Storage Protector arghhh !!
emmanuel
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je suis infécté par storage Protector, j'ai fais un scan avec Mcafee et mis en quarantaine les fichiers détéctés.
J'ai également lancé VundoFix et supprimé les fichiers indiqués.
Apparement les virus sont toujours présents et bien qu'ayant consulté pas mal de forum je n'ai aucune idée sur la façon de m'en débarasser.
Merci de votre aide :)
Voici mon rapport de scan HJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:32, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing)
O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
Je suis infécté par storage Protector, j'ai fais un scan avec Mcafee et mis en quarantaine les fichiers détéctés.
J'ai également lancé VundoFix et supprimé les fichiers indiqués.
Apparement les virus sont toujours présents et bien qu'ayant consulté pas mal de forum je n'ai aucune idée sur la façon de m'en débarasser.
Merci de votre aide :)
Voici mon rapport de scan HJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:32, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing)
O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
A voir également:
- Storage Protector arghhh !!
- Hp usb disk storage format tool - Télécharger - Stockage
- Mass storage device - Télécharger - Pilotes & Matériel
- Renee file protector - Télécharger - Chiffrement
- Intel matrix storage manager - Télécharger - Pilotes & Matériel
- Lacking storage booting traduction - Guide
10 réponses
slt
desisntalle via ton panneau de configuration:
VMN Toolbar
______________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing)
O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
___________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_____________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
desisntalle via ton panneau de configuration:
VMN Toolbar
______________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing)
O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
___________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_____________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Merci jlpjlp,
donc voici le rapport combofix :
ComboFix 08-02.05.3 - AP35 2008-02-07 0:16:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.960 [GMT 1:00]
Endroit: C:\Documents and Settings\AP35\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\feobcqwe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odyrchpq.ini
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.
2008-02-06 20:55 . 2008-02-06 20:55 10,240 --a------ C:\Program Files\tmp8283859.exe
2008-02-06 20:48 . 2008-02-06 21:19 <REP> d-------- C:\VundoFix Backups
2008-02-06 20:45 . 2008-02-06 20:45 <REP> d-------- C:\Program Files\Trend Micro
2008-02-06 12:39 . 2008-02-07 00:14 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-06 11:15 . 2008-02-06 11:15 90,688 --a------ C:\WINDOWS\system32\qphcrydo.dll
2008-02-05 20:05 . 2008-02-06 10:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-05 19:51 . 2008-02-05 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 19:37 . 2008-02-05 19:37 90,688 --------- C:\WINDOWS\system32\ewqcboef.dll
2008-02-05 19:25 . 2008-02-05 19:25 46,080 --a------ C:\Program Files\15500593.exe
2008-02-05 17:56 . 2008-02-05 17:56 0 --a------ C:\WINDOWS\wexpert6.ini
2008-02-04 00:11 . 2008-02-04 00:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-30 18:08 . 2008-01-30 18:08 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-22 16:30 . 2008-01-22 16:30 <REP> d-------- C:\Documents and Settings\AP35\Application Data\Talkback
2008-01-15 19:30 . 2008-01-15 19:30 <REP> dr------- C:\Documents and Settings\AP35\Application Data\Brother
2008-01-15 16:28 . 2008-01-15 16:28 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-15 16:28 . 2008-01-15 16:28 212 --a------ C:\WINDOWS\Brpfx04a.ini
2008-01-15 16:28 . 2008-01-15 16:28 93 --a------ C:\WINDOWS\brpcfx.ini
2008-01-15 16:28 . 2008-01-15 16:28 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-01-15 16:28 . 2008-01-15 16:28 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-01-15 16:27 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll
2008-01-15 16:27 . 2006-02-24 17:59 56,320 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-01-15 16:27 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll
2008-01-15 16:27 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2008-01-15 16:26 . 2008-01-15 16:28 <REP> d-------- C:\Program Files\Brother
2008-01-15 16:26 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2008-01-15 16:26 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll
2008-01-15 16:26 . 2006-01-17 01:03 126,976 --------- C:\WINDOWS\system32\BrfxD05a.dll
2008-01-15 16:26 . 2005-06-02 01:09 86,016 --------- C:\WINDOWS\system32\BrWebIns.dll
2008-01-15 16:26 . 2005-06-02 01:08 69,632 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2008-01-15 16:26 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-01-15 16:26 . 2003-11-28 18:57 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-01-15 16:24 . 2008-01-15 16:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-15 13:43 . 2008-01-15 13:43 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-01-14 11:48 . 2008-01-14 11:48 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-14 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-14 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-14 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-12 15:07 . 2008-01-12 15:07 <REP> d-------- C:\Program Files\DivX
2008-01-12 14:05 . 2008-01-12 14:05 <REP> d-------- C:\Documents and Settings\AP35\Contacts
2008-01-12 13:59 . 2008-01-12 14:03 <REP> d-------- C:\Program Files\Windows Live
2008-01-12 13:59 . 2008-01-12 14:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-12 13:59 . 2008-01-12 13:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 17:39 --------- d-----w C:\Program Files\McAfee
2008-01-15 15:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-08 01:04 --------- d-----w C:\Documents and Settings\AP35\Application Data\dvdcss
2007-12-29 15:26 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-26 22:25 --------- d-----w C:\Program Files\Microsoft Works
2007-12-26 22:23 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-26 17:17 --------- d-----w C:\Program Files\IZArc
2007-12-25 18:38 --------- d-----w C:\Program Files\BitLord
2007-12-24 15:51 --------- d-----w C:\Program Files\Sony
2007-12-24 15:49 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-12-23 20:45 --------- d-----w C:\Program Files\Visicom Media
2007-12-23 17:57 --------- d-----w C:\Documents and Settings\AP35\Application Data\vlc
2007-12-23 17:47 --------- d-----w C:\Program Files\VideoLAN
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-23 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-23 15:28 --------- d-----w C:\Program Files\Bonjour
2007-12-23 15:15 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-23 13:47 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-23 13:07 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-23 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-23 11:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 10:15 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2007-12-23 10:09 --------- d-----w C:\Program Files\ThiWeb Live 2
2007-12-23 09:40 --------- d-----w C:\Program Files\Symantec
2007-12-23 09:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-23 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-23 02:03 --------- d-----w C:\Program Files\McAfee.com
2007-12-23 01:47 --------- d-----w C:\Program Files\antivirus
2007-12-23 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-22 23:43 --------- d-----w C:\Documents and Settings\AP35\Application Data\Symantec
2007-12-22 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-22 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-12-22 23:15 --------- d-----w C:\Documents and Settings\AP35\Application Data\Sony Corporation
2007-12-22 23:14 --------- d-----w C:\Program Files\Roxio
2007-12-22 23:09 0 ---ha-r C:\WINDOWS\system32\drivers\Sony_VGN-FS415E.mrk
2007-12-22 23:09 --------- d-----w C:\Program Files\Raccourcis de programmes
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 05:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 06:56 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 22:07 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32 1279336]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2002-07-31 14:42 475136]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinPrx"= {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll [2008-02-06 01:13 14374]
"SetupDrive"= {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll [2008-02-05 19:25 14374]
"zip"= {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll [2008-02-05 19:25 39462]
"SrvSrv"= {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll [2008-02-05 19:24 14374]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-13 15:19 98304 C:\WINDOWS\system32\VESWinlogon.dll
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-23 02:04:03 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-23 02:04:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 00:23:16
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
-> C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
-> C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 0:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 23:28:58
.
2008-01-19 14:59:37 --- E O F ---
Et le rapport panda :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-07 00:46:31
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@atdmt[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@linksynergy[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@overture[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@smartadserver[2].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
donc voici le rapport combofix :
ComboFix 08-02.05.3 - AP35 2008-02-07 0:16:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.960 [GMT 1:00]
Endroit: C:\Documents and Settings\AP35\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\feobcqwe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odyrchpq.ini
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.
2008-02-06 20:55 . 2008-02-06 20:55 10,240 --a------ C:\Program Files\tmp8283859.exe
2008-02-06 20:48 . 2008-02-06 21:19 <REP> d-------- C:\VundoFix Backups
2008-02-06 20:45 . 2008-02-06 20:45 <REP> d-------- C:\Program Files\Trend Micro
2008-02-06 12:39 . 2008-02-07 00:14 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-06 11:15 . 2008-02-06 11:15 90,688 --a------ C:\WINDOWS\system32\qphcrydo.dll
2008-02-05 20:05 . 2008-02-06 10:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-05 19:51 . 2008-02-05 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 19:37 . 2008-02-05 19:37 90,688 --------- C:\WINDOWS\system32\ewqcboef.dll
2008-02-05 19:25 . 2008-02-05 19:25 46,080 --a------ C:\Program Files\15500593.exe
2008-02-05 17:56 . 2008-02-05 17:56 0 --a------ C:\WINDOWS\wexpert6.ini
2008-02-04 00:11 . 2008-02-04 00:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-30 18:08 . 2008-01-30 18:08 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-22 16:30 . 2008-01-22 16:30 <REP> d-------- C:\Documents and Settings\AP35\Application Data\Talkback
2008-01-15 19:30 . 2008-01-15 19:30 <REP> dr------- C:\Documents and Settings\AP35\Application Data\Brother
2008-01-15 16:28 . 2008-01-15 16:28 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-15 16:28 . 2008-01-15 16:28 212 --a------ C:\WINDOWS\Brpfx04a.ini
2008-01-15 16:28 . 2008-01-15 16:28 93 --a------ C:\WINDOWS\brpcfx.ini
2008-01-15 16:28 . 2008-01-15 16:28 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-01-15 16:28 . 2008-01-15 16:28 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-01-15 16:27 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll
2008-01-15 16:27 . 2006-02-24 17:59 56,320 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-01-15 16:27 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll
2008-01-15 16:27 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2008-01-15 16:26 . 2008-01-15 16:28 <REP> d-------- C:\Program Files\Brother
2008-01-15 16:26 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2008-01-15 16:26 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll
2008-01-15 16:26 . 2006-01-17 01:03 126,976 --------- C:\WINDOWS\system32\BrfxD05a.dll
2008-01-15 16:26 . 2005-06-02 01:09 86,016 --------- C:\WINDOWS\system32\BrWebIns.dll
2008-01-15 16:26 . 2005-06-02 01:08 69,632 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2008-01-15 16:26 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-01-15 16:26 . 2003-11-28 18:57 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-01-15 16:24 . 2008-01-15 16:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-15 13:43 . 2008-01-15 13:43 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-01-14 11:48 . 2008-01-14 11:48 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-14 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-14 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-14 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-12 15:07 . 2008-01-12 15:07 <REP> d-------- C:\Program Files\DivX
2008-01-12 14:05 . 2008-01-12 14:05 <REP> d-------- C:\Documents and Settings\AP35\Contacts
2008-01-12 13:59 . 2008-01-12 14:03 <REP> d-------- C:\Program Files\Windows Live
2008-01-12 13:59 . 2008-01-12 14:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-12 13:59 . 2008-01-12 13:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 17:39 --------- d-----w C:\Program Files\McAfee
2008-01-15 15:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-08 01:04 --------- d-----w C:\Documents and Settings\AP35\Application Data\dvdcss
2007-12-29 15:26 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-26 22:25 --------- d-----w C:\Program Files\Microsoft Works
2007-12-26 22:23 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-26 17:17 --------- d-----w C:\Program Files\IZArc
2007-12-25 18:38 --------- d-----w C:\Program Files\BitLord
2007-12-24 15:51 --------- d-----w C:\Program Files\Sony
2007-12-24 15:49 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-12-23 20:45 --------- d-----w C:\Program Files\Visicom Media
2007-12-23 17:57 --------- d-----w C:\Documents and Settings\AP35\Application Data\vlc
2007-12-23 17:47 --------- d-----w C:\Program Files\VideoLAN
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-23 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-23 15:28 --------- d-----w C:\Program Files\Bonjour
2007-12-23 15:15 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-23 13:47 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-23 13:07 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-23 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-23 11:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 10:15 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2007-12-23 10:09 --------- d-----w C:\Program Files\ThiWeb Live 2
2007-12-23 09:40 --------- d-----w C:\Program Files\Symantec
2007-12-23 09:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-23 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-23 02:03 --------- d-----w C:\Program Files\McAfee.com
2007-12-23 01:47 --------- d-----w C:\Program Files\antivirus
2007-12-23 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-22 23:43 --------- d-----w C:\Documents and Settings\AP35\Application Data\Symantec
2007-12-22 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-22 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-12-22 23:15 --------- d-----w C:\Documents and Settings\AP35\Application Data\Sony Corporation
2007-12-22 23:14 --------- d-----w C:\Program Files\Roxio
2007-12-22 23:09 0 ---ha-r C:\WINDOWS\system32\drivers\Sony_VGN-FS415E.mrk
2007-12-22 23:09 --------- d-----w C:\Program Files\Raccourcis de programmes
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 05:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 06:56 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 22:07 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32 1279336]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2002-07-31 14:42 475136]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinPrx"= {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll [2008-02-06 01:13 14374]
"SetupDrive"= {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll [2008-02-05 19:25 14374]
"zip"= {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll [2008-02-05 19:25 39462]
"SrvSrv"= {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll [2008-02-05 19:24 14374]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-13 15:19 98304 C:\WINDOWS\system32\VESWinlogon.dll
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-23 02:04:03 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-23 02:04:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 00:23:16
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
-> C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
-> C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 0:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 23:28:58
.
2008-01-19 14:59:37 --- E O F ---
Et le rapport panda :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-07 00:46:31
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@atdmt[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@linksynergy[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@overture[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@smartadserver[2].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
analyse sur virus total ces trois fichiers et si inféctés tu les colles dans la citation otmovit: https://www.virustotal.com/gui/
C:\WINDOWS\system32\ewqcboef.dll
C:\Program Files\15500593.exe
C:\WINDOWS\system32\d3d9caps.dat
___________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
recolle hiajkchits et dis tes soucis
a plus
C:\WINDOWS\system32\ewqcboef.dll
C:\Program Files\15500593.exe
C:\WINDOWS\system32\d3d9caps.dat
___________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
recolle hiajkchits et dis tes soucis
a plus
Le rapport OtMoveIT :
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ewqcboef.dll
C:\WINDOWS\system32\ewqcboef.dll NOT unregistered.
C:\WINDOWS\system32\ewqcboef.dll moved successfully.
C:\Program Files\15500593.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL NOT unregistered.
C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL NOT unregistered.
C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL NOT unregistered.
C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL moved successfully.
OTMoveIt2 v1.0.18 log created on 02072008_112519
Et le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:58, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Apoint\Apoint.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll (file missing)
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll (file missing)
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0009341202377586) (0009341202377586mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\000934~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ewqcboef.dll
C:\WINDOWS\system32\ewqcboef.dll NOT unregistered.
C:\WINDOWS\system32\ewqcboef.dll moved successfully.
C:\Program Files\15500593.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL NOT unregistered.
C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL NOT unregistered.
C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL NOT unregistered.
C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL moved successfully.
OTMoveIt2 v1.0.18 log created on 02072008_112519
Et le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:58, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Apoint\Apoint.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll (file missing)
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll (file missing)
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0009341202377586) (0009341202377586mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\000934~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
fais DEMARRER puis EXECUTEr et tape mrt puis sui la procedure
_______________
recolle un scan en ligne pour verifer
a plus
_______________
recolle un scan en ligne pour verifer
a plus
Merci de ta réactivité, voici la rapport totalscan :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-07 11:44:11
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@atdmt[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@linksynergy[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@overture[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@smartadserver[2].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-07 11:44:11
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@atdmt[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@linksynergy[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@overture[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@smartadserver[2].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Bon jour jlpjlp,
j'ai le même souci, j'ai le virus storage protector et je suis lamentablement déspérer.
Je suis infographiste freelance et j'ai perdu tout mon travail !!!
Que dois je faire ?
Est ce que tu peux m'aider stp?
j'ai le même souci, j'ai le virus storage protector et je suis lamentablement déspérer.
Je suis infographiste freelance et j'ai perdu tout mon travail !!!
Que dois je faire ?
Est ce que tu peux m'aider stp?
slt,
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_____________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
_________________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_____________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
_________________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
