Security Warning

Résolu
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   -  
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Je viens de choper un virus qui apparait ss la forme du barre d'outil "remove popups", "scan spyware", security test, spam protection.
De plus, des fenetres intempestives d'alertes spy ne font que d'apparaitre.

Le rapport smitfraudfix donne:

SmitFraudFix v2.274

Scan done at 21:02:45.90, Mon 01/07/2008
Run from C:\Documents and Settings\PELISSIER\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\roqqtyk.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PELISSIER


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PELISSIER\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PELISS~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 202.188.1.5
DNS Server Search Order: 202.188.0.133

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 202.188.1.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{20893F40-D29E-4A93-94AB-66CBD5E7A692}: NameServer=202.188.1.5,202.188.0.133
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD676CCE-EB44-42E9-94AE-A07AE7A2EB1F}: DhcpNameServer=192.168.2.1 202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{20893F40-D29E-4A93-94AB-66CBD5E7A692}: NameServer=202.188.1.5,202.188.0.133
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD676CCE-EB44-42E9-94AE-A07AE7A2EB1F}: DhcpNameServer=192.168.2.1 202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{20893F40-D29E-4A93-94AB-66CBD5E7A692}: NameServer=202.188.1.5,202.188.0.133
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 202.188.0.133 202.188.1.5


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



mais comme je ne connais rien a rien, je n'ose pas aller plus loin.
J'ai telecharge Highjackthis, mais apres, koi faire????
Please help...................

Merci d'avance a mon bienfaiteur
GEGE
A voir également:

33 réponses

Précédent
  • 1
  • 2
Réponse 21 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
hello,

effectivement ce n'est pas facile du tout. Perso je suis là tous les soirs (horaires de France) vers 21 h jusqu'à minuit environ
pour la journée c'est aléatoire en ce qui me concern.

on essaye de continuer

* Télécharge sur ton bureau RHosts (Merci à S!ri)
http://siri.urz.free.fr/Softs/RHosts.exe

* Double-clique sur Rhosts.exe et clique sur "restaurer"


et ceci
* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT

*désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis

* Double clique combofix.exe.

* Tape sur la touche Y (Yes) pour démarrer le scan.

* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt


reposte également un nouveau rapport hijackthis stp


0
Réponse 22 / 33
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   2
 
ComboFix 08-01-10.2 - PELISSIER 2008-01-10 17:29:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT 8:00]
Running from: C:\Documents and Settings\PELISSIER\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\dxpvqlmqng.dll
C:\WINDOWS\ensfolr.dll
C:\WINDOWS\foxflpd.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 11:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 23:46 . 2008-01-09 23:46 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-09 16:27 . 2008-01-09 16:27 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-09 09:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-08 19:52 . 2008-01-10 11:29 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-08 19:52 . 2008-01-08 19:52 <DIR> d-------- C:\Program Files\Crawler
2008-01-08 19:52 . 2008-01-10 11:29 <DIR> d-------- C:\Documents and Settings\PELISSIER\Application Data\Spyware Terminator
2008-01-08 19:52 . 2008-01-09 10:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-08 19:33 . 2008-01-08 19:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 09:56 . 2008-01-08 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 21:33 . 2008-01-07 22:55 <DIR> d-------- C:\Program Files\Navilog1
2008-01-07 20:34 . 2008-01-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-07 19:54 . 2008-01-07 19:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-07 19:54 . 2008-01-07 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 19:53 . 2008-01-07 19:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 19:53 . 2008-01-09 09:51 4,444 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-07 19:52 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-07 19:52 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-07 19:52 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-07 19:52 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-07 19:52 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-07 19:42 . 2008-01-07 19:42 164 --a------ C:\install.dat
2008-01-07 18:49 . 2008-01-07 19:13 <DIR> d-------- C:\Program Files\XP Antivirus
2008-01-07 16:45 . 2008-01-07 16:45 <DIR> d--hs---- C:\TrustedAntivirus
2008-01-07 16:45 . 2008-01-07 16:45 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-07 16:45 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-07 14:09 . 2008-01-07 19:53 <DIR> d-------- C:\Program Files\Divers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
2008-01-10 02:55 5 ----a-w C:\NPF_USER.DAT
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 13:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-01 13:38 --------- d-----w C:\Documents and Settings\PELISSIER\Application Data\dvdcss
2007-11-19 13:05 22,625,064 ----a-w C:\Program Files\SkypeSetup.exe
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 10:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-09 10:16 502 ----a-w C:\Program Files\mobile.fnac[1]
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 12:35 426,823 ----a-w C:\fsgReversiSetup.exe
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 09:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 09:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 06:13 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-09-03 02:22 16,429,768 ----a-w C:\Program Files\setupfre.exe
2007-08-17 02:47 50,005,304 ----a-w C:\Program Files\iTunesSetup.exe
2007-04-04 15:58 9,453,630 -c--a-w C:\Program Files\vlc-0.8.6a-win32.exe
2007-04-03 07:47 3,467,080 -c--a-w C:\Program Files\BFINSTALL.exe
2007-03-29 14:56 1,127,307 ----a-w C:\Program Files\wrar362fr.exe
2007-03-29 09:22 643,144 ----a-w C:\Program Files\xvid-binaries_xvid_binaries_1.1.2_anglais_12459.exe
2007-03-06 07:07 2,683,984 ----a-w C:\Program Files\ccsetup137.exe
2006-11-14 02:39 2,064,128 -c--a-w C:\Program Files\CuteWriter.exe
2006-11-07 08:52 606 ----a-w C:\Program Files\Shortcut to picasaweb-current-setup.lnk
2006-11-06 08:33 4,912,968 -c--a-w C:\Program Files\picasaweb-current-setup.exe
2006-11-06 04:32 16,332,072 -c--a-w C:\Program Files\Install_Messenger_nous.exe
2006-02-18 19:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 20:21 1204224]
"FlyAway"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 15:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 15:26 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 14:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 13:26 88365 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-18 15:57 188416]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 17:03 761946]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-10 01:53 81920]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-09 00:20 69632]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-06 03:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-29 02:41 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-29 02:47 569413]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [2006-02-21 15:00 331776]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2006-02-17 07:34 53248]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-01-03 20:20 122940]
"DispSwitchLauncher"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2005-07-21 06:23 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-06 07:38 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 09:48 275800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-09 09:46 2834432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 09:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
NPF Messenger.lnk - C:\Program Files\Norman\NPF\NPFMSG.EXE [2006-11-01 11:51:15]

R0 FJGPNV;FJGPNV;C:\WINDOWS\system32\drivers\FJGPNV.SYS [2003-01-16 02:35]
R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-09 16:27]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
R2 FlashDrv;FlashDrv;C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys [2005-07-22 05:56]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 06:13]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 20:15]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-18 15:08]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2372d3be-a82f-11db-9e41-001302d0edc4}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c93239-508f-11dc-9f5e-001302d0edc4}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93de3ffe-5c2b-11dc-9f68-001302d0edc4}]
\Shell\Auto\command - F:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96527923-4967-11dc-9f54-001302d0edc4}]
\Shell\Auto\command - G:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 07:44:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 08:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 17:33:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 17:34:07
ComboFix-quarantined-files.txt 2008-01-10 09:34:05
.
2008-01-09 15:46:43 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:48 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\NPF\npfmsg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] "C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DispSwitchLauncher] "C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NPF Messenger.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20893F40-D29E-4A93-94AB-66CBD5E7A692}: NameServer = 202.188.1.5,202.188.0.133
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 23 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonsoir,
<
tu avais NORMAN avant comme antivirus ? il n'est pas correctement désinstallé, il en reste des traces
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE

* télécharge ERUNT pour sauvegarder ta base de registre
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm

ensuite

Sélectionne le texte suivant : 
registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93de3f fe-5c2b-11dc-9f68-001302d0edc4}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{965279 23-4967-11dc-9f54-001302d0edc4}]


# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


0
Réponse 24 / 33
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,
En effet, j'ai mtnt plusieurs antivirus/spy... et je ne sais mm pas si j'en ai bien un de tres efficace.

J'ai essaye ce que tu m'as demande de faire, mais pas sure d'y etre parvenue correctement. je log tt de mm.

En tout etat de cause, le virus ne semble plus present/agacant, DONC MERCI DE TON AIDE.

Pour ce qui est de la nettete de mon ordi, pas bien convaincue !!! Puis-je ensuite supprimer les utilitaires de nettoyage?

ComboFix 08-01-10.2 - PELISSIER 2008-01-11 11:19:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT 8:00]
Running from: C:\Documents and Settings\PELISSIER\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-10 11:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 23:46 . 2008-01-09 23:46 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-09 16:27 . 2008-01-09 16:27 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-09 09:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-08 19:52 . 2008-01-10 11:29 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-08 19:52 . 2008-01-10 11:29 <DIR> d-------- C:\Documents and Settings\PELISSIER\Application Data\Spyware Terminator
2008-01-08 19:52 . 2008-01-09 10:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-08 19:33 . 2008-01-08 19:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 09:56 . 2008-01-08 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 21:33 . 2008-01-07 22:55 <DIR> d-------- C:\Program Files\Navilog1
2008-01-07 20:34 . 2008-01-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-07 19:54 . 2008-01-07 19:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-07 19:54 . 2008-01-07 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 19:53 . 2008-01-07 19:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 19:53 . 2008-01-09 09:51 4,444 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-07 19:52 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-07 19:52 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-07 19:52 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-07 19:52 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-07 19:52 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-07 19:42 . 2008-01-07 19:42 164 --a------ C:\install.dat
2008-01-07 18:49 . 2008-01-07 19:13 <DIR> d-------- C:\Program Files\XP Antivirus
2008-01-07 16:45 . 2008-01-07 16:45 <DIR> d--hs---- C:\TrustedAntivirus
2008-01-07 16:45 . 2008-01-07 16:45 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-07 16:45 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-07 14:09 . 2008-01-07 19:53 <DIR> d-------- C:\Program Files\Divers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
2008-01-11 02:01 5 ----a-w C:\NPF_USER.DAT
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 13:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-01 13:38 --------- d-----w C:\Documents and Settings\PELISSIER\Application Data\dvdcss
2007-11-19 13:05 22,625,064 ----a-w C:\Program Files\SkypeSetup.exe
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 10:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-09 10:16 502 ----a-w C:\Program Files\mobile.fnac[1]
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 12:35 426,823 ----a-w C:\fsgReversiSetup.exe
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 09:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 09:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 06:13 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-09-03 02:22 16,429,768 ----a-w C:\Program Files\setupfre.exe
2007-08-17 02:47 50,005,304 ----a-w C:\Program Files\iTunesSetup.exe
2007-04-04 15:58 9,453,630 -c--a-w C:\Program Files\vlc-0.8.6a-win32.exe
2007-04-03 07:47 3,467,080 -c--a-w C:\Program Files\BFINSTALL.exe
2007-03-29 14:56 1,127,307 ----a-w C:\Program Files\wrar362fr.exe
2007-03-29 09:22 643,144 ----a-w C:\Program Files\xvid-binaries_xvid_binaries_1.1.2_anglais_12459.exe
2007-03-06 07:07 2,683,984 ----a-w C:\Program Files\ccsetup137.exe
2006-11-14 02:39 2,064,128 -c--a-w C:\Program Files\CuteWriter.exe
2006-11-07 08:52 606 ----a-w C:\Program Files\Shortcut to picasaweb-current-setup.lnk
2006-11-06 08:33 4,912,968 -c--a-w C:\Program Files\picasaweb-current-setup.exe
2006-11-06 04:32 16,332,072 -c--a-w C:\Program Files\Install_Messenger_nous.exe
2006-02-18 19:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 20:21 1204224]
"FlyAway"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 15:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 15:26 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 14:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 13:26 88365 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-18 15:57 188416]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 17:03 761946]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-10 01:53 81920]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-09 00:20 69632]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-06 03:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-29 02:41 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-29 02:47 569413]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [2006-02-21 15:00 331776]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2006-02-17 07:34 53248]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-01-03 20:20 122940]
"DispSwitchLauncher"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2005-07-21 06:23 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-06 07:38 707360]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 09:48 275800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-09 09:46 2834432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 09:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
NPF Messenger.lnk - C:\Program Files\Norman\NPF\NPFMSG.EXE [2006-11-01 11:51:15]

R0 FJGPNV;FJGPNV;C:\WINDOWS\system32\drivers\FJGPNV.SYS [2003-01-16 02:35]
R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-09 16:27]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
R2 FlashDrv;FlashDrv;C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys [2005-07-22 05:56]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 06:13]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 20:15]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-18 15:08]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2372d3be-a82f-11db-9e41-001302d0edc4}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c93239-508f-11dc-9f5e-001302d0edc4}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93de3ffe-5c2b-11dc-9f68-001302d0edc4}]
\Shell\Auto\command - F:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96527923-4967-11dc-9f54-001302d0edc4}]
\Shell\Auto\command - G:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 07:44:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 02:56:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 11:22:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 11:23:15
ComboFix2.txt 2008-01-11 03:12:29
.
2008-01-09 15:46:43 --- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonjour

pourrais tu me dire à quoi correspond chez toi le F et le G stp
partitions ou DD externe ?
0
Réponse 26 / 33
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   2
 
OUI DD externe c'est ca!
Y a un pb dessus?

Merci
0
Réponse 27 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
disons que ceci me dérange 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93de3f fe-5c2b-11dc-9f68-001302d0edc4}]
\Shell\Auto\command - F:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{965279 23-4967-11dc-9f54-001302d0edc4}]
\Shell\Auto\command - G:\SVCH.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e



SVCH.exe e
http://www.castlecops.com/s15276-svch_exe.html

pourrais tu les scanner stp par un scan en ligne par exemple.

0
Réponse 28 / 33
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   2
 
Je me sens un peu bete mais je ne vois pas ou cliquer pour lancer le scan sur le site que tu m'as donne.
Stp peux tu me decrire

MERCI
0
Réponse 29 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonsoir,

le lien que je t'ai donné, c'est juste pour te faire voir à quoi correspond l'exe qui me dérange.

essaye sur
VIRUS TOTAL
http://www.virustotal.com/en/indexf.html

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

F:\SVCH.exe e
G:\SVCH.exe e

poste le rapport ici ensuite
0
Réponse 30 / 33
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonsoir,

je suis bien incapable d'identifier le fichier a scanner, sur F: ou G: (G: etant d'ailleurs une Carte SD!!!).
Comprends pas...
0
Réponse 31 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonjur

alors laisse tomber.
As tu encore des soucis ?
0
Réponse 32 / 33
gegepe Messages postés 37 Date d'inscription   Statut Membre Dernière intervention   2
 
Bonjour,

Non c'est vraiment mieux et je t'en remercie.
Par contre, je suis mtnt encombree de pleins d'anti spy et companie.
Puis-je les desinstaller?

Merci encore de ton aide.

Geraldine
0
Réponse 33 / 33
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonjour,

oui bien sûr on va te débarrasser de tout ça.

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
# Double clique sur ToolsCleaner2.exe >
# Clique sur .Recherche
# puis sur Suppression quand la liste est trouvée.
# Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

puis IMPORTANT

* démarrer-----------panneau de configuration------------système----------
onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
redémarre l'ordinateur
réactive la ensuite
http://pageperso.aol.fr/loraline60/desactiver_restauration_systeme.htm

.

* Pour améliorer la sécurité de ton PC prend quelques instants pour lire

CECI

bonne fin de journée

0

Discussions similaires

SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Security Health Service qui pompe 25% de mon CPU
mimirte -
bazfile -

6 réponses