sha-w C:\WINDOWS\Fonts\svchost.exe
    2007-10-24 13:12 --------- d-----w C:\Program Files\Java
    2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
    2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
    2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
    2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
    2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
    2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
    2007-09-23 19:41 --------- d-----w C:\Program Files\Google
    2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
    2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
    2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
    2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
    2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
    2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
    2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
    2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
    2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
    2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
    2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
    2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
    2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
    2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
    2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
    2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
    2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
    2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
    2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
    2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
    2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
    2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
    2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
    2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
    2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
    2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
    2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
    2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
    2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
    2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
    2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
    2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
    2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
    2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
    2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
    2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
    2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
    2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
    2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
    2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
    2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
    2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
    2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
    2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
    2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
    2007-09-20 16:25 --------- d-----w C:\Program Files\key
    2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
    2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
    2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
    2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
    2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67A0AFC4-E872-4DB3-8770-FA65BD4F61D6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC619BCA-2BF3-4D49-B815-91BC5ACEB12A}]
    C:\Program Files\Lauyan\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ED5DA7-9ECD-4808-8947-B0E81FFE4941}]
    C:\WINDOWS\system32\jkhhi.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB04895-840B-40C8-A787-CF56360009E9}]
    C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6980035-9529-4F1F-BC04-1B846166C7A9}]
    C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-31 17:16]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 12:11]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\giysaxlm]
    giysaxlm.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    "C:\Program Files\BitComet\BitComet.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
    R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
    R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 14:52:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-03 14:53:49 - machine was rebooted
    .
    --- E O F ---
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    OK. On continue tout ici alors. Rapports :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:18:36, on 02/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Insider\Insider.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [Windows32] C:\Arquivos de programas\services.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [787e34f4] rundll32.exe "C:\WINDOWS\system32\spfnrmss.dll",b
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00198CA.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    End of file - 7742 bytes

    RAPPORT D AVG:
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 15:41:12 01/11/2007

    + Résultat de l'analyse:

    HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Nettoyé.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé.
    C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\IENCLOHL\8154ff2675af1b6e0677560871425153[1].zip/b138.exe -> Downloader.Agent.cbx : Nettoyé.
    :mozilla.22:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.24:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\BEGNY\Cookies\begny@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.26:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\BEGNY\Cookies\begny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\BEGNY\Cookies\begny@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.10:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.12:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.13:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.14:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.7:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.8:C:\Documents and Settings\BEGNY\Application Data\Mozilla\Firefox\Profiles\yqp3on1h.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\BEGNY\Cookies\begny@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.

    FillPCA
    0
  6. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ * Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer.
    * Clique sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES.
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    2/ * Télécharger smitfraudfix (de S!Ri) sur le bureau : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    * Clique sur smitfraudfix.exe
    * Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
    * Ferme l'application en tapant sur la touche Q.

    3/ Edite les deux rapports précédents et un nouveau rapport Hijackthis.

    FillPCA
    0
  7. dede4240 Messages postés 243 Statut Membre 26
     
    le nouveau rapport hijackthis....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:00:34, on 03/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    0
  8. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Hello Kevindu36,

    Un scan en ligne sera inefficace ici.

    FillPCA
    0
  9. Kevindu36 Messages postés 649 Statut Membre 6
     
    Salut

    je sais mais c'était pour voir si il y avait d'autre infection !!!

    ++
    0
  10. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Il y en a d'autres. Vundo, d'après le rapports combofix et ceci :
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

    FillPCA
    0
  11. dede4240 Messages postés 243 Statut Membre 26
     
    rapport vundo
    le hijackthis plante maintenant... j'ai peut etre telechargé trop de truc de protection ??
    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 15:07:19 03/11/2007

    Listing files found while scanning....

    No infected files were found.
    0
  12. dede4240 Messages postés 243 Statut Membre 26
     
    LE RAPPORT SmitFraudFix v2.246 MERCI ;)

    Rapport fait à 15:15:10,65, 03/11/2007
    Executé à partir de C:\Downloads\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BEGNY

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BEGNY\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BEGNY\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="sockspy.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Atheros AR5006EG Wireless Network Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 213.36.80.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer=213.36.80.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer=213.36.80.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer=213.36.80.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  13. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ # Double clique combofix.exe et suis les invites.
    # Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    2/ * Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
    * Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
    * Clique sur l'onglet "diagnostic du PC" puis "analyser".
    * Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
    * Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
    * Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

    Edite les rapports demandés.

    FillPCA
    0
  14. dede4240 Messages postés 243 Statut Membre 26
     
    nouveau rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21:09, on 03/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\BEGNY\Bureau\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8B7581F-45BC-462C-8D2B-15CB7C159F03}: NameServer = 213.36.80.1
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    0
  15. dede4240 Messages postés 243 Statut Membre 26
     
    ComboFix 07-11-01.1 - BEGNY 2007-11-03 15:27:01.3 - NTFSx86
    Running from: C:\Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cdeeg.bak1
    C:\WINDOWS\system32\cdeeg.ini
    C:\WINDOWS\system32\geedc.dll
    C:\z.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-11-03 15:07 <REP> d-------- C:\VundoFix Backups
    2007-11-03 14:55 82 --a------ C:\n.bat
    2007-11-03 14:55 0 --a------ C:\z.dat
    2007-11-03 14:54 35,328 --a------ C:\WINDOWS\system32\gebxvww.dll
    2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
    2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-03 10:50 87,616 --a------ C:\WINDOWS\system32\xsphsxvb.dll
    2007-11-03 10:50 81,472 --a------ C:\WINDOWS\system32\xvfjpwqx.dll
    2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
    2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
    2007-11-03 01:07 35,328 --a------ C:\WINDOWS\system32\rqrollm.dll
    2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
    2007-11-02 19:03 82,496 --a------ C:\WINDOWS\system32\ehotopxw.dll
    2007-11-02 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
    2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
    2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
    2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
    2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
    2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
    2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
    2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
    2007-11-02 09:46 <REP> d-------- C:\Temp\mZOr
    2007-11-02 09:46 32,256 --a------ C:\WINDOWS\system32\yayyyax.dll
    2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-01 11:52 28,672 --a------ C:\Documents and Settings\BEGNY\iexplorer.exe
    2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-31 17:21 569,344 --a------ C:\WINDOWS\system32\spudsc.exe
    2007-10-31 17:21 153,600 --a------ C:\WINDOWS\system32\svchost1.exe
    2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-10-31 17:17 <REP> d-------- C:\Temp
    2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
    2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
    2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
    2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
    2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
    2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
    2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
    2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
    2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
    2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
    2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
    2007-10-04 12:40 <REP> d-------- C:\Downloads
    2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
    2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
    2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
    2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
    2007-10-24 13:12 --------- d-----w C:\Program Files\Java
    2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
    2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
    2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
    2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
    2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
    2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
    2007-09-23 19:41 --------- d-----w C:\Program Files\Google
    2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
    2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
    2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
    2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
    2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
    2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
    2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
    2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
    2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
    2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
    2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
    2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
    2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
    2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
    2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
    2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
    2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
    2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
    2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
    2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
    2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
    2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
    2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
    2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
    2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
    2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
    2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
    2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
    2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
    2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
    2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
    2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
    2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
    2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
    2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
    2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
    2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
    2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
    2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
    2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
    2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
    2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
    2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
    2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
    2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
    2007-09-20 16:25 --------- d-----w C:\Program Files\key
    2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
    2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
    2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
    2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
    2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
    2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
    2007-09-19 20:01 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-03_14.53.14.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-03 14:03:42 22,486 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
    - 2001-09-28 12:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
    + 2004-03-31 12:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
    + 2002-01-05 02:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
    + 2002-01-05 02:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
    + 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
    + 2002-01-05 02:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
    + 2002-01-05 02:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
    + 2002-01-05 01:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67A0AFC4-E872-4DB3-8770-FA65BD4F61D6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC619BCA-2BF3-4D49-B815-91BC5ACEB12A}]
    C:\Program Files\Lauyan\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
    2007-11-03 14:54 35328 --a------ C:\WINDOWS\system32\gebxvww.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ED5DA7-9ECD-4808-8947-B0E81FFE4941}]
    C:\WINDOWS\system32\jkhhi.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB04895-840B-40C8-A787-CF56360009E9}]
    C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6980035-9529-4F1F-BC04-1B846166C7A9}]
    C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 12:11]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\gebxvww.dll [2007-11-03 14:54 35328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxvww]
    gebxvww.dll 2007-11-03 14:54 35328 C:\WINDOWS\system32\gebxvww.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\giysaxlm]
    giysaxlm.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    "C:\Program Files\BitComet\BitComet.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
    R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
    R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 15:32:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-03 15:34:26 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-03 14:53
    .
    --- E O F ---

    rapport PCA
    # PCA Sécurité V 1.0.2, (fichier LOG).
    # Rapport du :03/11/2007 15:37:38
    Microsoft Windows XP Service Pack 2

    ==>> Processus <==
    \SystemRoot\System32\smss.exe
    \??\C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\pca\pca.exe

    //pages de démarrage et de recherche d'Internet Explorer
    RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.fr/?gws_rd=ssl
    RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    //applications lancées depuis system.ini,win.ini
    //03 - Browser Helper Objects (BHOs)
    02 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
    02 - BHO: - {67A0AFC4-E872-4DB3-8770-FA65BD4F61D6} -
    02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
    02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    02 - BHO: - {AC619BCA-2BF3-4D49-B815-91BC5ACEB12A} - C:\Program Files\Lauyan\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll
    02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    02 - BHO: - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\gebxvww.dll
    02 - BHO: - {C6ED5DA7-9ECD-4808-8947-B0E81FFE4941} - C:\WINDOWS\system32\jkhhi.dll
    02 - BHO: - {DAB04895-840B-40C8-A787-CF56360009E9} - C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll
    02 - BHO: - {E6980035-9529-4F1F-BC04-1B846166C7A9} - C:\Program Files\key\nipysavC:\WINDOWS\system32\e1\caws83122.exe.dll
    O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    //04 - applications chargées automatiquement
    04 - HKLM\..\RUN: [HControl] - C:\WINDOWS\ATK0100\HControl.exe
    04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
    04 - HKLM\..\RUN: [SkyTel] - SkyTel.EXE
    04 - HKLM\..\RUN: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    04 - HKLM\..\RUN: [NeroFilterCheck] - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    04 - HKLM\..\RUN: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    04 - HKLM\..\RUN: [Host Process] - C:\WINDOWS\Fonts\svchost.exe
    04 - HKLM\..\RUN: [avgnt] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
    04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    04 - HKLU\..\RUN: [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
    04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ATK0100\HControl.exe
    04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ATK0100\HControl.exe
    04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ATK0100\HControl.exe
    04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [swg] - C:\WINDOWS\ATK0100\HControl.exe
    04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [ctfmon.exe] - RTHDCPL.EXE
    04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [msnmsgr] - SkyTel.EXE
    04 - HKUS\S-1-5-21-484763869-884357618-725345543-1003\..\RUN: [BitComet] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    04 - Global Startup: Adobe Gamma Loader.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    //05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
    //06- interdiction à l' accès au options (Internet Explorer)
    //07 - blocage de l'exécution de Regedit
    //08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
    08 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    08 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    08 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    //09 - boutons situés sur la barre d'outils principale d'Internet Explorer
    09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    09 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} -
    09 - Extra 'Tools' menuitem: - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} -
    09 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    //O10 - Pirates de Winsock
    //O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
    O11 - Options group: [INTERNATIONAL] - International*
    //O12 - IE plugins
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
    //013 : DefaultPrefix
    //014 - Option : (Rétablir les paramètres Web)
    //015 - Zone de confiance d'Internet Explorer
    15 - trusted zone: http . localhost
    //O16 - Objets ActiveX
    O16 - DPF : Windows Genuine Advantage Validation Tool - {17492023-C23A-453E-A040-C7C580BBF700} - C:\WINDOWS\system32\LegitCheckControl.DLL
    O16 - DPF : Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
    //O17 - piratage de domaine Lop.com
    //O18 - protocoles additionnels
    O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
    O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    //O19 - feuille de style de l'utilisateur
    //O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
    //O21 - ShellServiceObjectDelayLoad
    //O22 - SharedTaskScheduler
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
    //O23 - services de XP,NT, 2000, et 2003
    O23 - Service: [Adobe LM Service] - "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
    O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
    O23 - Service: [AntiVir PersonalEdition Classic Scheduler] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
    O23 - Service: [AntiVir PersonalEdition Classic Guard] - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
    O23 - Service: [ASP.NET State Service] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    O23 - Service: [] - %SystemRoot%\System32\Ati2evxx.exe
    O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
    O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    O23 - Service: [Service COM de gravage de CD IMAPI] -
    O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
    O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\System32\msdtc.exe
    O23 - Service: [NBService] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: [NMIndexingService] - "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
    O23 - Service: [NMSAccessU] - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
    O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
    O23 - Service: [QoS RSVP] - %SystemRoot%\System32\rsvp.exe
    O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
    O23 - Service: [Syntek AVStream USB2.0 WebCam Service] - %SystemRoot%\System32\StkCSrv.exe
    O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{BD8A66A2-59AB-492B-96B9-05428D9412ED}
    O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
    O23 - Service: [TabletService] - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: [Telnet] - C:\WINDOWS\System32\tlntsvr.exe
    O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
    O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
    O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
    O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    0
  16. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ * Sélectionne le texte suivant :

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAB04895-840B-40C8-A787-CF56360009E9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6980035-9529-4F1F-BC04-1B846166C7A9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6ED5DA7-9ECD-4808-8947-B0E81FFE4941}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC619BCA-2BF3-4D49-B815-91BC5ACEB12A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67A0AFC4-E872-4DB3-8770-FA65BD4F61D6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxvww]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\giysaxlm]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Host Process"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{BCC73622-F72D-4277-803C-D65565A0947F}"=-

    File::
    C:\WINDOWS\system32\jkhhi.dll
    C:\n.bat
    C:\z.dat
    C:\WINDOWS\system32\gebxvww.dll
    C:\WINDOWS\system32\xsphsxvb.dll
    C:\WINDOWS\system32\xvfjpwqx.dll
    C:\WINDOWS\system32\rqrollm.dll
    C:\WINDOWS\system32\ehotopxw.dll
    C:\WINDOWS\system32\yayyyax.dll
    C:\WINDOWS\system32\spudsc.exe
    C:\WINDOWS\system32\svchost1.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\e1\caws83122.exe.dll

    Folder::
    C:\Temp\mZOr
    C:\WINDOWS\system32\e1


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
    Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

    3/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    4/ Edite le rapport Combofix, Diaghelp, SREng et un nouveau rapport Hijackthis.

    FillPCA
    0
  17. dede4240 Messages postés 243 Statut Membre 26
     
    ComboFix 07-11-01.1 - BEGNY 2007-11-03 16:09:38.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1432 [GMT 1:00]
    Running from: C:\Downloads\ComboFix.exe
    Command switches used :: C:\Downloads\CFScript.txt
    * Created a new restore point

    FILE::
    C:\n.bat
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\e1\caws83122.exe.dll
    C:\WINDOWS\system32\ehotopxw.dll
    C:\WINDOWS\system32\gebxvww.dll
    C:\WINDOWS\system32\jkhhi.dll
    C:\WINDOWS\system32\rqrollm.dll
    C:\WINDOWS\system32\spudsc.exe
    C:\WINDOWS\system32\svchost1.exe
    C:\WINDOWS\system32\xsphsxvb.dll
    C:\WINDOWS\system32\xvfjpwqx.dll
    C:\WINDOWS\system32\yayyyax.dll
    C:\z.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\n.bat
    C:\Temp\mZOr
    C:\Temp\mZOr\tOasF.log
    C:\WINDOWS\system32\ehotopxw.dll
    C:\WINDOWS\system32\gebxvww.dll
    C:\WINDOWS\system32\rqrollm.dll
    C:\WINDOWS\system32\spudsc.exe
    C:\WINDOWS\system32\svchost1.exe
    C:\WINDOWS\system32\xsphsxvb.dll
    C:\WINDOWS\system32\xvfjpwqx.dll
    C:\z.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-03 15:36 <REP> d-------- C:\pca
    2007-11-03 15:15 2,742 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-03 15:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-03 15:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-03 15:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-03 15:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-03 15:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-03 15:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-11-03 15:07 <REP> d-------- C:\VundoFix Backups
    2007-11-03 13:06 <REP> d-------- C:\Program Files\Avira
    2007-11-03 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-03 10:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-03 10:13 <REP> d-------- C:\Program Files\Panda Security
    2007-11-03 10:08 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
    2007-11-02 19:10 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\WTablet
    2007-11-02 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-02 18:57 <REP> d-------- C:\Program Files\Navilog1
    2007-11-02 18:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-02 18:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-02 18:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-02 18:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-02 18:39 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
    2007-11-02 18:27 <REP> d-------- C:\WINDOWS\system32\WTablet
    2007-11-02 18:27 <REP> d-------- C:\Program Files\Tablet
    2007-11-02 18:27 1,197,616 --a------ C:\WINDOWS\system32\Tablet.exe
    2007-11-02 18:27 124,464 --------- C:\WINDOWS\system32\Wintab32.dll
    2007-11-02 18:27 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
    2007-11-02 18:27 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
    2007-11-01 18:17 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-01 11:52 28,672 --a------ C:\Documents and Settings\BEGNY\iexplorer.exe
    2007-11-01 11:47 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2007-10-31 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-31 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-10-31 17:17 <REP> d-------- C:\WINDOWS\system32\Mz18r
    2007-10-31 17:17 <REP> d-------- C:\Temp
    2007-10-31 16:01 <REP> d-------- C:\Program Files\TimeAdjuster
    2007-10-29 16:21 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-10-29 16:18 0 --a------ C:\WINDOWS\nsreg.dat
    2007-10-25 14:24 <REP> d-------- C:\WINDOWS\Sun
    2007-10-12 23:35 <REP> d-------- C:\Program Files\Ripp-it_AM
    2007-10-12 22:34 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-10-10 13:59 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-04 14:55 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
    2007-10-04 14:53 <REP> d-------- C:\WINDOWS\StartHtmico
    2007-10-04 14:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-10-04 14:52 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
    2007-10-04 14:52 90,112 -ra------ C:\WINDOWS\system32\CNMCP78.exe
    2007-10-04 14:52 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
    2007-10-04 14:50 <REP> d-------- C:\Program Files\Canon
    2007-10-04 14:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-10-04 14:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-10-04 14:06 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-10-04 14:04 <REP> d-------- C:\WINDOWS\SHELLNEW
    2007-10-04 14:02 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-10-04 14:00 <REP> dr-h----- C:\MSOCache
    2007-10-04 12:40 <REP> d-------- C:\Downloads
    2007-10-04 12:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-10-04 12:37 <REP> d-------- C:\Program Files\BitComet
    2007-10-03 19:40 <REP> d-------- C:\Program Files\Azureus
    2007-10-03 19:40 <REP> d-------- C:\Documents and Settings\BEGNY\Application Data\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 13:58 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\LimeWire
    2007-11-02 16:25 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Skype
    2007-10-24 13:12 --------- d-----w C:\Program Files\Java
    2007-10-17 16:39 --------- d-----w C:\Program Files\Winamp
    2007-10-04 16:28 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-10-01 09:32 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-09-28 17:55 --------- d-----w C:\Program Files\CDBurnerXP
    2007-09-25 22:06 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\vlc
    2007-09-25 10:38 --------- d-----w C:\Program Files\Audacity
    2007-09-24 12:47 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Apple Computer
    2007-09-24 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-09-24 02:36 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-09-24 01:36 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
    2007-09-23 19:41 --------- d-----w C:\Program Files\Google
    2007-09-22 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-22 10:17 --------- d-----w C:\Program Files\Eltima Software
    2007-09-21 21:12 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2007-09-21 21:11 --------- d-----w C:\Program Files\Macromedia
    2007-09-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-09-21 10:00 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Adssite Advanced Toolbar
    2007-09-21 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-21 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2007-09-21 01:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-09-20 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\IsolatedStorage
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\MSN6
    2007-09-20 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2007-09-20 21:21 --------- d-----w C:\Program Files\FairUse Wizard
    2007-09-20 21:21 --------- d-----w C:\Program Files\Error Safe Free
    2007-09-20 21:21 --------- d-----w C:\Program Files\eRightSoft
    2007-09-20 21:21 --------- d-----w C:\Program Files\EPSON
    2007-09-20 21:20 --------- d-----w C:\Program Files\eMule
    2007-09-20 21:18 --------- d-----w C:\Program Files\CyberLink
    2007-09-20 21:18 --------- d-----w C:\Program Files\Creative
    2007-09-20 21:18 --------- d-----w C:\Program Files\Common~1
    2007-09-20 21:18 --------- d-----w C:\Program Files\CoffeeCup Software
    2007-09-20 21:18 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
    2007-09-20 21:17 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 21:17 --------- d-----w C:\Program Files\Alwil Software
    2007-09-20 21:17 --------- d-----w C:\Program Files\Ahead
    2007-09-20 21:07 --------- d-----w C:\Program Files\1&1
    2007-09-20 21:06 --------- d-----w C:\Program Files\XviD codec (Neodivx Version)
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-20 21:06 --------- d-----w C:\Program Files\Windows Live
    2007-09-20 21:05 --------- d-----w C:\Program Files\WinASPI
    2007-09-20 21:04 --------- d-----w C:\Program Files\Webteh
    2007-09-20 21:04 --------- d-----w C:\Program Files\VSO
    2007-09-20 21:04 --------- d-----w C:\Program Files\VOB
    2007-09-20 21:04 --------- d-----w C:\Program Files\VISoftware
    2007-09-20 21:04 --------- d-----w C:\Program Files\Visicom Media
    2007-09-20 21:04 --------- d-----w C:\Program Files\VideoLAN
    2007-09-20 21:04 --------- d-----w C:\Program Files\URUSoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Uniblue
    2007-09-20 21:04 --------- d-----w C:\Program Files\Ubisoft
    2007-09-20 21:04 --------- d-----w C:\Program Files\Thugs at Bay
    2007-09-20 21:04 --------- d-----w C:\Program Files\Symantec
    2007-09-20 21:04 --------- d-----w C:\Program Files\STK014
    2007-09-20 21:04 --------- d-----w C:\Program Files\StarV9
    2007-09-20 21:03 --------- d-----w C:\Program Files\Sony Ericsson
    2007-09-20 21:03 --------- d-----w C:\Program Files\Skype
    2007-09-20 21:03 --------- d-----w C:\Program Files\RADVideo
    2007-09-20 21:03 --------- d-----w C:\Program Files\QuickTime Alternative
    2007-09-20 21:03 --------- d-----w C:\Program Files\plugins
    2007-09-20 21:03 --------- d-----w C:\Program Files\NETGEAR
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2007-09-20 20:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-09-20 20:20 --------- d-----w C:\Documents and Settings\BEGNY\Application Data\Ahead
    2007-09-20 20:18 --------- d-----w C:\Program Files\Nero
    2007-09-20 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-09-20 20:16 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-09-20 20:12 --------- d-----w C:\Program Files\Motorola
    2007-09-20 20:09 --------- d-----w C:\Program Files\Realtek
    2007-09-20 19:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-20 19:23 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-20 19:21 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-09-20 19:20 --------- d-----w C:\Program Files\Services en ligne
    2007-09-20 18:37 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-20 18:21 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-09-20 18:03 --------- d-----w C:\Program Files\QuickTime
    2007-09-20 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-20 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-20 16:28 --------- d-----w C:\Program Files\MyXOFT
    2007-09-20 16:28 --------- d-----w C:\Program Files\Multimedia Mouse Driver
    2007-09-20 16:28 --------- d-----w C:\Program Files\MSXML 4.0
    2007-09-20 16:27 --------- d-----w C:\Program Files\MSI
    2007-09-20 16:27 --------- d-----w C:\Program Files\Microsoft Games
    2007-09-20 16:26 --------- d-----w C:\Program Files\Maïdo Production
    2007-09-20 16:25 --------- d-----w C:\Program Files\Lauyan
    2007-09-20 16:25 --------- d-----w C:\Program Files\key
    2007-09-20 16:25 --------- d-----w C:\Program Files\Jasc Software Inc
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterVideo
    2007-09-20 16:24 --------- d-----w C:\Program Files\InterActual
    2007-09-20 16:24 --------- d-----w C:\Program Files\Infogrames
    2007-09-19 20:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
    2007-09-19 20:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe
    2007-09-19 20:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
    2007-09-19 20:01 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
    2007-09-19 20:01 4,614,656 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-03_14.53.14.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-03 14:03:42 22,486 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe
    - 2001-09-28 12:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
    + 2004-03-31 12:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
    + 2002-01-05 02:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
    + 2002-01-05 02:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
    + 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
    + 2002-01-05 02:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
    + 2002-01-05 02:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
    + 2002-01-05 01:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 16:37]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 21:01 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-09-19 21:01 C:\WINDOWS\SkyTel.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 20:43]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-26 11:12]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 14:21]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 12:11]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 13:33]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    "C:\Program Files\BitComet\BitComet.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe
    R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
    R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57df1a99-77eb-11dc-b9f3-0015af38a7f9}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 16:13:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-03 16:15:00 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-03 15:34
    C:\ComboFix3.txt ... 2007-11-03 14:53
    .
    --- E O F ---
    0
  18. dede4240 Messages postés 243 Statut Membre 26
     
    j ai un soucis sur le site de malekal car il me demande d'uploader un fichier mais ca ne fonctionne ca charge pendant longtemps sans succes
    http://upload.malekal.com/ j'ai l'impression que tant que l'upload n'est pas faite, ca bloque les reste du programme ...
    0
  • 1
  • 2
  • 3