Sujet Précédent Sujet Suivant

Probleme OUTERINFO

Résolu/Fermé
Cromoszone - 23 janv. 2008 à 11:00
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 26 janv. 2008 à 15:51
Bonjour la Communauté,

Depuis 1 semaine je me bats désesperement contre Outerinfo... J' ai deja tout essayé !!! Pas moyen d'enlever cette Sal*******
Quelqu'un pourrait-il me donner un petit coup de main
Merci

Cromoszone

52 réponses

Réponse 1 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 11:32
salut,

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+
0
Réponse 2 / 52
Cromoszone
23 janv. 2008 à 13:03
Voici le rapport :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:59, on 23/01/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\RACLE~1\tracert.exe
D:\Program Files\Azureus\Azureus.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Windows Media Player\wmplayer.exe
I:\Program Files\Windows Live\installer\WLSetupSvc.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\WINDOWS\system32\??stem\??anregw.exe
I:\WINDOWS\system32\ntvdm.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1043A517-678C-1004-ABCD-60A39DF7AAB9} - I:\WINDOWS\system32\fmbx.dll
O2 - BHO: (no name) - {50668359-7826-4826-9888-2FCC61FEE1EB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Osbn] "I:\WINDOWS\system32\RACLE~1\tracert.exe" -vt ndrv
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
0
Réponse 3 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 13:08
aïe...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
0
Réponse 4 / 52
cromoszone
23 janv. 2008 à 13:54
Le AIE.... annonce le malheur ou tu t'es fais mal ?

rapport COMBOFIX :

ComboFix 08-01-23.2 - ED 2008-01-23 13:45:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759 [GMT 1:00]
Running from: I:\Documents and Settings\ED\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
I:\Program Files\outerinfo
I:\Program Files\outerinfo\FF\chrome.manifest
I:\Program Files\outerinfo\FF\components\FF.dll
I:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
I:\Program Files\outerinfo\FF\install.rdf
I:\Program Files\outerinfo\Terms.rtf
I:\Program Files\Temporary
I:\WINDOWS\system32\drivers\npf.sys
I:\WINDOWS\system32\fmbx.dll
I:\WINDOWS\system32\packet.dll
I:\WINDOWS\system32\racle~1
I:\WINDOWS\system32\racle~1\?racle\
I:\WINDOWS\system32\stem~1
I:\WINDOWS\system32\stem~1\??anregw.exe
I:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF




((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 13:35 . 2000-08-31 08:00 51,200 --a------ I:\WINDOWS\Nircmd.exe
2008-01-23 13:01 . 2008-01-23 13:01 <DIR> d-------- I:\Program Files\Trend Micro
2008-01-23 12:47 . 1996-01-09 10:38 283,648 --a------ I:\WINDOWS\uninst.exe
2008-01-22 23:42 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-01-22 23:42 . 2007-07-30 19:19 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:21 . 2008-01-22 21:21 <DIR> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-01-22 11:51 . 2008-01-22 11:51 <DIR> d-------- I:\Program Files\illiminable
2008-01-22 10:30 . 2008-01-22 21:21 <DIR> d--hsc--- I:\Program Files\Common Files\WindowsLiveInstaller
2008-01-22 10:29 . 2008-01-22 21:21 <DIR> d-------- I:\Program Files\Windows Live
2008-01-22 10:29 . 2008-01-22 10:29 <DIR> d-------- I:\Program Files\Bonjour
2008-01-22 10:18 . 2008-01-22 10:18 <DIR> d-------- I:\Program Files\Common Files\Macrovision Shared
2008-01-21 11:32 . 2008-01-21 11:32 <DIR> d-------- I:\WINDOWS\system32\Adobe
2008-01-21 11:32 . 2004-08-17 02:40 16,384 --a------ I:\WINDOWS\system32\FileOps.exe
2008-01-21 11:18 . 2008-01-21 11:18 <DIR> d-------- I:\WINDOWS\Sun
2008-01-21 11:16 . 2007-09-24 23:31 69,632 --a------ I:\WINDOWS\system32\javacpl.cpl
2008-01-21 11:15 . 2008-01-21 11:16 <DIR> d-------- I:\Program Files\Java
2008-01-21 11:14 . 2008-01-21 11:14 <DIR> d-------- I:\Program Files\Common Files\Java
2008-01-21 10:02 . 2008-01-22 11:39 <DIR> d-------- I:\Program Files\Common Files\Adobe
2008-01-21 09:40 . 2008-01-21 12:11 <DIR> d-------- I:\VundoFix Backups
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a------ I:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a--c--- I:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a------ I:\WINDOWS\system32\drivers\splitter.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a--c--- I:\WINDOWS\system32\dllcache\splitter.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a------ I:\WINDOWS\system32\drivers\DMusic.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a--c--- I:\WINDOWS\system32\dllcache\dmusic.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a------ I:\WINDOWS\system32\drivers\swmidi.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a--c--- I:\WINDOWS\system32\dllcache\swmidi.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a------ I:\WINDOWS\system32\drivers\portcls.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a--c--- I:\WINDOWS\system32\dllcache\portcls.sys
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a------ I:\WINDOWS\system32\ksproxy.ax
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a--c--- I:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a------ I:\WINDOWS\system32\drivers\drmk.sys
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a--c--- I:\WINDOWS\system32\dllcache\drmk.sys
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a------ I:\WINDOWS\system32\ksuser.dll
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a--c--- I:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d-------- I:\Program Files\Analog Devices
2008-01-21 09:22 . 2008-01-21 09:22 <DIR> d-------- I:\Program Files\Common Files\InstallShield
2008-01-21 09:18 . 2008-01-21 09:18 <DIR> d-------- I:\Program Files\Avira
2008-01-21 09:16 . 2008-01-23 13:44 2,878 --a------ I:\WINDOWS\wincmd.ini
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\UC.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\RAR.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKUNZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\NOCLOSE.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\LHA.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\ARJ.PIF
2008-01-21 09:09 . 2008-01-21 09:29 <DIR> d-------- I:\Program Files\Dot1XCfg
2008-01-21 09:03 . 2008-01-21 09:03 <DIR> d--h----- I:\Program Files\Uninstall Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:50 --------- d-----w I:\Program Files\microsoft frontpage
2008-01-21 07:49 --------- d-----w I:\Program Files\Windows Media Connect 2
2007-12-29 14:43 96,512 ----a-w I:\WINDOWS\system32\drivers\atapi.sys
2007-12-29 14:43 96,384 ----a-w I:\WINDOWS\system32\drivers\scsiport.sys
2007-12-29 14:43 80,128 ----a-w I:\WINDOWS\system32\drivers\parport.sys
2007-12-29 14:43 79,232 ----a-w I:\WINDOWS\system32\drivers\sdbus.sys
2007-12-29 14:43 71,168 ----a-w I:\WINDOWS\system32\drivers\dxg.sys
2007-12-29 14:43 7,168 ----a-w I:\WINDOWS\system32\hccoin.dll
2007-12-29 14:43 68,224 ----a-w I:\WINDOWS\system32\drivers\pci.sys
2007-12-29 14:43 64,512 ----a-w I:\WINDOWS\system32\drivers\serial.sys
2007-12-29 14:43 63,744 ----a-w I:\WINDOWS\system32\drivers\mf.sys
2007-12-29 14:43 62,976 ----a-w I:\WINDOWS\system32\drivers\cdrom.sys
2007-12-29 14:43 61,824 ----a-w I:\WINDOWS\system32\drivers\nic1394.sys
2007-12-29 14:43 60,800 ----a-w I:\WINDOWS\system32\drivers\arp1394.sys
2007-12-29 14:43 59,520 ----a-w I:\WINDOWS\system32\drivers\usbhub.sys
2007-12-29 14:43 52,736 ----a-w I:\WINDOWS\system32\wzcsapi.dll
2007-12-29 14:43 52,480 ----a-w I:\WINDOWS\system32\drivers\i8042prt.sys
2007-12-29 14:43 52,224 ----a-w I:\WINDOWS\system32\dmutil.dll
2007-12-29 14:43 483,840 ----a-w I:\WINDOWS\system32\wzcsvc.dll
2007-12-29 14:43 47,616 ----a-w I:\WINDOWS\system32\iyuv_32.dll
2007-12-29 14:43 47,104 ----a-w I:\WINDOWS\system32\cnbjmon.dll
2007-12-29 14:43 42,752 ----a-w I:\WINDOWS\system32\drivers\p3.sys
2007-12-29 14:43 42,112 ----a-w I:\WINDOWS\system32\drivers\imapi.sys
2007-12-29 14:43 4,352 ----a-w I:\WINDOWS\system32\drivers\swenum.sys
2007-12-29 14:43 37,760 ----a-w I:\WINDOWS\system32\drivers\amdk7.sys
2007-12-29 14:43 37,376 ----a-w I:\WINDOWS\system32\drivers\amdk6.sys
2007-12-29 14:43 37,248 ----a-w I:\WINDOWS\system32\drivers\isapnp.sys
2007-12-29 14:43 36,864 ----a-w I:\WINDOWS\system32\drivers\hidclass.sys
2007-12-29 14:43 36,736 ----a-w I:\WINDOWS\system32\drivers\crusoe.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\intelppm.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\disk.sys
2007-12-29 14:43 35,840 ----a-w I:\WINDOWS\system32\drivers\processr.sys
2007-12-29 14:43 35,328 ----a-w I:\WINDOWS\system32\pid.dll
2007-12-29 14:43 30,208 ----a-w I:\WINDOWS\system32\drivers\usbehci.sys
2007-12-29 14:43 30,080 ----a-w I:\WINDOWS\system32\drivers\modem.sys
2007-12-29 14:43 27,392 ----a-w I:\WINDOWS\system32\drivers\fdc.sys
2007-12-29 14:43 264,832 ----a-w I:\WINDOWS\system32\drivers\http.sys
2007-12-29 14:43 25,728 ----a-w I:\WINDOWS\system32\drivers\usbcamd2.sys
2007-12-29 14:43 25,600 ----a-w I:\WINDOWS\system32\drivers\usbcamd.sys
2007-12-29 14:43 25,344 ----a-w I:\WINDOWS\system32\drivers\sonydcam.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\pciidex.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\hidparse.sys
2007-12-29 14:43 24,576 ----a-w I:\WINDOWS\system32\drivers\kbdclass.sys
2007-12-29 14:43 23,040 ----a-w I:\WINDOWS\system32\drivers\mouclass.sys
2007-12-29 14:43 20,992 ----a-w I:\WINDOWS\system32\hid.dll
2007-12-29 14:43 20,608 ----a-w I:\WINDOWS\system32\drivers\usbuhci.sys
2007-12-29 14:43 20,480 ----a-w I:\WINDOWS\system32\drivers\flpydisk.sys
2007-12-29 14:43 2,306,560 ----a-w I:\WINDOWS\system32\ntoskrnl.exe
2007-12-29 14:43 2,185,216 ----a-w I:\WINDOWS\system32\ntkrnlpa.exe
2007-12-29 14:43 193,024 ----a-w I:\WINDOWS\system32\fsquirt.exe
2007-12-29 14:43 187,776 ----a-w I:\WINDOWS\system32\drivers\acpi.sys
2007-12-29 14:43 16,896 ----a-w I:\WINDOWS\system32\msyuv.dll
2007-12-29 14:43 15,872 ----a-w I:\WINDOWS\system32\drivers\usbintel.sys
2007-12-29 14:43 15,744 ----a-w I:\WINDOWS\system32\drivers\serenum.sys
2007-12-29 14:43 15,488 ----a-w I:\WINDOWS\system32\drivers\mssmbios.sys
2007-12-29 14:43 15,360 ----a-w I:\WINDOWS\system32\pjlmon.dll
2007-12-29 14:43 143,872 ----a-w I:\WINDOWS\system32\drivers\usbport.sys
2007-12-29 14:43 14,592 ----a-w I:\WINDOWS\system32\drivers\ndisuio.sys
2007-12-29 14:43 120,192 ----a-w I:\WINDOWS\system32\drivers\pcmcia.sys
2007-12-29 14:43 12,288 ----a-w I:\WINDOWS\system32\drivers\tunmp.sys
2007-12-29 14:43 11,904 ----a-w I:\WINDOWS\system32\drivers\sffdisk.sys
2007-12-29 14:43 11,392 ----a-w I:\WINDOWS\system32\drivers\sfloppy.sys
2007-12-29 14:43 11,008 ----a-w I:\WINDOWS\system32\drivers\sffp_sd.sys
2007-12-29 14:43 108,032 ----a-w I:\WINDOWS\system32\wshbth.dll
2007-12-29 14:43 10,368 ----a-w I:\WINDOWS\system32\drivers\hidusb.sys
2007-12-29 14:43 10,240 ----a-w I:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-12-29 14:43 1,613,824 ----a-w I:\WINDOWS\system32\sfcfiles.dll
2007-12-29 14:36 86,073 ----a-w I:\WINDOWS\system32\usrfaxa.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\tsbyuv.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\streamci.dll
2007-12-29 14:36 77,891 ----a-w I:\WINDOWS\system32\usrmlnka.exe
2007-12-29 14:36 77,890 ----a-w I:\WINDOWS\system32\usrdpa.dll
2007-12-29 14:36 77,883 ----a-w I:\WINDOWS\system32\usrrtosa.dll
2007-12-29 14:36 72,192 ----a-w I:\WINDOWS\system32\sprio800.dll
2007-12-29 14:36 70,656 ----a-w I:\WINDOWS\system32\sprio600.dll
2007-12-29 14:36 69,700 ----a-w I:\WINDOWS\system32\usrshuta.exe
2007-12-29 14:36 69,699 ----a-w I:\WINDOWS\system32\usrcoina.dll
2007-12-29 14:36 69,632 ----a-w I:\WINDOWS\system32\spnike.dll
2007-12-29 14:36 61,508 ----a-w I:\WINDOWS\system32\usrprbda.exe
2007-12-29 14:36 61,500 ----a-w I:\WINDOWS\system32\usrcntra.dll
2007-12-29 14:36 58,112 ----a-w I:\WINDOWS\system32\drivers\vdmindvd.sys
2007-12-29 14:36 55,296 ----a-w I:\WINDOWS\system32\dvdplay.exe
2007-12-29 14:36 53,305 ----a-w I:\WINDOWS\system32\usrlbva.dll
2007-12-29 14:36 51,712 ----a-w I:\WINDOWS\system32\drivers\tosdvd.sys
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrvpa.dll
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrsdpia.dll
2007-12-29 14:36 49,209 ----a-w I:\WINDOWS\system32\usrv80a.dll
2007-12-29 14:36 45,116 ----a-w I:\WINDOWS\system32\usrvoica.dll
2007-12-29 14:36 41,019 ----a-w I:\WINDOWS\system32\usrsvpia.dll
2007-12-29 14:36 4,736 ----a-w I:\WINDOWS\system32\drivers\usbd.sys
2007-12-29 14:36 323,641 ----a-w I:\WINDOWS\system32\usrdtea.dll
2007-12-29 14:36 3,456 ----a-w I:\WINDOWS\system32\drivers\oprghdlr.sys
2007-12-29 14:36 3,328 ----a-w I:\WINDOWS\system32\drivers\pciide.sys
2007-12-29 14:36 3,200 ----a-w I:\WINDOWS\system32\wowfax.dll
2007-12-29 14:36 262,528 ----a-w I:\WINDOWS\system32\drivers\cinemst2.sys
2007-12-29 14:36 21,376 ----a-w I:\WINDOWS\system32\drivers\tsbvcap.sys
2007-12-29 14:36 18,688 ----a-w I:\WINDOWS\system32\drivers\cdaudio.sys
2007-12-29 14:36 157,696 ----a-w I:\WINDOWS\system32\paqsp.dll
2007-12-29 14:36 147,968 ----a-w I:\WINDOWS\system32\mdwmdmsp.dll
2007-12-29 14:36 13,952 ----a-w I:\WINDOWS\system32\drivers\cbidf2k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="D:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"Osbn"="I:\WINDOWS\system32\RACLE~1\tracert.exe" [ ]
"Windows Updates"="c:\windows\system\Update.exe" [2008-01-06 13:59 520192]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Updates"="svehost.exe" []
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-21 09:20 249896]
"SoundMAXPnP"="I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Updates"="c:\windows\system\Update.exe" [2008-01-06 13:59 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-12-29 15:01 123904 I:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 13:46:21
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 14:10
je prefere rien te dire, juste que c´est deja mieux...
post un nouveau hijack this stp
@+
0
Réponse 6 / 52
cromoszone
23 janv. 2008 à 14:14
rapport Hijackthis! n°2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13, on 2008-01-23
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
I:\Program Files\Windows Media Player\wmplayer.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Osbn] "I:\WINDOWS\system32\RACLE~1\tracert.exe" -vt ndrv
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
0
Réponse 7 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 14:30
re,

Copie le texte ci-dessous :

File::
c:\windows\system\Update.exe
I:\WINDOWS\system32\RACLE~1\tracert.exe
c:\windows\system\svehost.exe
I:\WINDOWS\system32\svehost.exe

Folder::
I:\VundoFix Backups

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"=-
"Osbn"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Updates"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-
"nltide_3"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt2 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 8 / 52
cromoszone
23 janv. 2008 à 14:51
Pas de redemarrage Voici les rapports :

ComboFix 08-01-23.2 - ED 2008-01-23 14:41:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.658 [GMT 1:00]
Running from: I:\Documents and Settings\ED\Desktop\ComboFix.exe
Command switches used :: F:\TEMP DOWNLOAD\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
c:\windows\system\svehost.exe
c:\windows\system\Update.exe
I:\WINDOWS\system32\RACLE~1\tracert.exe
I:\WINDOWS\system32\svehost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\Update.exe
I:\VundoFix Backups
I:\VundoFix Backups\gfhkj.ini.bad
I:\VundoFix Backups\gfhkj.ini2.bad
I:\VundoFix Backups\jkhfg.dll.bad
.
---- Previous Run -------
.
I:\Program Files\outerinfo
I:\Program Files\outerinfo\FF\chrome.manifest
I:\Program Files\outerinfo\FF\components\FF.dll
I:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
I:\Program Files\outerinfo\FF\install.rdf
I:\Program Files\outerinfo\Terms.rtf
I:\Program Files\Temporary
I:\WINDOWS\system32\drivers\npf.sys
I:\WINDOWS\system32\fmbx.dll
I:\WINDOWS\system32\packet.dll
I:\WINDOWS\system32\racle~1
I:\WINDOWS\system32\racle~1\?racle\
I:\WINDOWS\system32\stem~1
I:\WINDOWS\system32\stem~1\??anregw.exe
I:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF






((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 13:35 . 2000-08-31 08:00 51,200 --a------ I:\WINDOWS\Nircmd.exe
2008-01-23 13:01 . 2008-01-23 13:01 <DIR> d-------- I:\Program Files\Trend Micro
2008-01-23 12:47 . 1996-01-09 10:38 283,648 --a------ I:\WINDOWS\uninst.exe
2008-01-22 23:42 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-01-22 23:42 . 2007-07-30 19:19 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:21 . 2008-01-22 21:21 <DIR> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-01-22 11:51 . 2008-01-22 11:51 <DIR> d-------- I:\Program Files\illiminable
2008-01-22 10:30 . 2008-01-22 21:21 <DIR> d--hsc--- I:\Program Files\Common Files\WindowsLiveInstaller
2008-01-22 10:29 . 2008-01-22 21:21 <DIR> d-------- I:\Program Files\Windows Live
2008-01-22 10:29 . 2008-01-22 10:29 <DIR> d-------- I:\Program Files\Bonjour
2008-01-22 10:18 . 2008-01-22 10:18 <DIR> d-------- I:\Program Files\Common Files\Macrovision Shared
2008-01-21 11:32 . 2008-01-21 11:32 <DIR> d-------- I:\WINDOWS\system32\Adobe
2008-01-21 11:32 . 2004-08-17 02:40 16,384 --a------ I:\WINDOWS\system32\FileOps.exe
2008-01-21 11:18 . 2008-01-21 11:18 <DIR> d-------- I:\WINDOWS\Sun
2008-01-21 11:16 . 2007-09-24 23:31 69,632 --a------ I:\WINDOWS\system32\javacpl.cpl
2008-01-21 11:15 . 2008-01-21 11:16 <DIR> d-------- I:\Program Files\Java
2008-01-21 11:14 . 2008-01-21 11:14 <DIR> d-------- I:\Program Files\Common Files\Java
2008-01-21 10:02 . 2008-01-22 11:39 <DIR> d-------- I:\Program Files\Common Files\Adobe
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a------ I:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a--c--- I:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a------ I:\WINDOWS\system32\drivers\splitter.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a--c--- I:\WINDOWS\system32\dllcache\splitter.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a------ I:\WINDOWS\system32\drivers\DMusic.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a--c--- I:\WINDOWS\system32\dllcache\dmusic.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a------ I:\WINDOWS\system32\drivers\swmidi.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a--c--- I:\WINDOWS\system32\dllcache\swmidi.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a------ I:\WINDOWS\system32\drivers\portcls.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a--c--- I:\WINDOWS\system32\dllcache\portcls.sys
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a------ I:\WINDOWS\system32\ksproxy.ax
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a--c--- I:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a------ I:\WINDOWS\system32\drivers\drmk.sys
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a--c--- I:\WINDOWS\system32\dllcache\drmk.sys
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a------ I:\WINDOWS\system32\ksuser.dll
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a--c--- I:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d-------- I:\Program Files\Analog Devices
2008-01-21 09:22 . 2008-01-21 09:22 <DIR> d-------- I:\Program Files\Common Files\InstallShield
2008-01-21 09:18 . 2008-01-21 09:18 <DIR> d-------- I:\Program Files\Avira
2008-01-21 09:16 . 2008-01-23 14:40 3,137 --a------ I:\WINDOWS\wincmd.ini
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\UC.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\RAR.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKUNZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\NOCLOSE.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\LHA.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\ARJ.PIF
2008-01-21 09:09 . 2008-01-21 09:29 <DIR> d-------- I:\Program Files\Dot1XCfg
2008-01-21 09:03 . 2008-01-21 09:03 <DIR> d--h----- I:\Program Files\Uninstall Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:50 --------- d-----w I:\Program Files\microsoft frontpage
2008-01-21 07:49 --------- d-----w I:\Program Files\Windows Media Connect 2
2007-12-29 14:43 96,512 ----a-w I:\WINDOWS\system32\drivers\atapi.sys
2007-12-29 14:43 96,384 ----a-w I:\WINDOWS\system32\drivers\scsiport.sys
2007-12-29 14:43 80,128 ----a-w I:\WINDOWS\system32\drivers\parport.sys
2007-12-29 14:43 79,232 ----a-w I:\WINDOWS\system32\drivers\sdbus.sys
2007-12-29 14:43 71,168 ----a-w I:\WINDOWS\system32\drivers\dxg.sys
2007-12-29 14:43 7,168 ----a-w I:\WINDOWS\system32\hccoin.dll
2007-12-29 14:43 68,224 ----a-w I:\WINDOWS\system32\drivers\pci.sys
2007-12-29 14:43 64,512 ----a-w I:\WINDOWS\system32\drivers\serial.sys
2007-12-29 14:43 63,744 ----a-w I:\WINDOWS\system32\drivers\mf.sys
2007-12-29 14:43 62,976 ----a-w I:\WINDOWS\system32\drivers\cdrom.sys
2007-12-29 14:43 61,824 ----a-w I:\WINDOWS\system32\drivers\nic1394.sys
2007-12-29 14:43 60,800 ----a-w I:\WINDOWS\system32\drivers\arp1394.sys
2007-12-29 14:43 59,520 ----a-w I:\WINDOWS\system32\drivers\usbhub.sys
2007-12-29 14:43 52,736 ----a-w I:\WINDOWS\system32\wzcsapi.dll
2007-12-29 14:43 52,480 ----a-w I:\WINDOWS\system32\drivers\i8042prt.sys
2007-12-29 14:43 52,224 ----a-w I:\WINDOWS\system32\dmutil.dll
2007-12-29 14:43 483,840 ----a-w I:\WINDOWS\system32\wzcsvc.dll
2007-12-29 14:43 47,616 ----a-w I:\WINDOWS\system32\iyuv_32.dll
2007-12-29 14:43 47,104 ----a-w I:\WINDOWS\system32\cnbjmon.dll
2007-12-29 14:43 42,752 ----a-w I:\WINDOWS\system32\drivers\p3.sys
2007-12-29 14:43 42,112 ----a-w I:\WINDOWS\system32\drivers\imapi.sys
2007-12-29 14:43 4,352 ----a-w I:\WINDOWS\system32\drivers\swenum.sys
2007-12-29 14:43 37,760 ----a-w I:\WINDOWS\system32\drivers\amdk7.sys
2007-12-29 14:43 37,376 ----a-w I:\WINDOWS\system32\drivers\amdk6.sys
2007-12-29 14:43 37,248 ----a-w I:\WINDOWS\system32\drivers\isapnp.sys
2007-12-29 14:43 36,864 ----a-w I:\WINDOWS\system32\drivers\hidclass.sys
2007-12-29 14:43 36,736 ----a-w I:\WINDOWS\system32\drivers\crusoe.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\intelppm.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\disk.sys
2007-12-29 14:43 35,840 ----a-w I:\WINDOWS\system32\drivers\processr.sys
2007-12-29 14:43 35,328 ----a-w I:\WINDOWS\system32\pid.dll
2007-12-29 14:43 30,208 ----a-w I:\WINDOWS\system32\drivers\usbehci.sys
2007-12-29 14:43 30,080 ----a-w I:\WINDOWS\system32\drivers\modem.sys
2007-12-29 14:43 27,392 ----a-w I:\WINDOWS\system32\drivers\fdc.sys
2007-12-29 14:43 264,832 ----a-w I:\WINDOWS\system32\drivers\http.sys
2007-12-29 14:43 25,728 ----a-w I:\WINDOWS\system32\drivers\usbcamd2.sys
2007-12-29 14:43 25,600 ----a-w I:\WINDOWS\system32\drivers\usbcamd.sys
2007-12-29 14:43 25,344 ----a-w I:\WINDOWS\system32\drivers\sonydcam.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\pciidex.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\hidparse.sys
2007-12-29 14:43 24,576 ----a-w I:\WINDOWS\system32\drivers\kbdclass.sys
2007-12-29 14:43 23,040 ----a-w I:\WINDOWS\system32\drivers\mouclass.sys
2007-12-29 14:43 20,992 ----a-w I:\WINDOWS\system32\hid.dll
2007-12-29 14:43 20,608 ----a-w I:\WINDOWS\system32\drivers\usbuhci.sys
2007-12-29 14:43 20,480 ----a-w I:\WINDOWS\system32\drivers\flpydisk.sys
2007-12-29 14:43 2,306,560 ----a-w I:\WINDOWS\system32\ntoskrnl.exe
2007-12-29 14:43 2,185,216 ----a-w I:\WINDOWS\system32\ntkrnlpa.exe
2007-12-29 14:43 193,024 ----a-w I:\WINDOWS\system32\fsquirt.exe
2007-12-29 14:43 187,776 ----a-w I:\WINDOWS\system32\drivers\acpi.sys
2007-12-29 14:43 16,896 ----a-w I:\WINDOWS\system32\msyuv.dll
2007-12-29 14:43 15,872 ----a-w I:\WINDOWS\system32\drivers\usbintel.sys
2007-12-29 14:43 15,744 ----a-w I:\WINDOWS\system32\drivers\serenum.sys
2007-12-29 14:43 15,488 ----a-w I:\WINDOWS\system32\drivers\mssmbios.sys
2007-12-29 14:43 15,360 ----a-w I:\WINDOWS\system32\pjlmon.dll
2007-12-29 14:43 143,872 ----a-w I:\WINDOWS\system32\drivers\usbport.sys
2007-12-29 14:43 14,592 ----a-w I:\WINDOWS\system32\drivers\ndisuio.sys
2007-12-29 14:43 120,192 ----a-w I:\WINDOWS\system32\drivers\pcmcia.sys
2007-12-29 14:43 12,288 ----a-w I:\WINDOWS\system32\drivers\tunmp.sys
2007-12-29 14:43 11,904 ----a-w I:\WINDOWS\system32\drivers\sffdisk.sys
2007-12-29 14:43 11,392 ----a-w I:\WINDOWS\system32\drivers\sfloppy.sys
2007-12-29 14:43 11,008 ----a-w I:\WINDOWS\system32\drivers\sffp_sd.sys
2007-12-29 14:43 108,032 ----a-w I:\WINDOWS\system32\wshbth.dll
2007-12-29 14:43 10,368 ----a-w I:\WINDOWS\system32\drivers\hidusb.sys
2007-12-29 14:43 10,240 ----a-w I:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-12-29 14:43 1,613,824 ----a-w I:\WINDOWS\system32\sfcfiles.dll
2007-12-29 14:36 86,073 ----a-w I:\WINDOWS\system32\usrfaxa.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\tsbyuv.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\streamci.dll
2007-12-29 14:36 77,891 ----a-w I:\WINDOWS\system32\usrmlnka.exe
2007-12-29 14:36 77,890 ----a-w I:\WINDOWS\system32\usrdpa.dll
2007-12-29 14:36 77,883 ----a-w I:\WINDOWS\system32\usrrtosa.dll
2007-12-29 14:36 72,192 ----a-w I:\WINDOWS\system32\sprio800.dll
2007-12-29 14:36 70,656 ----a-w I:\WINDOWS\system32\sprio600.dll
2007-12-29 14:36 69,700 ----a-w I:\WINDOWS\system32\usrshuta.exe
2007-12-29 14:36 69,699 ----a-w I:\WINDOWS\system32\usrcoina.dll
2007-12-29 14:36 69,632 ----a-w I:\WINDOWS\system32\spnike.dll
2007-12-29 14:36 61,508 ----a-w I:\WINDOWS\system32\usrprbda.exe
2007-12-29 14:36 61,500 ----a-w I:\WINDOWS\system32\usrcntra.dll
2007-12-29 14:36 58,112 ----a-w I:\WINDOWS\system32\drivers\vdmindvd.sys
2007-12-29 14:36 55,296 ----a-w I:\WINDOWS\system32\dvdplay.exe
2007-12-29 14:36 53,305 ----a-w I:\WINDOWS\system32\usrlbva.dll
2007-12-29 14:36 51,712 ----a-w I:\WINDOWS\system32\drivers\tosdvd.sys
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrvpa.dll
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrsdpia.dll
2007-12-29 14:36 49,209 ----a-w I:\WINDOWS\system32\usrv80a.dll
2007-12-29 14:36 45,116 ----a-w I:\WINDOWS\system32\usrvoica.dll
2007-12-29 14:36 41,019 ----a-w I:\WINDOWS\system32\usrsvpia.dll
2007-12-29 14:36 4,736 ----a-w I:\WINDOWS\system32\drivers\usbd.sys
2007-12-29 14:36 323,641 ----a-w I:\WINDOWS\system32\usrdtea.dll
2007-12-29 14:36 3,456 ----a-w I:\WINDOWS\system32\drivers\oprghdlr.sys
2007-12-29 14:36 3,328 ----a-w I:\WINDOWS\system32\drivers\pciide.sys
2007-12-29 14:36 3,200 ----a-w I:\WINDOWS\system32\wowfax.dll
2007-12-29 14:36 262,528 ----a-w I:\WINDOWS\system32\drivers\cinemst2.sys
2007-12-29 14:36 21,376 ----a-w I:\WINDOWS\system32\drivers\tsbvcap.sys
2007-12-29 14:36 18,688 ----a-w I:\WINDOWS\system32\drivers\cdaudio.sys
2007-12-29 14:36 157,696 ----a-w I:\WINDOWS\system32\paqsp.dll
2007-12-29 14:36 147,968 ----a-w I:\WINDOWS\system32\mdwmdmsp.dll
2007-12-29 14:36 13,952 ----a-w I:\WINDOWS\system32\drivers\cbidf2k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_13.42.15.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 12:35:54 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 13:41:31 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 12:35:54 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 13:41:32 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 12:35:55 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 13:41:32 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 12:35:55 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 13:41:32 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 12:35:55 1,241,088 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 13:41:32 1,253,376 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 12:35:55 147,456 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 13:41:32 147,456 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="D:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2007-12-01 00:26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-21 09:20 249896]
"SoundMAXPnP"="I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Updates"="c:\windows\system\Update.exe" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll


*Newly Created Service* - RSVP
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 14:42:35
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************





RAPPORT HIJACKTHIS !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51, on 2008-01-23
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Windows Media Player\wmplayer.exe
I:\WINDOWS\explorer.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
0
Réponse 9 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 14:58
re,

j´ai du manqué un truc tout a l´heure...

a l´aide de hijack this coche et fix les lignes suivantes :
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Copie le texte ci-dessous :

File::
c:\windows\system\Update.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Updates"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 10 / 52
cromoszone
23 janv. 2008 à 15:12
ComboFix 08-01-23.2 - ED 2008-01-23 15:06:04.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.651 [GMT 1:00]
Running from: I:\Documents and Settings\ED\Desktop\ComboFix.exe
Command switches used :: F:\TEMP DOWNLOAD\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
c:\windows\system\Update.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system\Update.exe
I:\Program Files\outerinfo
I:\Program Files\outerinfo\FF\chrome.manifest
I:\Program Files\outerinfo\FF\components\FF.dll
I:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
I:\Program Files\outerinfo\FF\install.rdf
I:\Program Files\outerinfo\Terms.rtf
I:\Program Files\Temporary
I:\VundoFix Backups
I:\VundoFix Backups\gfhkj.ini.bad
I:\VundoFix Backups\gfhkj.ini2.bad
I:\VundoFix Backups\jkhfg.dll.bad
I:\WINDOWS\system32\drivers\npf.sys
I:\WINDOWS\system32\fmbx.dll
I:\WINDOWS\system32\packet.dll
I:\WINDOWS\system32\racle~1
I:\WINDOWS\system32\racle~1\?racle\
I:\WINDOWS\system32\stem~1
I:\WINDOWS\system32\stem~1\??anregw.exe
I:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF








((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 13:35 . 2000-08-31 08:00 51,200 --a------ I:\WINDOWS\Nircmd.exe
2008-01-23 13:01 . 2008-01-23 13:01 <DIR> d-------- I:\Program Files\Trend Micro
2008-01-23 12:47 . 1996-01-09 10:38 283,648 --a------ I:\WINDOWS\uninst.exe
2008-01-22 23:42 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-01-22 23:42 . 2007-07-30 19:19 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:21 . 2008-01-22 21:21 <DIR> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-01-22 11:51 . 2008-01-22 11:51 <DIR> d-------- I:\Program Files\illiminable
2008-01-22 10:30 . 2008-01-22 21:21 <DIR> d--hsc--- I:\Program Files\Common Files\WindowsLiveInstaller
2008-01-22 10:29 . 2008-01-22 21:21 <DIR> d-------- I:\Program Files\Windows Live
2008-01-22 10:29 . 2008-01-22 10:29 <DIR> d-------- I:\Program Files\Bonjour
2008-01-22 10:18 . 2008-01-22 10:18 <DIR> d-------- I:\Program Files\Common Files\Macrovision Shared
2008-01-21 11:32 . 2008-01-21 11:32 <DIR> d-------- I:\WINDOWS\system32\Adobe
2008-01-21 11:32 . 2004-08-17 02:40 16,384 --a------ I:\WINDOWS\system32\FileOps.exe
2008-01-21 11:18 . 2008-01-21 11:18 <DIR> d-------- I:\WINDOWS\Sun
2008-01-21 11:16 . 2007-09-24 23:31 69,632 --a------ I:\WINDOWS\system32\javacpl.cpl
2008-01-21 11:15 . 2008-01-21 11:16 <DIR> d-------- I:\Program Files\Java
2008-01-21 11:14 . 2008-01-21 11:14 <DIR> d-------- I:\Program Files\Common Files\Java
2008-01-21 10:02 . 2008-01-23 15:00 <DIR> d-------- I:\Program Files\Common Files\Adobe
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a------ I:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a--c--- I:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a------ I:\WINDOWS\system32\drivers\splitter.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a--c--- I:\WINDOWS\system32\dllcache\splitter.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a------ I:\WINDOWS\system32\drivers\DMusic.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a--c--- I:\WINDOWS\system32\dllcache\dmusic.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a------ I:\WINDOWS\system32\drivers\swmidi.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a--c--- I:\WINDOWS\system32\dllcache\swmidi.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a------ I:\WINDOWS\system32\drivers\portcls.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a--c--- I:\WINDOWS\system32\dllcache\portcls.sys
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a------ I:\WINDOWS\system32\ksproxy.ax
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a--c--- I:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a------ I:\WINDOWS\system32\drivers\drmk.sys
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a--c--- I:\WINDOWS\system32\dllcache\drmk.sys
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a------ I:\WINDOWS\system32\ksuser.dll
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a--c--- I:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d-------- I:\Program Files\Analog Devices
2008-01-21 09:22 . 2008-01-21 09:22 <DIR> d-------- I:\Program Files\Common Files\InstallShield
2008-01-21 09:18 . 2008-01-21 09:18 <DIR> d-------- I:\Program Files\Avira
2008-01-21 09:16 . 2008-01-23 15:05 3,137 --a------ I:\WINDOWS\wincmd.ini
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\UC.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\RAR.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKUNZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\NOCLOSE.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\LHA.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\ARJ.PIF
2008-01-21 09:09 . 2008-01-21 09:29 <DIR> d-------- I:\Program Files\Dot1XCfg
2008-01-21 09:03 . 2008-01-21 09:03 <DIR> d--h----- I:\Program Files\Uninstall Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:50 --------- d-----w I:\Program Files\microsoft frontpage
2008-01-21 07:49 --------- d-----w I:\Program Files\Windows Media Connect 2
2007-12-29 14:43 96,512 ----a-w I:\WINDOWS\system32\drivers\atapi.sys
2007-12-29 14:43 96,384 ----a-w I:\WINDOWS\system32\drivers\scsiport.sys
2007-12-29 14:43 80,128 ----a-w I:\WINDOWS\system32\drivers\parport.sys
2007-12-29 14:43 79,232 ----a-w I:\WINDOWS\system32\drivers\sdbus.sys
2007-12-29 14:43 71,168 ----a-w I:\WINDOWS\system32\drivers\dxg.sys
2007-12-29 14:43 7,168 ----a-w I:\WINDOWS\system32\hccoin.dll
2007-12-29 14:43 68,224 ----a-w I:\WINDOWS\system32\drivers\pci.sys
2007-12-29 14:43 64,512 ----a-w I:\WINDOWS\system32\drivers\serial.sys
2007-12-29 14:43 63,744 ----a-w I:\WINDOWS\system32\drivers\mf.sys
2007-12-29 14:43 62,976 ----a-w I:\WINDOWS\system32\drivers\cdrom.sys
2007-12-29 14:43 61,824 ----a-w I:\WINDOWS\system32\drivers\nic1394.sys
2007-12-29 14:43 60,800 ----a-w I:\WINDOWS\system32\drivers\arp1394.sys
2007-12-29 14:43 59,520 ----a-w I:\WINDOWS\system32\drivers\usbhub.sys
2007-12-29 14:43 52,736 ----a-w I:\WINDOWS\system32\wzcsapi.dll
2007-12-29 14:43 52,480 ----a-w I:\WINDOWS\system32\drivers\i8042prt.sys
2007-12-29 14:43 52,224 ----a-w I:\WINDOWS\system32\dmutil.dll
2007-12-29 14:43 483,840 ----a-w I:\WINDOWS\system32\wzcsvc.dll
2007-12-29 14:43 47,616 ----a-w I:\WINDOWS\system32\iyuv_32.dll
2007-12-29 14:43 47,104 ----a-w I:\WINDOWS\system32\cnbjmon.dll
2007-12-29 14:43 42,752 ----a-w I:\WINDOWS\system32\drivers\p3.sys
2007-12-29 14:43 42,112 ----a-w I:\WINDOWS\system32\drivers\imapi.sys
2007-12-29 14:43 4,352 ----a-w I:\WINDOWS\system32\drivers\swenum.sys
2007-12-29 14:43 37,760 ----a-w I:\WINDOWS\system32\drivers\amdk7.sys
2007-12-29 14:43 37,376 ----a-w I:\WINDOWS\system32\drivers\amdk6.sys
2007-12-29 14:43 37,248 ----a-w I:\WINDOWS\system32\drivers\isapnp.sys
2007-12-29 14:43 36,864 ----a-w I:\WINDOWS\system32\drivers\hidclass.sys
2007-12-29 14:43 36,736 ----a-w I:\WINDOWS\system32\drivers\crusoe.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\intelppm.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\disk.sys
2007-12-29 14:43 35,840 ----a-w I:\WINDOWS\system32\drivers\processr.sys
2007-12-29 14:43 35,328 ----a-w I:\WINDOWS\system32\pid.dll
2007-12-29 14:43 30,208 ----a-w I:\WINDOWS\system32\drivers\usbehci.sys
2007-12-29 14:43 30,080 ----a-w I:\WINDOWS\system32\drivers\modem.sys
2007-12-29 14:43 27,392 ----a-w I:\WINDOWS\system32\drivers\fdc.sys
2007-12-29 14:43 264,832 ----a-w I:\WINDOWS\system32\drivers\http.sys
2007-12-29 14:43 25,728 ----a-w I:\WINDOWS\system32\drivers\usbcamd2.sys
2007-12-29 14:43 25,600 ----a-w I:\WINDOWS\system32\drivers\usbcamd.sys
2007-12-29 14:43 25,344 ----a-w I:\WINDOWS\system32\drivers\sonydcam.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\pciidex.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\hidparse.sys
2007-12-29 14:43 24,576 ----a-w I:\WINDOWS\system32\drivers\kbdclass.sys
2007-12-29 14:43 23,040 ----a-w I:\WINDOWS\system32\drivers\mouclass.sys
2007-12-29 14:43 20,992 ----a-w I:\WINDOWS\system32\hid.dll
2007-12-29 14:43 20,608 ----a-w I:\WINDOWS\system32\drivers\usbuhci.sys
2007-12-29 14:43 20,480 ----a-w I:\WINDOWS\system32\drivers\flpydisk.sys
2007-12-29 14:43 2,306,560 ----a-w I:\WINDOWS\system32\ntoskrnl.exe
2007-12-29 14:43 2,185,216 ----a-w I:\WINDOWS\system32\ntkrnlpa.exe
2007-12-29 14:43 193,024 ----a-w I:\WINDOWS\system32\fsquirt.exe
2007-12-29 14:43 187,776 ----a-w I:\WINDOWS\system32\drivers\acpi.sys
2007-12-29 14:43 16,896 ----a-w I:\WINDOWS\system32\msyuv.dll
2007-12-29 14:43 15,872 ----a-w I:\WINDOWS\system32\drivers\usbintel.sys
2007-12-29 14:43 15,744 ----a-w I:\WINDOWS\system32\drivers\serenum.sys
2007-12-29 14:43 15,488 ----a-w I:\WINDOWS\system32\drivers\mssmbios.sys
2007-12-29 14:43 15,360 ----a-w I:\WINDOWS\system32\pjlmon.dll
2007-12-29 14:43 143,872 ----a-w I:\WINDOWS\system32\drivers\usbport.sys
2007-12-29 14:43 14,592 ----a-w I:\WINDOWS\system32\drivers\ndisuio.sys
2007-12-29 14:43 120,192 ----a-w I:\WINDOWS\system32\drivers\pcmcia.sys
2007-12-29 14:43 12,288 ----a-w I:\WINDOWS\system32\drivers\tunmp.sys
2007-12-29 14:43 11,904 ----a-w I:\WINDOWS\system32\drivers\sffdisk.sys
2007-12-29 14:43 11,392 ----a-w I:\WINDOWS\system32\drivers\sfloppy.sys
2007-12-29 14:43 11,008 ----a-w I:\WINDOWS\system32\drivers\sffp_sd.sys
2007-12-29 14:43 108,032 ----a-w I:\WINDOWS\system32\wshbth.dll
2007-12-29 14:43 10,368 ----a-w I:\WINDOWS\system32\drivers\hidusb.sys
2007-12-29 14:43 10,240 ----a-w I:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-12-29 14:43 1,613,824 ----a-w I:\WINDOWS\system32\sfcfiles.dll
2007-12-29 14:36 86,073 ----a-w I:\WINDOWS\system32\usrfaxa.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\tsbyuv.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\streamci.dll
2007-12-29 14:36 77,891 ----a-w I:\WINDOWS\system32\usrmlnka.exe
2007-12-29 14:36 77,890 ----a-w I:\WINDOWS\system32\usrdpa.dll
2007-12-29 14:36 77,883 ----a-w I:\WINDOWS\system32\usrrtosa.dll
2007-12-29 14:36 72,192 ----a-w I:\WINDOWS\system32\sprio800.dll
2007-12-29 14:36 70,656 ----a-w I:\WINDOWS\system32\sprio600.dll
2007-12-29 14:36 69,700 ----a-w I:\WINDOWS\system32\usrshuta.exe
2007-12-29 14:36 69,699 ----a-w I:\WINDOWS\system32\usrcoina.dll
2007-12-29 14:36 69,632 ----a-w I:\WINDOWS\system32\spnike.dll
2007-12-29 14:36 61,508 ----a-w I:\WINDOWS\system32\usrprbda.exe
2007-12-29 14:36 61,500 ----a-w I:\WINDOWS\system32\usrcntra.dll
2007-12-29 14:36 58,112 ----a-w I:\WINDOWS\system32\drivers\vdmindvd.sys
2007-12-29 14:36 55,296 ----a-w I:\WINDOWS\system32\dvdplay.exe
2007-12-29 14:36 53,305 ----a-w I:\WINDOWS\system32\usrlbva.dll
2007-12-29 14:36 51,712 ----a-w I:\WINDOWS\system32\drivers\tosdvd.sys
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrvpa.dll
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrsdpia.dll
2007-12-29 14:36 49,209 ----a-w I:\WINDOWS\system32\usrv80a.dll
2007-12-29 14:36 45,116 ----a-w I:\WINDOWS\system32\usrvoica.dll
2007-12-29 14:36 41,019 ----a-w I:\WINDOWS\system32\usrsvpia.dll
2007-12-29 14:36 4,736 ----a-w I:\WINDOWS\system32\drivers\usbd.sys
2007-12-29 14:36 323,641 ----a-w I:\WINDOWS\system32\usrdtea.dll
2007-12-29 14:36 3,456 ----a-w I:\WINDOWS\system32\drivers\oprghdlr.sys
2007-12-29 14:36 3,328 ----a-w I:\WINDOWS\system32\drivers\pciide.sys
2007-12-29 14:36 3,200 ----a-w I:\WINDOWS\system32\wowfax.dll
2007-12-29 14:36 262,528 ----a-w I:\WINDOWS\system32\drivers\cinemst2.sys
2007-12-29 14:36 21,376 ----a-w I:\WINDOWS\system32\drivers\tsbvcap.sys
2007-12-29 14:36 18,688 ----a-w I:\WINDOWS\system32\drivers\cdaudio.sys
2007-12-29 14:36 157,696 ----a-w I:\WINDOWS\system32\paqsp.dll
2007-12-29 14:36 147,968 ----a-w I:\WINDOWS\system32\mdwmdmsp.dll
2007-12-29 14:36 13,952 ----a-w I:\WINDOWS\system32\drivers\cbidf2k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_13.42.15.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 12:35:54 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 14:06:00 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 12:35:54 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 14:06:00 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 12:35:55 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 14:06:00 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 12:35:55 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 14:06:00 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 12:35:55 1,241,088 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 14:06:00 1,253,376 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 12:35:55 147,456 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 14:06:00 147,456 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 14:01:08 295,606 ----a-r I:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="D:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2007-12-01 00:26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-21 09:20 249896]
"SoundMAXPnP"="I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"getPlusUninstall_ocx"="advpack.dll" [2007-12-29 15:01 123904 I:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll


*Newly Created Service* - RSVP
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 15:06:48
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************


Hijackthis !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08, on 2008-01-23
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Windows Media Player\wmplayer.exe
I:\WINDOWS\system32\msiexec.exe
I:\WINDOWS\explorer.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
0
Réponse 11 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 15:35
re,

I:\Program Files\Bonjour\mDNSResponder.exe fait apparament partie de i tunes.

instales un par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

puis y a un fichier qui est apparue de je ne sais ou alors il va encore faloir utiliser combofix.

avec hijack this fix ceci :
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')


Copie le texte ci-dessous :

File::
I:\WINDOWS\system32\advpack.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"getPlusUninstall_ocx"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 12 / 52
cromoszone
23 janv. 2008 à 17:06
ComboFix 08-01-23.2 - ED 2008-01-23 17:01:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.680 [GMT 1:00]
Running from: I:\Documents and Settings\ED\Desktop\ComboFix.exe
Command switches used :: F:\TEMP DOWNLOAD\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
I:\WINDOWS\system32\advpack.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\WINDOWS\system32\advpack.dll
.
---- Previous Run -------
.
c:\windows\system\Update.exe
I:\Program Files\outerinfo
I:\Program Files\outerinfo\FF\chrome.manifest
I:\Program Files\outerinfo\FF\components\FF.dll
I:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
I:\Program Files\outerinfo\FF\install.rdf
I:\Program Files\outerinfo\Terms.rtf
I:\Program Files\Temporary
I:\VundoFix Backups
I:\VundoFix Backups\gfhkj.ini.bad
I:\VundoFix Backups\gfhkj.ini2.bad
I:\VundoFix Backups\jkhfg.dll.bad
I:\WINDOWS\system32\drivers\npf.sys
I:\WINDOWS\system32\fmbx.dll
I:\WINDOWS\system32\packet.dll
I:\WINDOWS\system32\racle~1
I:\WINDOWS\system32\racle~1\?racle\
I:\WINDOWS\system32\stem~1
I:\WINDOWS\system32\stem~1\??anregw.exe
I:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF










((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 13:35 . 2000-08-31 08:00 51,200 --a------ I:\WINDOWS\Nircmd.exe
2008-01-23 13:01 . 2008-01-23 13:01 <DIR> d-------- I:\Program Files\Trend Micro
2008-01-23 12:47 . 1996-01-09 10:38 283,648 --a------ I:\WINDOWS\uninst.exe
2008-01-22 23:42 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-01-22 23:42 . 2007-07-30 19:19 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-01-22 21:21 . 2008-01-22 21:21 <DIR> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-01-22 11:51 . 2008-01-22 11:51 <DIR> d-------- I:\Program Files\illiminable
2008-01-22 10:30 . 2008-01-22 21:21 <DIR> d--hsc--- I:\Program Files\Common Files\WindowsLiveInstaller
2008-01-22 10:29 . 2008-01-22 21:21 <DIR> d-------- I:\Program Files\Windows Live
2008-01-22 10:29 . 2008-01-22 10:29 <DIR> d-------- I:\Program Files\Bonjour
2008-01-22 10:18 . 2008-01-22 10:18 <DIR> d-------- I:\Program Files\Common Files\Macrovision Shared
2008-01-21 11:32 . 2008-01-21 11:32 <DIR> d-------- I:\WINDOWS\system32\Adobe
2008-01-21 11:32 . 2004-08-17 02:40 16,384 --a------ I:\WINDOWS\system32\FileOps.exe
2008-01-21 11:18 . 2008-01-21 11:18 <DIR> d-------- I:\WINDOWS\Sun
2008-01-21 11:16 . 2007-09-24 23:31 69,632 --a------ I:\WINDOWS\system32\javacpl.cpl
2008-01-21 11:15 . 2008-01-21 11:16 <DIR> d-------- I:\Program Files\Java
2008-01-21 11:14 . 2008-01-21 11:14 <DIR> d-------- I:\Program Files\Common Files\Java
2008-01-21 10:02 . 2008-01-23 15:00 <DIR> d-------- I:\Program Files\Common Files\Adobe
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a------ I:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 18:14 83,072 --a--c--- I:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a------ I:\WINDOWS\system32\drivers\splitter.sys
2008-01-21 09:32 . 2007-11-30 17:30 6,272 --a--c--- I:\WINDOWS\system32\dllcache\splitter.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a------ I:\WINDOWS\system32\drivers\DMusic.sys
2008-01-21 09:31 . 2007-11-30 17:30 52,864 --a--c--- I:\WINDOWS\system32\dllcache\dmusic.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a------ I:\WINDOWS\system32\drivers\swmidi.sys
2008-01-21 09:28 . 2007-11-30 17:30 56,576 --a--c--- I:\WINDOWS\system32\dllcache\swmidi.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a------ I:\WINDOWS\system32\drivers\portcls.sys
2008-01-21 09:24 . 2007-11-30 18:17 146,048 --a--c--- I:\WINDOWS\system32\dllcache\portcls.sys
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a------ I:\WINDOWS\system32\ksproxy.ax
2008-01-21 09:24 . 2007-12-01 00:27 129,536 --a--c--- I:\WINDOWS\system32\dllcache\ksproxy.ax
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a------ I:\WINDOWS\system32\drivers\drmk.sys
2008-01-21 09:24 . 2007-11-30 17:30 60,160 --a--c--- I:\WINDOWS\system32\dllcache\drmk.sys
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a------ I:\WINDOWS\system32\ksuser.dll
2008-01-21 09:24 . 2007-12-01 00:25 4,096 --a--c--- I:\WINDOWS\system32\dllcache\ksuser.dll
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-01-21 09:23 . 2008-01-21 09:23 <DIR> d-------- I:\Program Files\Analog Devices
2008-01-21 09:22 . 2008-01-21 09:22 <DIR> d-------- I:\Program Files\Common Files\InstallShield
2008-01-21 09:18 . 2008-01-21 09:18 <DIR> d-------- I:\Program Files\Avira
2008-01-21 09:16 . 2008-01-23 15:07 3,137 --a------ I:\WINDOWS\wincmd.ini
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\UC.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\RAR.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\PKUNZIP.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\NOCLOSE.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\LHA.PIF
2008-01-21 09:16 . 2007-06-21 07:01 545 --a------ I:\WINDOWS\ARJ.PIF
2008-01-21 09:09 . 2008-01-21 09:29 <DIR> d-------- I:\Program Files\Dot1XCfg
2008-01-21 09:03 . 2008-01-21 09:03 <DIR> d--h----- I:\Program Files\Uninstall Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:50 --------- d-----w I:\Program Files\microsoft frontpage
2008-01-21 07:49 --------- d-----w I:\Program Files\Windows Media Connect 2
2007-12-29 14:43 96,512 ----a-w I:\WINDOWS\system32\drivers\atapi.sys
2007-12-29 14:43 96,384 ----a-w I:\WINDOWS\system32\drivers\scsiport.sys
2007-12-29 14:43 80,128 ----a-w I:\WINDOWS\system32\drivers\parport.sys
2007-12-29 14:43 79,232 ----a-w I:\WINDOWS\system32\drivers\sdbus.sys
2007-12-29 14:43 71,168 ----a-w I:\WINDOWS\system32\drivers\dxg.sys
2007-12-29 14:43 7,168 ----a-w I:\WINDOWS\system32\hccoin.dll
2007-12-29 14:43 68,224 ----a-w I:\WINDOWS\system32\drivers\pci.sys
2007-12-29 14:43 64,512 ----a-w I:\WINDOWS\system32\drivers\serial.sys
2007-12-29 14:43 63,744 ----a-w I:\WINDOWS\system32\drivers\mf.sys
2007-12-29 14:43 62,976 ----a-w I:\WINDOWS\system32\drivers\cdrom.sys
2007-12-29 14:43 61,824 ----a-w I:\WINDOWS\system32\drivers\nic1394.sys
2007-12-29 14:43 60,800 ----a-w I:\WINDOWS\system32\drivers\arp1394.sys
2007-12-29 14:43 59,520 ----a-w I:\WINDOWS\system32\drivers\usbhub.sys
2007-12-29 14:43 52,736 ----a-w I:\WINDOWS\system32\wzcsapi.dll
2007-12-29 14:43 52,480 ----a-w I:\WINDOWS\system32\drivers\i8042prt.sys
2007-12-29 14:43 52,224 ----a-w I:\WINDOWS\system32\dmutil.dll
2007-12-29 14:43 483,840 ----a-w I:\WINDOWS\system32\wzcsvc.dll
2007-12-29 14:43 47,616 ----a-w I:\WINDOWS\system32\iyuv_32.dll
2007-12-29 14:43 47,104 ----a-w I:\WINDOWS\system32\cnbjmon.dll
2007-12-29 14:43 42,752 ----a-w I:\WINDOWS\system32\drivers\p3.sys
2007-12-29 14:43 42,112 ----a-w I:\WINDOWS\system32\drivers\imapi.sys
2007-12-29 14:43 4,352 ----a-w I:\WINDOWS\system32\drivers\swenum.sys
2007-12-29 14:43 37,760 ----a-w I:\WINDOWS\system32\drivers\amdk7.sys
2007-12-29 14:43 37,376 ----a-w I:\WINDOWS\system32\drivers\amdk6.sys
2007-12-29 14:43 37,248 ----a-w I:\WINDOWS\system32\drivers\isapnp.sys
2007-12-29 14:43 36,864 ----a-w I:\WINDOWS\system32\drivers\hidclass.sys
2007-12-29 14:43 36,736 ----a-w I:\WINDOWS\system32\drivers\crusoe.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\intelppm.sys
2007-12-29 14:43 36,352 ----a-w I:\WINDOWS\system32\drivers\disk.sys
2007-12-29 14:43 35,840 ----a-w I:\WINDOWS\system32\drivers\processr.sys
2007-12-29 14:43 35,328 ----a-w I:\WINDOWS\system32\pid.dll
2007-12-29 14:43 30,208 ----a-w I:\WINDOWS\system32\drivers\usbehci.sys
2007-12-29 14:43 30,080 ----a-w I:\WINDOWS\system32\drivers\modem.sys
2007-12-29 14:43 27,392 ----a-w I:\WINDOWS\system32\drivers\fdc.sys
2007-12-29 14:43 264,832 ----a-w I:\WINDOWS\system32\drivers\http.sys
2007-12-29 14:43 25,728 ----a-w I:\WINDOWS\system32\drivers\usbcamd2.sys
2007-12-29 14:43 25,600 ----a-w I:\WINDOWS\system32\drivers\usbcamd.sys
2007-12-29 14:43 25,344 ----a-w I:\WINDOWS\system32\drivers\sonydcam.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\pciidex.sys
2007-12-29 14:43 24,960 ----a-w I:\WINDOWS\system32\drivers\hidparse.sys
2007-12-29 14:43 24,576 ----a-w I:\WINDOWS\system32\drivers\kbdclass.sys
2007-12-29 14:43 23,040 ----a-w I:\WINDOWS\system32\drivers\mouclass.sys
2007-12-29 14:43 20,992 ----a-w I:\WINDOWS\system32\hid.dll
2007-12-29 14:43 20,608 ----a-w I:\WINDOWS\system32\drivers\usbuhci.sys
2007-12-29 14:43 20,480 ----a-w I:\WINDOWS\system32\drivers\flpydisk.sys
2007-12-29 14:43 2,306,560 ----a-w I:\WINDOWS\system32\ntoskrnl.exe
2007-12-29 14:43 2,185,216 ----a-w I:\WINDOWS\system32\ntkrnlpa.exe
2007-12-29 14:43 193,024 ----a-w I:\WINDOWS\system32\fsquirt.exe
2007-12-29 14:43 187,776 ----a-w I:\WINDOWS\system32\drivers\acpi.sys
2007-12-29 14:43 16,896 ----a-w I:\WINDOWS\system32\msyuv.dll
2007-12-29 14:43 15,872 ----a-w I:\WINDOWS\system32\drivers\usbintel.sys
2007-12-29 14:43 15,744 ----a-w I:\WINDOWS\system32\drivers\serenum.sys
2007-12-29 14:43 15,488 ----a-w I:\WINDOWS\system32\drivers\mssmbios.sys
2007-12-29 14:43 15,360 ----a-w I:\WINDOWS\system32\pjlmon.dll
2007-12-29 14:43 143,872 ----a-w I:\WINDOWS\system32\drivers\usbport.sys
2007-12-29 14:43 14,592 ----a-w I:\WINDOWS\system32\drivers\ndisuio.sys
2007-12-29 14:43 120,192 ----a-w I:\WINDOWS\system32\drivers\pcmcia.sys
2007-12-29 14:43 12,288 ----a-w I:\WINDOWS\system32\drivers\tunmp.sys
2007-12-29 14:43 11,904 ----a-w I:\WINDOWS\system32\drivers\sffdisk.sys
2007-12-29 14:43 11,392 ----a-w I:\WINDOWS\system32\drivers\sfloppy.sys
2007-12-29 14:43 11,008 ----a-w I:\WINDOWS\system32\drivers\sffp_sd.sys
2007-12-29 14:43 108,032 ----a-w I:\WINDOWS\system32\wshbth.dll
2007-12-29 14:43 10,368 ----a-w I:\WINDOWS\system32\drivers\hidusb.sys
2007-12-29 14:43 10,240 ----a-w I:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-12-29 14:43 1,613,824 ----a-w I:\WINDOWS\system32\sfcfiles.dll
2007-12-29 14:36 86,073 ----a-w I:\WINDOWS\system32\usrfaxa.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\tsbyuv.dll
2007-12-29 14:36 8,192 ----a-w I:\WINDOWS\system32\streamci.dll
2007-12-29 14:36 77,891 ----a-w I:\WINDOWS\system32\usrmlnka.exe
2007-12-29 14:36 77,890 ----a-w I:\WINDOWS\system32\usrdpa.dll
2007-12-29 14:36 77,883 ----a-w I:\WINDOWS\system32\usrrtosa.dll
2007-12-29 14:36 72,192 ----a-w I:\WINDOWS\system32\sprio800.dll
2007-12-29 14:36 70,656 ----a-w I:\WINDOWS\system32\sprio600.dll
2007-12-29 14:36 69,700 ----a-w I:\WINDOWS\system32\usrshuta.exe
2007-12-29 14:36 69,699 ----a-w I:\WINDOWS\system32\usrcoina.dll
2007-12-29 14:36 69,632 ----a-w I:\WINDOWS\system32\spnike.dll
2007-12-29 14:36 61,508 ----a-w I:\WINDOWS\system32\usrprbda.exe
2007-12-29 14:36 61,500 ----a-w I:\WINDOWS\system32\usrcntra.dll
2007-12-29 14:36 58,112 ----a-w I:\WINDOWS\system32\drivers\vdmindvd.sys
2007-12-29 14:36 55,296 ----a-w I:\WINDOWS\system32\dvdplay.exe
2007-12-29 14:36 53,305 ----a-w I:\WINDOWS\system32\usrlbva.dll
2007-12-29 14:36 51,712 ----a-w I:\WINDOWS\system32\drivers\tosdvd.sys
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrvpa.dll
2007-12-29 14:36 49,211 ----a-w I:\WINDOWS\system32\usrsdpia.dll
2007-12-29 14:36 49,209 ----a-w I:\WINDOWS\system32\usrv80a.dll
2007-12-29 14:36 45,116 ----a-w I:\WINDOWS\system32\usrvoica.dll
2007-12-29 14:36 41,019 ----a-w I:\WINDOWS\system32\usrsvpia.dll
2007-12-29 14:36 4,736 ----a-w I:\WINDOWS\system32\drivers\usbd.sys
2007-12-29 14:36 323,641 ----a-w I:\WINDOWS\system32\usrdtea.dll
2007-12-29 14:36 3,456 ----a-w I:\WINDOWS\system32\drivers\oprghdlr.sys
2007-12-29 14:36 3,328 ----a-w I:\WINDOWS\system32\drivers\pciide.sys
2007-12-29 14:36 3,200 ----a-w I:\WINDOWS\system32\wowfax.dll
2007-12-29 14:36 262,528 ----a-w I:\WINDOWS\system32\drivers\cinemst2.sys
2007-12-29 14:36 21,376 ----a-w I:\WINDOWS\system32\drivers\tsbvcap.sys
2007-12-29 14:36 18,688 ----a-w I:\WINDOWS\system32\drivers\cdaudio.sys
2007-12-29 14:36 157,696 ----a-w I:\WINDOWS\system32\paqsp.dll
2007-12-29 14:36 147,968 ----a-w I:\WINDOWS\system32\mdwmdmsp.dll
2007-12-29 14:36 13,952 ----a-w I:\WINDOWS\system32\drivers\cbidf2k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_13.42.15.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 12:35:54 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 16:00:57 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 12:35:54 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 16:00:58 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 12:35:55 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 16:00:58 245,760 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 12:35:55 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 16:00:58 8,192 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 12:35:55 1,241,088 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 16:00:58 1,261,568 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 12:35:55 147,456 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 16:00:58 147,456 ----a-w I:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 14:01:08 295,606 ----a-r I:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="D:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2007-12-01 00:26 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-21 09:20 249896]
"SoundMAXPnP"="I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll


*Newly Created Service* - RSVP
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 17:01:53
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06, on 2008-01-23
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\WINDOWS\system32\rsvp.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
0
Réponse 13 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 17:19
re,

tu n´as pas installé de par feu ?

@+
0
Réponse 14 / 52
cromoszone
23 janv. 2008 à 17:24
J'ai celui de XP mais je vais installer le Kerio
0
Réponse 15 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 17:28
ok

peux tu maintenant faire un scan complet de ta machine a l´aide d´antivir stp;

avec les reglages suivant :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

et post le rapport ici stp

@+
0
Réponse 16 / 52
cromoszone
23 janv. 2008 à 17:29
Testez la sécurité de votre ordinateurTest de firewall : scanneur de ports TCP
--------------------------------------------------------------------------------


Félicitation ! Votre sécurité semble optimale !
La totalité des ports TCP testés sont masqués, votre ordinateur ne donne donc aucune réponse aux tests de ports effectués. Votre machine est donc invisible aux yeux de pirates potentiels.


Je viens de faire un test sur Zebulon et il semble que je sois bien protegé de ce côté là ?
0
Réponse 17 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 17:32
tu veux te refaire infecter?
0
Réponse 18 / 52
cromoszone
23 janv. 2008 à 17:34
Nope, ok ok j'installle mais il ne va pas rentrer en conlit avec XP firewall ( je peux le deconnecter ?)

Au fait MERCI pour ton Aide !!!!
0
Réponse 19 / 52
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 17:37
re,

non il ne va pas rentrer en conflie, normalement celui de windows va s´enlever tout seul comme un grand, quand tu auras installé l´autre...

de rien pour l´aide ;-)

n´oublie pas de faire le scan avec antivir comme je t´ai indiqué au post 15

@+
0
Réponse 20 / 52
cromoszone
23 janv. 2008 à 17:46
Je suis occupé de faire le scan avec ANTIVIR
Mais pour Kerio qd je clique sur le lien donné par ZEBULON, je tombe sur ce site : http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/


Est-ce le bon ?
0