Problème de virus, encore !
Résolu
Utilisateur anonyme
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Bonjour,
Voici mon problème : Mon ordi a été infectée par un virus, un cheval de troie. J'ai analysé avec Avast : il a trouvé 1 fichier infecté. J'ai analysé en ligne avec bit defender : il a trouvé 10 fichiers infectés. J'ai analysé avec AVG : il a trouvé 4 adware et 4 cookie tracking. Tout a été effacé ou mis en quarantaine. Je croyais m'en être débarrassé, mais voilà qu'Avast n'arrête pas de demander un redémarrage. De plus, mon ordi est plus lente quand j'ouvre des dossiers, etc...
Donc, est-ce que quelqu'un est prêt à m'aìder à nettoyer mon ordi ?
Merci d'avance !
Bonjour,
Voici mon problème : Mon ordi a été infectée par un virus, un cheval de troie. J'ai analysé avec Avast : il a trouvé 1 fichier infecté. J'ai analysé en ligne avec bit defender : il a trouvé 10 fichiers infectés. J'ai analysé avec AVG : il a trouvé 4 adware et 4 cookie tracking. Tout a été effacé ou mis en quarantaine. Je croyais m'en être débarrassé, mais voilà qu'Avast n'arrête pas de demander un redémarrage. De plus, mon ordi est plus lente quand j'ouvre des dossiers, etc...
Donc, est-ce que quelqu'un est prêt à m'aìder à nettoyer mon ordi ?
Merci d'avance !
A voir également:
- Problème de virus, encore !
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
24 réponses
salut
voici le rapport:
ComboFix 08-01-07.5 - *****2008-01-10 13:01:48.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.243 [GMT -5:00]
Running from: C:\Documents and Settings\*****\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 02:58 . 2008-01-09 02:58 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-07 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 11:46 . 2008-01-07 18:23 <REP> d-------- C:\VundoFix Backups
2008-01-07 11:21 . 2008-01-07 11:21 <REP> d-------- C:\Program Files\Avira
2008-01-07 11:21 . 2008-01-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-07 10:32 . 2008-01-07 10:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-29 14:17 . 2007-12-29 14:17 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-29 14:17 . 2007-12-29 14:17 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-29 14:16 . 2006-09-22 10:17 40 --a------ C:\WINDOWS\RUNAWAY2.INI
2007-12-29 14:03 . 2007-12-29 14:03 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-27 15:03 . 2008-01-10 11:48 <REP> d-------- C:\Desf
2007-12-24 11:51 . 2007-12-24 11:51 <REP> d-------- C:\Program Files\CCleaner
2007-12-20 19:23 . 2007-12-24 15:24 <REP> d-------- C:\Program Files\PokerStars.NET
2007-12-20 12:55 . 2007-12-20 12:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-20 12:53 . 2007-12-20 12:53 <REP> d-------- C:\WINDOWS\system32\su2
2007-12-20 12:53 . 2007-12-20 19:18 <REP> d-------- C:\WINDOWS\system32\pi3
2007-12-20 12:53 . 2007-12-20 12:53 <REP> d-------- C:\WINDOWS\system32\eu1
2007-12-20 12:52 . 2007-12-20 12:52 <REP> d-------- C:\WINDOWS\system32\daSgo18
2007-12-20 12:50 . 2007-12-20 16:56 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 14:25 . 2007-12-11 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-12-11 13:31 . 2007-12-11 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-12-11 09:14 . 2007-12-11 09:14 <REP> d-------- C:\Documents and Settings\*****\Application Data\Flood Light Games
2007-12-11 09:14 . 2007-12-11 09:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-30 03:28 --------- d-----w C:\Documents and Settings\*****\Application Data\FlashFXP
2008-01-09 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 05:18 116,608 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-09 05:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-29 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 00:40 --------- d-----w C:\Documents and Settings\*****\Application Data\Lionhead Studios
2007-12-20 22:01 --------- d-----w C:\Documents and Settings\*****\Application Data\LimeWire
2007-12-13 16:24 --------- d-----w C:\Documents and Settings\*****\Application Data\PlayFirst
2007-12-13 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-08 15:53 --------- d-----w C:\Documents and Settings\*****\Application Data\AdobeUM
2007-12-07 23:35 --------- d-----w C:\Program Files\Google
2007-12-07 23:28 --------- d-----w C:\Program Files\Audacity
2007-12-07 23:26 --------- d-----w C:\Program Files\Copernic Agent
2007-12-06 22:04 --------- d-----w C:\Documents and Settings\*****\Application Data\Grisoft
2007-12-06 14:15 46,080 -c--a-w C:\WINDOWS\system32\ftp.exe
2007-12-02 20:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-02 20:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-29 23:06 69,816 -c--a-w C:\Documents and Settings\*****\Application Data\GDIPFONTCACHEV1.DAT
2007-11-25 00:53 --------- d-----w C:\Program Files\Camfrog
2007-11-22 20:43 --------- d-----w C:\Documents and Settings\*****\Application Data\Leadertech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-15 18:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2006-07-24 16:58 1 -c--a-w C:\Documents and Settings\*****\SI.bin
2005-04-27 13:04 6,656 -csha-w C:\Program Files\Fichiers communs\Thumbs.db
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
[code]<pre>
----a-w 313,472 2008-01-07 16:19:05 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 24,576 2008-01-07 16:18:52 C:\Program Files\D-Link\DGE-530T\dlnetst .exe
----a-w 132,496 2008-01-07 16:18:56 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 28,672 2008-01-07 16:18:50 C:\Program Files\Logitech\MouseWare\system\EM_EXEC .EXE
----a-w 94,208 2008-01-07 16:18:50 C:\Program Files\Microsoft Hardware\Keyboard\type32 .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-07_13.10.34.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2006-08-17 12:29:49 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 12:18:35 360,576 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 16:53:32 360,832 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 12:18:35 360,576 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ------w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 11:31 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 18:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Louise Paquette^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Louise Paquette\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-06 15:50 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
"C-Media Mixer"=Mixer.exe /startup
"PWatcher"="D:\PrivacyWatcher\PWatcher.exe" /min
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
"nwiz"=nwiz.exe /install
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-09-02 12:40]
R3 m4cxwxp;NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys [2003-08-26 17:23]
S2 X4HSX32;X4HSX32;C:\Program Files\MANIA\X4HSX32.Sys []
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-23 10:59]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 SkLaggProtocol;Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\sklagg.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 21:02]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-23 12:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c25cc03f-3cd2-11db-b253-001195d72ae3}]
\Shell\AutoRun\command - RavMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\system32\msnvl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-04 22:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 13:07:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 13:09:06
ComboFix-quarantined-files.txt 2008-01-10 18:08:58
.
2008-01-09 07:59:35 --- E O F ---
voici le rapport:
ComboFix 08-01-07.5 - *****2008-01-10 13:01:48.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.243 [GMT -5:00]
Running from: C:\Documents and Settings\*****\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 02:58 . 2008-01-09 02:58 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-07 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 11:46 . 2008-01-07 18:23 <REP> d-------- C:\VundoFix Backups
2008-01-07 11:21 . 2008-01-07 11:21 <REP> d-------- C:\Program Files\Avira
2008-01-07 11:21 . 2008-01-07 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-07 10:32 . 2008-01-07 10:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-29 14:17 . 2007-12-29 14:17 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-29 14:17 . 2007-12-29 14:17 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-29 14:16 . 2006-09-22 10:17 40 --a------ C:\WINDOWS\RUNAWAY2.INI
2007-12-29 14:03 . 2007-12-29 14:03 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-27 15:03 . 2008-01-10 11:48 <REP> d-------- C:\Desf
2007-12-24 11:51 . 2007-12-24 11:51 <REP> d-------- C:\Program Files\CCleaner
2007-12-20 19:23 . 2007-12-24 15:24 <REP> d-------- C:\Program Files\PokerStars.NET
2007-12-20 12:55 . 2007-12-20 12:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-20 12:53 . 2007-12-20 12:53 <REP> d-------- C:\WINDOWS\system32\su2
2007-12-20 12:53 . 2007-12-20 19:18 <REP> d-------- C:\WINDOWS\system32\pi3
2007-12-20 12:53 . 2007-12-20 12:53 <REP> d-------- C:\WINDOWS\system32\eu1
2007-12-20 12:52 . 2007-12-20 12:52 <REP> d-------- C:\WINDOWS\system32\daSgo18
2007-12-20 12:50 . 2007-12-20 16:56 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 14:25 . 2007-12-11 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-12-11 13:31 . 2007-12-11 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-12-11 09:14 . 2007-12-11 09:14 <REP> d-------- C:\Documents and Settings\*****\Application Data\Flood Light Games
2007-12-11 09:14 . 2007-12-11 09:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-30 03:28 --------- d-----w C:\Documents and Settings\*****\Application Data\FlashFXP
2008-01-09 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 05:18 116,608 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-09 05:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-29 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 00:40 --------- d-----w C:\Documents and Settings\*****\Application Data\Lionhead Studios
2007-12-20 22:01 --------- d-----w C:\Documents and Settings\*****\Application Data\LimeWire
2007-12-13 16:24 --------- d-----w C:\Documents and Settings\*****\Application Data\PlayFirst
2007-12-13 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-08 15:53 --------- d-----w C:\Documents and Settings\*****\Application Data\AdobeUM
2007-12-07 23:35 --------- d-----w C:\Program Files\Google
2007-12-07 23:28 --------- d-----w C:\Program Files\Audacity
2007-12-07 23:26 --------- d-----w C:\Program Files\Copernic Agent
2007-12-06 22:04 --------- d-----w C:\Documents and Settings\*****\Application Data\Grisoft
2007-12-06 14:15 46,080 -c--a-w C:\WINDOWS\system32\ftp.exe
2007-12-02 20:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-02 20:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-29 23:06 69,816 -c--a-w C:\Documents and Settings\*****\Application Data\GDIPFONTCACHEV1.DAT
2007-11-25 00:53 --------- d-----w C:\Program Files\Camfrog
2007-11-22 20:43 --------- d-----w C:\Documents and Settings\*****\Application Data\Leadertech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-15 18:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2006-07-24 16:58 1 -c--a-w C:\Documents and Settings\*****\SI.bin
2005-04-27 13:04 6,656 -csha-w C:\Program Files\Fichiers communs\Thumbs.db
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
[code]<pre>
----a-w 313,472 2008-01-07 16:19:05 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 24,576 2008-01-07 16:18:52 C:\Program Files\D-Link\DGE-530T\dlnetst .exe
----a-w 132,496 2008-01-07 16:18:56 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 28,672 2008-01-07 16:18:50 C:\Program Files\Logitech\MouseWare\system\EM_EXEC .EXE
----a-w 94,208 2008-01-07 16:18:50 C:\Program Files\Microsoft Hardware\Keyboard\type32 .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-07_13.10.34.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2006-08-17 12:29:49 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 12:18:35 360,576 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 16:53:32 360,832 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 12:18:35 360,576 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ------w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 11:31 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 18:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Louise Paquette^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Louise Paquette\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-06 15:50 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
"C-Media Mixer"=Mixer.exe /startup
"PWatcher"="D:\PrivacyWatcher\PWatcher.exe" /min
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
"nwiz"=nwiz.exe /install
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-09-02 12:40]
R3 m4cxwxp;NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys [2003-08-26 17:23]
S2 X4HSX32;X4HSX32;C:\Program Files\MANIA\X4HSX32.Sys []
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-23 10:59]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\LOUISE~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 SkLaggProtocol;Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\sklagg.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 21:02]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-23 12:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c25cc03f-3cd2-11db-b253-001195d72ae3}]
\Shell\AutoRun\command - RavMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\system32\msnvl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-04 22:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 13:07:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 13:09:06
ComboFix-quarantined-files.txt 2008-01-10 18:08:58
.
2008-01-09 07:59:35 --- E O F ---
salut,
voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 12:18:33, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Desf\ccm.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 12:18:33, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Desf\ccm.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
