Infection help ME
Fermé
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
-
9 févr. 2008 à 19:14
tokina Messages postés 22 Date d'inscription mercredi 12 décembre 2007 Statut Membre Dernière intervention 19 février 2008 - 15 févr. 2008 à 22:57
tokina Messages postés 22 Date d'inscription mercredi 12 décembre 2007 Statut Membre Dernière intervention 19 février 2008 - 15 févr. 2008 à 22:57
A voir également:
- Infection help ME
- Infection SIM ✓ - Forum Virus
- Infection WonderShare ✓ - Forum Virus
- Infection url:mal - Forum Virus
- Infection pc ✓ - Forum Virus
- [Pnkbstra]infection ✓ - Forum Virus
22 réponses
Utilisateur anonyme
9 févr. 2008 à 19:23
9 févr. 2008 à 19:23
bonjour
Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4
pour effectuer les fix deconnect toi et ferme toutes tes applications !!
* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
____________________________________
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4
pour effectuer les fix deconnect toi et ferme toutes tes applications !!
* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
____________________________________
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
9 févr. 2008 à 20:01
9 févr. 2008 à 20:01
RE,
Info comme demandé
VUNDOFIX
VundoFix V6.7.8
Checking Java version...
Scan started at 19:29:44 09/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\ctnycrrq.dll
C:\WINDOWS\system32\dgjyduwl.dll
C:\windows\system32\drvrudr.dll
C:\WINDOWS\system32\gebabbx.dll
C:\WINDOWS\system32\hstwopcc.dll
C:\WINDOWS\system32\kaithior.dll
C:\WINDOWS\system32\kbumciyr.dll
C:\WINDOWS\system32\mijcccjl.dll
C:\WINDOWS\system32\negifbhq.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\opnmjii.dll
C:\WINDOWS\system32\ovilyyqm.dll
C:\windows\system32\ovilyyqm.dllbox
C:\WINDOWS\system32\pmnmnmk.dll
C:\WINDOWS\system32\qhbfigen.ini
C:\WINDOWS\system32\qrrcyntc.ini
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\uqpdshbf.dll
C:\WINDOWS\system32\winiyz32.dll
C:\WINDOWS\system32\worvjeup.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ctnycrrq.dll
C:\WINDOWS\system32\ctnycrrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjyduwl.dll
C:\WINDOWS\system32\dgjyduwl.dll Has been deleted!
Attempting to delete C:\windows\system32\drvrudr.dll
C:\windows\system32\drvrudr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebabbx.dll
C:\WINDOWS\system32\gebabbx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hstwopcc.dll
C:\WINDOWS\system32\hstwopcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kaithior.dll
C:\WINDOWS\system32\kaithior.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbumciyr.dll
C:\WINDOWS\system32\kbumciyr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mijcccjl.dll
C:\WINDOWS\system32\mijcccjl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\negifbhq.dll
C:\WINDOWS\system32\negifbhq.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\npqss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnmjii.dll
C:\WINDOWS\system32\opnmjii.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ovilyyqm.dll
C:\WINDOWS\system32\ovilyyqm.dll Has been deleted!
Attempting to delete C:\windows\system32\ovilyyqm.dllbox
C:\windows\system32\ovilyyqm.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnmnmk.dll
C:\WINDOWS\system32\pmnmnmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhbfigen.ini
C:\WINDOWS\system32\qhbfigen.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrrcyntc.ini
C:\WINDOWS\system32\qrrcyntc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\ssqpn.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqpdshbf.dll
C:\WINDOWS\system32\uqpdshbf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\winiyz32.dll
C:\WINDOWS\system32\winiyz32.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\worvjeup.dll
C:\WINDOWS\system32\worvjeup.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\negifbhq.dll
C:\WINDOWS\system32\negifbhq.dll Has been deleted!
Performing Repairs to the registry.
Done!
VGB.TXT
[02/09/2008, 19:56:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\toto\Bureau\VirtumundoBeGone.exe" )
[02/09/2008, 19:56:21] - Detected System Information:
[02/09/2008, 19:56:21] - Windows Version: 5.1.2600, Service Pack 1
[02/09/2008, 19:56:21] - Current Username: toto (Admin)
[02/09/2008, 19:56:21] - Windows is in NORMAL mode.
[02/09/2008, 19:56:21] - Searching for Browser Helper Objects:
[02/09/2008, 19:56:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/09/2008, 19:56:21] - BHO 2: {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\Outerinfo
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\Outerinfo, continuing.
[02/09/2008, 19:56:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/09/2008, 19:56:21] - BHO 4: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\etdtxvff
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\etdtxvff, continuing.
[02/09/2008, 19:56:21] - BHO 5: {7873C108-A6D3-4AE8-B22A-5E5328F72A1E} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[02/09/2008, 19:56:21] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/09/2008, 19:56:21] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/09/2008, 19:56:21] - BHO 8: {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\opnmjii
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\opnmjii, continuing.
[02/09/2008, 19:56:21] - BHO 9: {d79b652b-3e38-4fcd-9d4a-53b12aae6e7d} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\vnljhrdg
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\vnljhrdg, continuing.
[02/09/2008, 19:56:21] - Finished Searching Browser Helper Objects
[02/09/2008, 19:56:21] - Finishing up...
[02/09/2008, 19:56:21] - Nothing found! Exiting...
Info comme demandé
VUNDOFIX
VundoFix V6.7.8
Checking Java version...
Scan started at 19:29:44 09/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\ctnycrrq.dll
C:\WINDOWS\system32\dgjyduwl.dll
C:\windows\system32\drvrudr.dll
C:\WINDOWS\system32\gebabbx.dll
C:\WINDOWS\system32\hstwopcc.dll
C:\WINDOWS\system32\kaithior.dll
C:\WINDOWS\system32\kbumciyr.dll
C:\WINDOWS\system32\mijcccjl.dll
C:\WINDOWS\system32\negifbhq.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\opnmjii.dll
C:\WINDOWS\system32\ovilyyqm.dll
C:\windows\system32\ovilyyqm.dllbox
C:\WINDOWS\system32\pmnmnmk.dll
C:\WINDOWS\system32\qhbfigen.ini
C:\WINDOWS\system32\qrrcyntc.ini
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\uqpdshbf.dll
C:\WINDOWS\system32\winiyz32.dll
C:\WINDOWS\system32\worvjeup.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ctnycrrq.dll
C:\WINDOWS\system32\ctnycrrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjyduwl.dll
C:\WINDOWS\system32\dgjyduwl.dll Has been deleted!
Attempting to delete C:\windows\system32\drvrudr.dll
C:\windows\system32\drvrudr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebabbx.dll
C:\WINDOWS\system32\gebabbx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hstwopcc.dll
C:\WINDOWS\system32\hstwopcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kaithior.dll
C:\WINDOWS\system32\kaithior.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbumciyr.dll
C:\WINDOWS\system32\kbumciyr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mijcccjl.dll
C:\WINDOWS\system32\mijcccjl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\negifbhq.dll
C:\WINDOWS\system32\negifbhq.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\npqss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnmjii.dll
C:\WINDOWS\system32\opnmjii.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ovilyyqm.dll
C:\WINDOWS\system32\ovilyyqm.dll Has been deleted!
Attempting to delete C:\windows\system32\ovilyyqm.dllbox
C:\windows\system32\ovilyyqm.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnmnmk.dll
C:\WINDOWS\system32\pmnmnmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhbfigen.ini
C:\WINDOWS\system32\qhbfigen.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrrcyntc.ini
C:\WINDOWS\system32\qrrcyntc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\ssqpn.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqpdshbf.dll
C:\WINDOWS\system32\uqpdshbf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\winiyz32.dll
C:\WINDOWS\system32\winiyz32.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\worvjeup.dll
C:\WINDOWS\system32\worvjeup.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\negifbhq.dll
C:\WINDOWS\system32\negifbhq.dll Has been deleted!
Performing Repairs to the registry.
Done!
VGB.TXT
[02/09/2008, 19:56:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\toto\Bureau\VirtumundoBeGone.exe" )
[02/09/2008, 19:56:21] - Detected System Information:
[02/09/2008, 19:56:21] - Windows Version: 5.1.2600, Service Pack 1
[02/09/2008, 19:56:21] - Current Username: toto (Admin)
[02/09/2008, 19:56:21] - Windows is in NORMAL mode.
[02/09/2008, 19:56:21] - Searching for Browser Helper Objects:
[02/09/2008, 19:56:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/09/2008, 19:56:21] - BHO 2: {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\Outerinfo
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\Outerinfo, continuing.
[02/09/2008, 19:56:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/09/2008, 19:56:21] - BHO 4: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\etdtxvff
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\etdtxvff, continuing.
[02/09/2008, 19:56:21] - BHO 5: {7873C108-A6D3-4AE8-B22A-5E5328F72A1E} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[02/09/2008, 19:56:21] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/09/2008, 19:56:21] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/09/2008, 19:56:21] - BHO 8: {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\opnmjii
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\opnmjii, continuing.
[02/09/2008, 19:56:21] - BHO 9: {d79b652b-3e38-4fcd-9d4a-53b12aae6e7d} ()
[02/09/2008, 19:56:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 19:56:21] - Checking for HKLM\...\Winlogon\Notify\vnljhrdg
[02/09/2008, 19:56:21] - Key not found: HKLM\...\Winlogon\Notify\vnljhrdg, continuing.
[02/09/2008, 19:56:21] - Finished Searching Browser Helper Objects
[02/09/2008, 19:56:21] - Finishing up...
[02/09/2008, 19:56:21] - Nothing found! Exiting...
Utilisateur anonyme
9 févr. 2008 à 20:04
9 févr. 2008 à 20:04
ok ca avance bien !
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, et ton pare feu si ce n'est pas celui de window , qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, et ton pare feu si ce n'est pas celui de window , qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
9 févr. 2008 à 21:07
9 févr. 2008 à 21:07
RE
Post de COMBO
Attention de nombreux pb au démarrage
ComboFix 08-02.05.3 - toto 2008-02-09 20:39:31.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.309 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ssqpn.dll
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\cfozutgr
C:\Program Files\cfozutgr\srodufql.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Cache\ctxad-577.0000
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo .exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\OuterinfoUpdate .exe
C:\Program Files\outerinfo\OuterinfoUpdate.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bsgqxwuj.ini
C:\WINDOWS\system32\cccaoqre.ini
C:\WINDOWS\system32\cvgpjvtv.ini
C:\WINDOWS\system32\mbigibzz.dll
C:\WINDOWS\system32\mbigibzz.dll . . . . Echec de suppression
C:\WINDOWS\system32\mbigibzz.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njprckha
C:\WINDOWS\system32\njprckha\bg1.gif
C:\WINDOWS\system32\njprckha\bgtop.gif
C:\WINDOWS\system32\njprckha\bottom1.gif
C:\WINDOWS\system32\njprckha\essentials.gif
C:\WINDOWS\system32\njprckha\icon1.ico
C:\WINDOWS\system32\njprckha\install1.gif
C:\WINDOWS\system32\njprckha\left1.gif
C:\WINDOWS\system32\njprckha\li.gif
C:\WINDOWS\system32\njprckha\logo.gif
C:\WINDOWS\system32\njprckha\main.htm
C:\WINDOWS\system32\njprckha\mainframe.htm
C:\WINDOWS\system32\njprckha\njprckha1.exe
C:\WINDOWS\system32\njprckha\reinstall1.gif
C:\WINDOWS\system32\njprckha\right1.gif
C:\WINDOWS\system32\njprckha\s1.htm
C:\WINDOWS\system32\njprckha\s2.htm
C:\WINDOWS\system32\njprckha\s3.htm
C:\WINDOWS\system32\njprckha\SMTop1.gif
C:\WINDOWS\system32\njprckha\SMTop2.gif
C:\WINDOWS\system32\njprckha\SMTop3.gif
C:\WINDOWS\system32\njprckha\SMTop4.gif
C:\WINDOWS\system32\njprckha\soft1_off.gif
C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
C:\WINDOWS\system32\njprckha\soft1_on.gif
C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
C:\WINDOWS\system32\njprckha\soft2_off.gif
C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
C:\WINDOWS\system32\njprckha\soft2_on.gif
C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
C:\WINDOWS\system32\njprckha\soft3_off.gif
C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
C:\WINDOWS\system32\njprckha\soft3_on.gif
C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
C:\WINDOWS\system32\njprckha\softbottom_off.gif
C:\WINDOWS\system32\njprckha\softbottom_on.gif
C:\WINDOWS\system32\njprckha\softleft_off.gif
C:\WINDOWS\system32\njprckha\softleft_on.gif
C:\WINDOWS\system32\njprckha\top1.gif
C:\WINDOWS\system32\njprckha\top2.gif
C:\WINDOWS\system32\njprckha\turnoff1.gif
C:\WINDOWS\system32\njprckha\turnon1.gif
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\RCX18.tmp
C:\WINDOWS\system32\RCX19.tmp
C:\WINDOWS\system32\RCX1B.tmp
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\RCX25.tmp
C:\WINDOWS\system32\RCX28.tmp
C:\WINDOWS\system32\RCX29.tmp
C:\WINDOWS\system32\RCX2C.tmp
C:\WINDOWS\system32\RCXD1.tmp
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\tbxbbscm.dll
C:\WINDOWS\system32\vnljhrdg.dll
C:\WINDOWS\system32\vtvjpgvc.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xutssaoo.ini
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe . . . . Echec de suppression
----- BITS: Possible sites infect‚s -----
hxxp://msgr.dlservice.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
.
2008-02-09 20:47 . 2008-02-09 20:47 14,033 --a------ C:\posF.tmp
2008-02-09 19:57 . 2008-02-09 20:44 163,904 --------- C:\WINDOWS\system32\mbigibzz.dll
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
.
[code]<pre>
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-09 20:44 163904 --------- C:\WINDOWS\system32\mbigibzz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [ ]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:43 1697792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll 2008-02-09 20:44 163904 C:\WINDOWS\system32\mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-09 18:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 20:49:10
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mbigibzz.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\WINDOWS\system32\mbigibzz.dll
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-09 20:51:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 19:51:30
Post de COMBO
Attention de nombreux pb au démarrage
ComboFix 08-02.05.3 - toto 2008-02-09 20:39:31.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.309 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ssqpn.dll
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\toto\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\cfozutgr
C:\Program Files\cfozutgr\srodufql.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Cache\ctxad-577.0000
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo .exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\OuterinfoUpdate .exe
C:\Program Files\outerinfo\OuterinfoUpdate.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bsgqxwuj.ini
C:\WINDOWS\system32\cccaoqre.ini
C:\WINDOWS\system32\cvgpjvtv.ini
C:\WINDOWS\system32\mbigibzz.dll
C:\WINDOWS\system32\mbigibzz.dll . . . . Echec de suppression
C:\WINDOWS\system32\mbigibzz.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njprckha
C:\WINDOWS\system32\njprckha\bg1.gif
C:\WINDOWS\system32\njprckha\bgtop.gif
C:\WINDOWS\system32\njprckha\bottom1.gif
C:\WINDOWS\system32\njprckha\essentials.gif
C:\WINDOWS\system32\njprckha\icon1.ico
C:\WINDOWS\system32\njprckha\install1.gif
C:\WINDOWS\system32\njprckha\left1.gif
C:\WINDOWS\system32\njprckha\li.gif
C:\WINDOWS\system32\njprckha\logo.gif
C:\WINDOWS\system32\njprckha\main.htm
C:\WINDOWS\system32\njprckha\mainframe.htm
C:\WINDOWS\system32\njprckha\njprckha1.exe
C:\WINDOWS\system32\njprckha\reinstall1.gif
C:\WINDOWS\system32\njprckha\right1.gif
C:\WINDOWS\system32\njprckha\s1.htm
C:\WINDOWS\system32\njprckha\s2.htm
C:\WINDOWS\system32\njprckha\s3.htm
C:\WINDOWS\system32\njprckha\SMTop1.gif
C:\WINDOWS\system32\njprckha\SMTop2.gif
C:\WINDOWS\system32\njprckha\SMTop3.gif
C:\WINDOWS\system32\njprckha\SMTop4.gif
C:\WINDOWS\system32\njprckha\soft1_off.gif
C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
C:\WINDOWS\system32\njprckha\soft1_on.gif
C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
C:\WINDOWS\system32\njprckha\soft2_off.gif
C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
C:\WINDOWS\system32\njprckha\soft2_on.gif
C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
C:\WINDOWS\system32\njprckha\soft3_off.gif
C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
C:\WINDOWS\system32\njprckha\soft3_on.gif
C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
C:\WINDOWS\system32\njprckha\softbottom_off.gif
C:\WINDOWS\system32\njprckha\softbottom_on.gif
C:\WINDOWS\system32\njprckha\softleft_off.gif
C:\WINDOWS\system32\njprckha\softleft_on.gif
C:\WINDOWS\system32\njprckha\top1.gif
C:\WINDOWS\system32\njprckha\top2.gif
C:\WINDOWS\system32\njprckha\turnoff1.gif
C:\WINDOWS\system32\njprckha\turnon1.gif
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\RCX18.tmp
C:\WINDOWS\system32\RCX19.tmp
C:\WINDOWS\system32\RCX1B.tmp
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\RCX25.tmp
C:\WINDOWS\system32\RCX28.tmp
C:\WINDOWS\system32\RCX29.tmp
C:\WINDOWS\system32\RCX2C.tmp
C:\WINDOWS\system32\RCXD1.tmp
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\tbxbbscm.dll
C:\WINDOWS\system32\vnljhrdg.dll
C:\WINDOWS\system32\vtvjpgvc.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xutssaoo.ini
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe . . . . Echec de suppression
----- BITS: Possible sites infect‚s -----
hxxp://msgr.dlservice.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
.
2008-02-09 20:47 . 2008-02-09 20:47 14,033 --a------ C:\posF.tmp
2008-02-09 19:57 . 2008-02-09 20:44 163,904 --------- C:\WINDOWS\system32\mbigibzz.dll
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
.
[code]<pre>
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-09 20:44 163904 --------- C:\WINDOWS\system32\mbigibzz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [ ]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:43 1697792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll 2008-02-09 20:44 163904 C:\WINDOWS\system32\mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-09 18:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 20:49:10
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mbigibzz.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\WINDOWS\system32\mbigibzz.dll
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-09 20:51:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 19:51:30
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
9 févr. 2008 à 21:59
9 févr. 2008 à 21:59
ne t'inquiete pas je ne t'ai pas abandone je demande des conseils a des helpers plus experimentes car tu as une infection a prioris qui patche certains de tes programmes .
Utilisateur anonyme
9 févr. 2008 à 22:16
9 févr. 2008 à 22:16
ca y est j'ai eu des infos grace a jorginho67 , tu as la derniere version du trojan vundo patcher , fantastique non?!! lol ne t'en fait on va debarrasser ton pc de cette cochonnerie !!
telecharge ceci:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
double clique dessus pour le lancer.
Le dossier SystemDrive va être scanné à la recherche de fichier EXE dont le nom comporte un espace.
Un rapport va être créé > copie colle le ici !
telecharge ceci:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
double clique dessus pour le lancer.
Le dossier SystemDrive va être scanné à la recherche de fichier EXE dont le nom comporte un espace.
Un rapport va être créé > copie colle le ici !
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
9 févr. 2008 à 23:16
9 févr. 2008 à 23:16
RE
Rapport demandé
[code]
Ran on 09/02/2008 - 23:15:07,32
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 15,940,336 Blocks: 31,136
/code
Rapport demandé
[code]
Ran on 09/02/2008 - 23:15:07,32
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 15,940,336 Blocks: 31,136
/code
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
9 févr. 2008 à 23:36
9 févr. 2008 à 23:36
Bonsoir les gens !
Crée un fichier Bloc Notes ( clic droit sur le bureau> nouveau> document texte > copi/colles-y le texte qui se trouve ci dessous:
C:\WINDOWS\system32\00THotkey .exe
C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\QuickTime\qttask .exe
:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Sauvegarde ce fichier et donne lui le nom suivant > Log.txt
Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme montré ci dessous :
http://img.photobucket.com/albums/v666/sUBs/RenV.gif
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Crée un fichier Bloc Notes ( clic droit sur le bureau> nouveau> document texte > copi/colles-y le texte qui se trouve ci dessous:
C:\WINDOWS\system32\00THotkey .exe
C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\QuickTime\qttask .exe
:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Sauvegarde ce fichier et donne lui le nom suivant > Log.txt
Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe comme montré ci dessous :
http://img.photobucket.com/albums/v666/sUBs/RenV.gif
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
10 févr. 2008 à 08:55
10 févr. 2008 à 08:55
RE
Voilà les infos du scan
[code]
Ran on 10/02/2008 - 8:54:00,12
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 15,940,336 Blocks: 31,136
/code
Voilà les infos du scan
[code]
Ran on 10/02/2008 - 8:54:00,12
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 15,940,336 Blocks: 31,136
/code
Utilisateur anonyme
10 févr. 2008 à 12:57
10 févr. 2008 à 12:57
bonjour je poste la suite de procedure en attendant jorginho67
1) RenV d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\WINDOWS\system32\00THotkey .exe
C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
2) Combofix.exe de sUBs
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe (sur ton Bureau)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.
Poste le en réponse.
Note : Le rapport se trouve également là : C:\Combofix.txt+
1) RenV d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\WINDOWS\system32\00THotkey .exe
C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
2) Combofix.exe de sUBs
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe (sur ton Bureau)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.
Poste le en réponse.
Note : Le rapport se trouve également là : C:\Combofix.txt+
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
10 févr. 2008 à 17:13
10 févr. 2008 à 17:13
RE
1) Rapport de RENV
Ran on 10/02/2008 - 17:01:01,33
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 15,940,336 Blocks: 31,136
2) Rapport de COmbo
ComboFix 08-02.05.3 - toto 2008-02-10 17:02:55.2 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.331 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mbigibzz.dllbox
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0/u0THotkey .exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
.
[code]<pre>
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\[u]0/u0THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
</pre>/code
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0/u0THotkey.exe" [ ]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0/u00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:43 1697792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-10 11:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 17:07:57
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-10 17:09:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 16:09:02
ComboFix2.txt 2008-02-09 19:51:36
1) Rapport de RENV
Ran on 10/02/2008 - 17:01:01,33
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\00THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 15,940,336 Blocks: 31,136
2) Rapport de COmbo
ComboFix 08-02.05.3 - toto 2008-02-10 17:02:55.2 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.331 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mbigibzz.dllbox
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0/u0THotkey .exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
.
[code]<pre>
----a-w 245,760 2008-01-17 07:49:36 C:\WINDOWS\system32\[u]0/u0THotkey .exe
----a-w 49,152 2007-12-31 08:54:54 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
----a-w 110,592 2007-12-31 08:55:00 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 450,560 2007-12-28 18:34:58 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 968,696 2008-02-09 19:31:00 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 83,608 2008-02-09 19:30:54 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 282,624 2007-12-22 15:44:32 C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
</pre>/code
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0/u0THotkey.exe" [ ]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0/u00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:43 1697792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-10 11:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 17:07:57
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-10 17:09:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 16:09:02
ComboFix2.txt 2008-02-09 19:51:36
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
10 févr. 2008 à 17:47
10 févr. 2008 à 17:47
Oupps, petit malentendu ....
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
RENV::
C:\WINDOWS\system32\00THotkey .exe
C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Enregistre ce fichier sous le nom CFScript
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) ,tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@ +
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
RENV::
C:\WINDOWS\system32\00THotkey .exe
C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\_OTMoveIt\MovedFiles\Program Files\SecCenter\scprot4 .exe
Enregistre ce fichier sous le nom CFScript
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) ,tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@ +
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
10 févr. 2008 à 18:39
10 févr. 2008 à 18:39
RE,
Rapport de COMBO
ComboFix 08-02.05.3 - toto 2008-02-10 18:06:35.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.321 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\toto\Bureau\CFScript
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 17:02 . 2001-08-28 14:00 388,096 --a------ C:\kmd.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
.
[code]<pre>
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2008-01-17 08:49 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-12-31 09:54 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-31 09:55 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 19:34 450560]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:31 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-09 20:30 83608]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-02 11:42:32 135680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-10 16:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 18:07:50
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
Temps d'accomplissement: 2008-02-10 18:08:26
ComboFix-quarantined-files.txt 2008-02-10 17:08:26
ComboFix3.txt 2008-02-09 19:51:36
ComboFix2.txt 2008-02-10 16:09:06
Status :
1- Nombreuses difficultés à se connecter sur Internet
2- Explorer cherche à se connecter au démarrage
3- AVG ne démarre plus, dois-je le détruire si oui comment il n'ya pas de commande Uninstall
Sinon il n'y a plus d'alerte au virus au démarrage; juste pour mon info comment ai-je attraper ? Y a-t-il un cas spécifique ?
En tous les cas merci à vous vous etes très compétent.
Rapport de COMBO
ComboFix 08-02.05.3 - toto 2008-02-10 18:06:35.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.321 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\toto\Bureau\CFScript
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 17:02 . 2001-08-28 14:00 388,096 --a------ C:\kmd.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:57 --------- d-----w C:\Program Files\Trend Micro
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
.
[code]<pre>
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2008-01-17 08:49 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-12-31 09:54 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-31 09:55 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 19:34 450560]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:31 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-09 20:30 83608]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-02 11:42:32 135680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-10 16:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 18:07:50
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
Temps d'accomplissement: 2008-02-10 18:08:26
ComboFix-quarantined-files.txt 2008-02-10 17:08:26
ComboFix3.txt 2008-02-09 19:51:36
ComboFix2.txt 2008-02-10 16:09:06
Status :
1- Nombreuses difficultés à se connecter sur Internet
2- Explorer cherche à se connecter au démarrage
3- AVG ne démarre plus, dois-je le détruire si oui comment il n'ya pas de commande Uninstall
Sinon il n'y a plus d'alerte au virus au démarrage; juste pour mon info comment ai-je attraper ? Y a-t-il un cas spécifique ?
En tous les cas merci à vous vous etes très compétent.
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
10 févr. 2008 à 18:45
10 févr. 2008 à 18:45
comment ai-je attraper ? Y a-t-il un cas spécifique ? ce sont des nouvelles variantes....
vu ceci : C:\Program Files\QuickTime\qttask .exe
Vulnérabilités critiques dans QuickTime
donc, on jette !!! De plus qu'il est inutile...
Télécharge ce nettoyeur de registre JV 16
http://telechargement.zebulon.fr/201-jv16-powertools.html
Pour le mettre en français ->onglet préférence ->langue
Clic après sur outil registre va sur l'onglet menu de désinstallation recherche quicktime.
Coche ta case puis en bas désinstaller.
Pour le reste, je regarde en détail, je te tiens au courant .
@ suivre.....
vu ceci : C:\Program Files\QuickTime\qttask .exe
Vulnérabilités critiques dans QuickTime
donc, on jette !!! De plus qu'il est inutile...
Télécharge ce nettoyeur de registre JV 16
http://telechargement.zebulon.fr/201-jv16-powertools.html
Pour le mettre en français ->onglet préférence ->langue
Clic après sur outil registre va sur l'onglet menu de désinstallation recherche quicktime.
Coche ta case puis en bas désinstaller.
Pour le reste, je regarde en détail, je te tiens au courant .
@ suivre.....
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
12 févr. 2008 à 13:19
12 févr. 2008 à 13:19
Salut !
alors ? ou est tu passé(e) ?
Tu peux me remettre un rapport combo s'il te plait ?
@+
alors ? ou est tu passé(e) ?
Tu peux me remettre un rapport combo s'il te plait ?
@+
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
12 févr. 2008 à 20:08
12 févr. 2008 à 20:08
RE,
Désolé ai du partir en déplacement;
Rapport COMBO
ComboFix 08-02.05.3 - toto 2008-02-12 20:03:17.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.355 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:04 . 2008-02-10 19:04 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-02-10 18:05 . 2001-08-28 14:00 388,096 --a------ C:\kmd.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
.
[code]<pre>
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2008-01-17 08:49 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-12-31 09:54 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-31 09:55 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 19:34 450560]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:31 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-09 20:30 83608]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-02 11:42:32 135680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-12 18:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 20:04:48
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
Temps d'accomplissement: 2008-02-12 20:05:19
ComboFix-quarantined-files.txt 2008-02-12 19:05:18
ComboFix4.txt 2008-02-09 19:51:36
ComboFix3.txt 2008-02-10 16:09:06
ComboFix2.txt 2008-02-10 17:08:28
J'ai du dédconnecté ZoneLab et au lancement de COMBO le fichier nircmd.cfexe a demandé une coinnection. e + de nouveau ouverture de IE sur une page vantant des outils spyware !!!!
Désolé ai du partir en déplacement;
Rapport COMBO
ComboFix 08-02.05.3 - toto 2008-02-12 20:03:17.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.355 [GMT 1:00]
Endroit: C:\Documents and Settings\toto\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:04 . 2008-02-10 19:04 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-02-10 18:05 . 2001-08-28 14:00 388,096 --a------ C:\kmd.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118900.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118880.exe
2008-02-10 11:02 . 2008-02-10 11:02 10,240 --a------ C:\Program Files\tmp118800.exe
2008-02-09 19:29 . 2008-02-09 19:29 <REP> d-------- C:\VundoFix Backups
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401577.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp401467.exe
2008-02-09 08:59 . 2008-02-09 08:59 10,240 --a------ C:\Program Files\tmp388128.exe
2008-02-07 08:41 . 2008-02-07 08:41 103,936 --a------ C:\WINDOWS\system32\drvrud.dll
2008-02-07 08:41 . 2008-02-07 08:41 16,896 --a------ C:\WINDOWS\system32\drvzaj.dll
2008-02-06 23:46 . 2008-02-06 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 00:09 . 2008-02-06 00:09 90,688 --a------ C:\WINDOWS\system32\erqoaccc.dll
2008-02-03 21:01 . 2008-02-03 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-03 12:10 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\LPT$VPN.973
2008-02-03 12:09 . 2008-02-03 12:09 35,597,905 --a------ C:\WINDOWS\VPTNFILE.973
2008-02-03 11:39 . 2008-02-03 11:39 15,872 --a------ C:\WINDOWS\system32\drvvix.dll
2008-02-02 14:44 . 2008-02-06 22:30 2,980 --a------ C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 09:33 3,096,576 ------w C:\WINDOWS\Internet Logs\xDB1252.tmp
2008-02-05 23:02 29,139,122 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 20:01 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-02-03 20:01 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-02-03 11:09 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-02-03 11:09 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-02-03 11:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-02-03 11:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-02-03 11:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-01-17 07:49 245,760 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
2007-12-22 10:48 39,936 ----a-w C:\WINDOWS\system32\urqrrpq.dll
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\toto\Application Data\Grisoft
2007-12-12 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 23:40 1,048,304 ----a-w C:\SmitfraudFix.exe
2007-10-14 13:43 2,972,160 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-14 13:43 1,407,488 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-08-26 19:00 1,015,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-23 13:56 2,855,936 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-06-09 16:03 24,192 ----a-w C:\Documents and Settings\toto\usbsermptxp.sys
2007-06-09 16:03 22,768 ----a-w C:\Documents and Settings\toto\usbsermpt.sys
2007-05-21 07:17 16,677,930 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_23_30_32_full.dmp.zip
2007-05-17 17:31 16,718,363 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_16_23_24_20_full.dmp.zip
2007-04-11 09:57 16,581,279 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_11_01_25_34_full.dmp.zip
2007-04-10 08:28 16,652,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_08_11_29_27_full.dmp.zip
2007-02-24 21:45 16,667,380 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_17_09_43_full.dmp.zip
2007-01-31 07:15 16,637,209 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_31_00_20_20_full.dmp.zip
2007-01-18 07:10 16,575,508 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_17_20_07_52_full.dmp.zip
2006-12-26 17:10 16,528,755 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_09_18_00_full.dmp.zip
2006-12-26 07:23 16,667,472 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_26_00_15_02_full.dmp.zip
2006-09-12 07:21 16,536,725 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_09_12_01_09_08_full.dmp.zip
2006-08-17 22:29 19,952 ----a-w C:\Documents and Settings\toto\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 23:47 2,657,280 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2006-02-19 23:22 1,218,048 ------w C:\WINDOWS\Internet Logs\xDB17.tmp
2006-01-16 22:14 2,956,288 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2006-01-16 22:04 1,199,104 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-26 13:16 2,655,232 ------w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-26 13:16 1,146,368 ------w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-08-22 17:37 2,798,592 ------w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-08-22 17:27 1,142,272 ------w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-03-25 22:11 1,004,544 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-03-25 22:10 367,616 ------w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-03-20 23:27 1,015,808 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-03-20 22:37 1,001,472 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-02-26 07:39 3,059,200 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-02-26 07:18 995,328 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-01-30 11:20 774,656 ------w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-01-30 11:12 991,232 ------w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-01-17 23:28 2,706,432 ------w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-17 23:26 990,208 ------w C:\WINDOWS\Internet Logs\xDB7.tmp
2004-11-19 14:36 962,048 ------w C:\WINDOWS\Internet Logs\xDB5.tmp
2004-11-19 14:36 2,646,528 ------w C:\WINDOWS\Internet Logs\xDB6.tmp
2004-10-09 14:45 3,046,912 ------w C:\WINDOWS\Internet Logs\xDB4.tmp
2004-10-09 14:41 930,816 ------w C:\WINDOWS\Internet Logs\xDB3.tmp
2004-08-01 14:22 875,008 ------w C:\WINDOWS\Internet Logs\xDB1.tmp
2004-08-01 14:22 2,970,624 ------w C:\WINDOWS\Internet Logs\xDB2.tmp
.
[code]<pre>
----a-w 286,720 2008-01-15 07:29:06 C:\Program Files\QuickTime\qttask .exe
----a-w 6,731,312 2008-02-09 19:31:32 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 6,731,312 2008-02-06 22:51:06 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Cannbpjy\etdtxvff.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2008-01-17 08:49 245760]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-02-14 15:47 184320 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TFNF5"="TFNF5.exe" [2001-09-04 10:31 69632 C:\WINDOWS\system32\TFNF5.exe]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-12-31 09:54 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-31 09:55 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 19:34 450560]
"cPadAlarm"="C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-09 20:31 968696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-09 20:30 83608]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 19:45 1511453]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-04-02 11:42:32 135680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceAlrt"= {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll [2008-02-07 08:40 14374]
"zip"= {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll [2008-02-07 08:45 39462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbigibzz]
mbigibzz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2002-12-07 13:47 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Antivirus AV]
C:\WINDOWS\FVProtect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPodService"=3 (0x3)
R0 pciSm;pciSm;C:\WINDOWS\System32\DRIVERS\tossmpci.sys [2002-01-07 14:51]
R0 tosrfec;Bluetooth ACPI from Toshiba;C:\WINDOWS\System32\DRIVERS\tosrfec.sys [2001-07-13 03:26]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\System32\DRIVERS\TVALDX.SYS [2001-08-17 14:27]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\System32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 20:34]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-01-07 01:02]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 toslane;Toshiba BT-LANE;C:\WINDOWS\System32\DRIVERS\TOSRFLAN.sys [2002-02-07 16:24]
S4 Network Provisioning DDE;Network Provisioning DDE;C:\WINDOWS\system32\lsass.com []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-12 18:27:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-03 10:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 20:04:48
Windows 5.1.2600 Service Pack 1 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
.
Temps d'accomplissement: 2008-02-12 20:05:19
ComboFix-quarantined-files.txt 2008-02-12 19:05:18
ComboFix4.txt 2008-02-09 19:51:36
ComboFix3.txt 2008-02-10 16:09:06
ComboFix2.txt 2008-02-10 17:08:28
J'ai du dédconnecté ZoneLab et au lancement de COMBO le fichier nircmd.cfexe a demandé une coinnection. e + de nouveau ouverture de IE sur une page vantant des outils spyware !!!!
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
12 févr. 2008 à 20:27
12 févr. 2008 à 20:27
Télécharge Pocket Killbox
Démo d'utilisation (merci a Balltrap34 pour cette réalisation)
Double clic sur killbox.exe (Pocket Killbox)
Coche delete on reboot Dans "Full Path of File to Delete"
Copie et colle ceci :
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
Clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer sinon redemarre le manuellement
Et après reposte un log HijackThis.
Démo d'utilisation (merci a Balltrap34 pour cette réalisation)
Double clic sur killbox.exe (Pocket Killbox)
Coche delete on reboot Dans "Full Path of File to Delete"
Copie et colle ceci :
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
Clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer sinon redemarre le manuellement
Et après reposte un log HijackThis.
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
12 févr. 2008 à 23:05
12 févr. 2008 à 23:05
RE
Fait, Rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:35, on 12/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Cannbpjy\etdtxvff.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: mbigibzz - mbigibzz.dll (file missing)
O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Fait, Rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:35, on 12/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Cannbpjy\etdtxvff.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: mbigibzz - mbigibzz.dll (file missing)
O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
14 févr. 2008 à 21:29
14 févr. 2008 à 21:29
Salut !
Ce coup ci c'est moi qui suis parti lol ...
On reprend :
Télécharge KillBox sur ton bureau ...
Ce lien est le lien officiel, c'est la certitude d' avoir la dernière version :
http://www.killbox.net/
Clique en haut à gauche sur le lien "Download KillBox".
Le téléchargement se lance automatiquement.
Tu obtiens le fichier "KillBox.exe" directement utilisable.
Lance Killbox.
Dans la fenêtre Full Path of File to Delete, copie-colle ce qui est en citation :
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" --> fais attention a bien choisir celui qui a l'espace entre le "s" et le "exe"
Coche "Delete on Reboot" (Supprimer au redémarrage).
Clique sur "All Files".
Clique sur la croix blanche dans le cercle rouge.
KillBox te pose alors la question suivante :
"Files will be Removed on Reboot, Do you want to reboot now ?"
(Les fichiers seront supprimés au redémarrage. Souhaitez redémarrer maintenant ?)
Clique sur "Yes" (Oui).
Le rapport se trouve à la racine du disque dur C:\!killbox\
Poste-le et refais un log HJT's stp !
@+
Ce coup ci c'est moi qui suis parti lol ...
On reprend :
Télécharge KillBox sur ton bureau ...
Ce lien est le lien officiel, c'est la certitude d' avoir la dernière version :
http://www.killbox.net/
Clique en haut à gauche sur le lien "Download KillBox".
Le téléchargement se lance automatiquement.
Tu obtiens le fichier "KillBox.exe" directement utilisable.
Lance Killbox.
Dans la fenêtre Full Path of File to Delete, copie-colle ce qui est en citation :
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" --> fais attention a bien choisir celui qui a l'espace entre le "s" et le "exe"
Coche "Delete on Reboot" (Supprimer au redémarrage).
Clique sur "All Files".
Clique sur la croix blanche dans le cercle rouge.
KillBox te pose alors la question suivante :
"Files will be Removed on Reboot, Do you want to reboot now ?"
(Les fichiers seront supprimés au redémarrage. Souhaitez redémarrer maintenant ?)
Clique sur "Yes" (Oui).
Le rapport se trouve à la racine du disque dur C:\!killbox\
Poste-le et refais un log HJT's stp !
@+
tokina
Messages postés
22
Date d'inscription
mercredi 12 décembre 2007
Statut
Membre
Dernière intervention
19 février 2008
15 févr. 2008 à 01:14
15 févr. 2008 à 01:14
RE,
Post de kb.log
Pocket Killbox version 2.0.0.648
Running on Windows XP as toto(Administrator)
was started @ mardi, février 12, 2008, 10:54 PM
# 1 [Delete on Reboot]
Path = C:\Program Files\QuickTime\qttask .exe
# 2 [Delete on Reboot]
Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
I Rebooted @ 10:57:19 PM
Killbox Closed(Exit) @ 10:57:20 PM
__________________________________________________
Pocket Killbox version
Running on Windows XP as toto(Administrator)
was started @ vendredi, février 15, 2008, 1:02 AM
Killbox Closed(Exit) @ 1:02:34 AM
__________________________________________________
Pocket Killbox version 2.0.0.881
Running on Windows XP as toto(Administrator)
was started @ vendredi, février 15, 2008, 1:03 AM
# 1 [Delete on Reboot]
Path = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe"
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:21 AM
# 2 [Delete on Reboot]
Path = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe"
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:05:25 AM
Killbox Closed(Exit) @ 1:05:27 AM
__________________________________________________
Post de Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:08:57, on 15/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Cannbpjy\etdtxvff.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: mbigibzz - mbigibzz.dll (file missing)
O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Post de kb.log
Pocket Killbox version 2.0.0.648
Running on Windows XP as toto(Administrator)
was started @ mardi, février 12, 2008, 10:54 PM
# 1 [Delete on Reboot]
Path = C:\Program Files\QuickTime\qttask .exe
# 2 [Delete on Reboot]
Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
I Rebooted @ 10:57:19 PM
Killbox Closed(Exit) @ 10:57:20 PM
__________________________________________________
Pocket Killbox version
Running on Windows XP as toto(Administrator)
was started @ vendredi, février 15, 2008, 1:02 AM
Killbox Closed(Exit) @ 1:02:34 AM
__________________________________________________
Pocket Killbox version 2.0.0.881
Running on Windows XP as toto(Administrator)
was started @ vendredi, février 15, 2008, 1:03 AM
# 1 [Delete on Reboot]
Path = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe"
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:21 AM
# 2 [Delete on Reboot]
Path = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe"
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:05:25 AM
Killbox Closed(Exit) @ 1:05:27 AM
__________________________________________________
Post de Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:08:57, on 15/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Cannbpjy\etdtxvff.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: mbigibzz - mbigibzz.dll (file missing)
O21 - SSODL: ServiceAlrt - {8b238fe5-a2b6-4baf-9b3b-adcc6f518528} - C:\WINDOWS\Installer\{8b238fe5-a2b6-4baf-9b3b-adcc6f518528}\ServiceAlrt.dll
O21 - SSODL: zip - {3f5ff315-78a6-427b-8a7d-3e64570003f5} - C:\WINDOWS\Installer\{3f5ff315-78a6-427b-8a7d-3e64570003f5}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe