Storage Protector arghhh !!

emmanuel -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je suis infécté par storage Protector, j'ai fais un scan avec Mcafee et mis en quarantaine les fichiers détéctés.
J'ai également lancé VundoFix et supprimé les fichiers indiqués.

Apparement les virus sont toujours présents et bien qu'ayant consulté pas mal de forum je n'ai aucune idée sur la façon de m'en débarasser.

Merci de votre aide :)

Voici mon rapport de scan HJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:32, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing)
O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

--
End of file - 9794 bytes
Configuration: Windows XP
Firefox 3.0

10 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    desisntalle via ton panneau de configuration:

    VMN Toolbar

    ______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing)
    O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
    O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
    O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
    O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
    ___________________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _____________________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
  2. emmanuel
     
    Merci jlpjlp,

    donc voici le rapport combofix :

    ComboFix 08-02.05.3 - AP35 2008-02-07 0:16:32.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.960 [GMT 1:00]
    Endroit: C:\Documents and Settings\AP35\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\feobcqwe.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\odyrchpq.ini
    C:\WINDOWS\system32\ppqss.ini
    C:\WINDOWS\system32\ppqss.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-06 20:55 . 2008-02-06 20:55 10,240 --a------ C:\Program Files\tmp8283859.exe
    2008-02-06 20:48 . 2008-02-06 21:19 <REP> d-------- C:\VundoFix Backups
    2008-02-06 20:45 . 2008-02-06 20:45 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-06 12:39 . 2008-02-07 00:14 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
    2008-02-06 11:15 . 2008-02-06 11:15 90,688 --a------ C:\WINDOWS\system32\qphcrydo.dll
    2008-02-05 20:05 . 2008-02-06 10:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-05 19:51 . 2008-02-05 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-05 19:37 . 2008-02-05 19:37 90,688 --------- C:\WINDOWS\system32\ewqcboef.dll
    2008-02-05 19:25 . 2008-02-05 19:25 46,080 --a------ C:\Program Files\15500593.exe
    2008-02-05 17:56 . 2008-02-05 17:56 0 --a------ C:\WINDOWS\wexpert6.ini
    2008-02-04 00:11 . 2008-02-04 00:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-01-30 18:08 . 2008-01-30 18:08 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-22 16:30 . 2008-01-22 16:30 <REP> d-------- C:\Documents and Settings\AP35\Application Data\Talkback
    2008-01-15 19:30 . 2008-01-15 19:30 <REP> dr------- C:\Documents and Settings\AP35\Application Data\Brother
    2008-01-15 16:28 . 2008-01-15 16:28 434 --a------ C:\WINDOWS\BRWMARK.INI
    2008-01-15 16:28 . 2008-01-15 16:28 212 --a------ C:\WINDOWS\Brpfx04a.ini
    2008-01-15 16:28 . 2008-01-15 16:28 93 --a------ C:\WINDOWS\brpcfx.ini
    2008-01-15 16:28 . 2008-01-15 16:28 50 --a------ C:\WINDOWS\system32\bridf06a.dat
    2008-01-15 16:28 . 2008-01-15 16:28 27 --a------ C:\WINDOWS\BRPP2KA.INI
    2008-01-15 16:27 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll
    2008-01-15 16:27 . 2006-02-24 17:59 56,320 --a------ C:\WINDOWS\system32\brinsstr.dll
    2008-01-15 16:27 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll
    2008-01-15 16:27 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
    2008-01-15 16:26 . 2008-01-15 16:28 <REP> d-------- C:\Program Files\Brother
    2008-01-15 16:26 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
    2008-01-15 16:26 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll
    2008-01-15 16:26 . 2006-01-17 01:03 126,976 --------- C:\WINDOWS\system32\BrfxD05a.dll
    2008-01-15 16:26 . 2005-06-02 01:09 86,016 --------- C:\WINDOWS\system32\BrWebIns.dll
    2008-01-15 16:26 . 2005-06-02 01:08 69,632 --------- C:\WINDOWS\system32\BRWEBUP.EXE
    2008-01-15 16:26 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
    2008-01-15 16:26 . 2003-11-28 18:57 0 --a------ C:\WINDOWS\brdfxspd.dat
    2008-01-15 16:24 . 2008-01-15 16:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
    2008-01-15 13:43 . 2008-01-15 13:43 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-01-14 11:48 . 2008-01-14 11:48 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-14 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-01-14 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-01-14 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-01-12 15:07 . 2008-01-12 15:07 <REP> d-------- C:\Program Files\DivX
    2008-01-12 14:05 . 2008-01-12 14:05 <REP> d-------- C:\Documents and Settings\AP35\Contacts
    2008-01-12 13:59 . 2008-01-12 14:03 <REP> d-------- C:\Program Files\Windows Live
    2008-01-12 13:59 . 2008-01-12 14:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-12 13:59 . 2008-01-12 13:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-06 17:39 --------- d-----w C:\Program Files\McAfee
    2008-01-15 15:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-14 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-08 01:04 --------- d-----w C:\Documents and Settings\AP35\Application Data\dvdcss
    2007-12-29 15:26 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-12-26 22:25 --------- d-----w C:\Program Files\Microsoft Works
    2007-12-26 22:23 --------- d-----w C:\Program Files\Microsoft.NET
    2007-12-26 17:17 --------- d-----w C:\Program Files\IZArc
    2007-12-25 18:38 --------- d-----w C:\Program Files\BitLord
    2007-12-24 15:51 --------- d-----w C:\Program Files\Sony
    2007-12-24 15:49 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
    2007-12-23 20:45 --------- d-----w C:\Program Files\Visicom Media
    2007-12-23 17:57 --------- d-----w C:\Documents and Settings\AP35\Application Data\vlc
    2007-12-23 17:47 --------- d-----w C:\Program Files\VideoLAN
    2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-23 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-12-23 15:28 --------- d-----w C:\Program Files\Bonjour
    2007-12-23 15:15 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2007-12-23 13:47 --------- d-----w C:\Program Files\Alcohol Soft
    2007-12-23 13:07 --------- d-----w C:\Program Files\MSXML 4.0
    2007-12-23 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-12-23 11:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-23 10:15 --------- d-----w C:\Program Files\Fichiers communs\McAfee
    2007-12-23 10:09 --------- d-----w C:\Program Files\ThiWeb Live 2
    2007-12-23 09:40 --------- d-----w C:\Program Files\Symantec
    2007-12-23 09:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-12-23 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2007-12-23 02:03 --------- d-----w C:\Program Files\McAfee.com
    2007-12-23 01:47 --------- d-----w C:\Program Files\antivirus
    2007-12-23 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-22 23:43 --------- d-----w C:\Documents and Settings\AP35\Application Data\Symantec
    2007-12-22 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
    2007-12-22 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
    2007-12-22 23:15 --------- d-----w C:\Documents and Settings\AP35\Application Data\Sony Corporation
    2007-12-22 23:14 --------- d-----w C:\Program Files\Roxio
    2007-12-22 23:09 0 ---ha-r C:\WINDOWS\system32\drivers\Sony_VGN-FS415E.mrk
    2007-12-22 23:09 --------- d-----w C:\Program Files\Raccourcis de programmes
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 05:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 06:56 45056]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
    "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 22:07 184320]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
    "PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
    "MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32 1279336]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
    "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2002-07-31 14:42 475136]
    "VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936]
    "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
    "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinPrx"= {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll [2008-02-06 01:13 14374]
    "SetupDrive"= {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll [2008-02-05 19:25 14374]
    "zip"= {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll [2008-02-05 19:25 39462]
    "SrvSrv"= {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll [2008-02-05 19:24 14374]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2007-02-13 15:19 98304 C:\WINDOWS\system32\VESWinlogon.dll

    R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-23 02:04:03 C:\WINDOWS\Tasks\McDefragTask.job"
    - C:\WINDOWS\system32\defrag.exe
    "2007-12-23 02:04:01 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe.4158 0
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-07 00:23:16
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll
    -> C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll
    -> C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Mcafee\MWL\MwlSvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-07 0:29:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-06 23:28:58
    .
    2008-01-19 14:59:37 --- E O F ---

    Et le rapport panda :

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-02-07 00:46:31
    PROTECTIONS: 1
    MALWARE: 13
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee VirusScan Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@doubleclick[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@atdmt[2].txt
    00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@linksynergy[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@xiti[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@ad.yieldmanager[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@bs.serving-sys[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@weborama[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@advertising[1].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@overture[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@smartadserver[2].txt
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
    02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
    02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
    02899042 Trj/Agent.HYM Virus/Trojan Yes 1 Yes No C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse sur virus total ces trois fichiers et si inféctés tu les colles dans la citation otmovit: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\ewqcboef.dll
    C:\Program Files\15500593.exe
    C:\WINDOWS\system32\d3d9caps.dat
    ___________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
    C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
    C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________

    recolle hiajkchits et dis tes soucis

    a plus
    0
  4. emmanuel
     
    Le rapport OtMoveIT :

    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ewqcboef.dll
    C:\WINDOWS\system32\ewqcboef.dll NOT unregistered.
    C:\WINDOWS\system32\ewqcboef.dll moved successfully.
    C:\Program Files\15500593.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL
    C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL NOT unregistered.
    C:\WINDOWS\INSTALLER\{6A316AFA-FA43-4E1D-B39B-DFECD59B7CF2}\SRVSRV.DLL moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL
    C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL NOT unregistered.
    C:\WINDOWS\INSTALLER\{1304F656-DB51-44ED-987F-EF8CE8A34FC4}\SETUPDRIVE.DLL moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL
    C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL NOT unregistered.
    C:\WINDOWS\INSTALLER\{C4DE259B-BDA8-45CC-9EBE-0167DB18DE73}\WINPRX.DLL moved successfully.

    OTMoveIt2 v1.0.18 log created on 02072008_112519

    Et le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:28:58, on 07/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Apoint\Apoint.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Mcafee\MWL\MWLGui.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Mcafee\MWL\MwlSvc.exe
    C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll (file missing)
    O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll (file missing)
    O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll
    O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0009341202377586) (0009341202377586mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\000934~1.EXE
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais DEMARRER puis EXECUTEr et tape mrt puis sui la procedure

    _______________

    recolle un scan en ligne pour verifer

    a plus
    0
  7. emmanuel
     
    Merci de ta réactivité, voici la rapport totalscan :

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-02-07 11:44:11
    PROTECTIONS: 1
    MALWARE: 12
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee VirusScan Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@atdmt[2].txt
    00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@linksynergy[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@xiti[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@ad.yieldmanager[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@bs.serving-sys[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@weborama[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@advertising[1].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@overture[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\AP35\Cookies\ap35@smartadserver[2].txt
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      ok c'est bon!
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    c'est bon

    bonne continuation
    0
  9. charlely
     
    Bon jour jlpjlp,

    j'ai le même souci, j'ai le virus storage protector et je suis lamentablement déspérer.
    Je suis infographiste freelance et j'ai perdu tout mon travail !!!

    Que dois je faire ?
    Est ce que tu peux m'aider stp?
    0
  10. charlely
     
    Personne pour m'aider ?
    S'il vous plait ?
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _____________________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    _________________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0