Sujet Précédent Sujet Suivant

Impossible de supprimer un cheval de troie

Fermé
falbator - 31 mars 2008 à 17:07
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 3 avril 2008 à 18:33
Bonjour,
J'ai le meme souci que lu précédemment dans ce forum, càd que Kaspersky me détecte un trojan ( agent ixj), mais ne peut que l'ignorer.
PS/ C'est en voulant télécharger sopcast 3.0....
Que dois je faire?
Merci!

37 réponses

  • 1
  • 2
Réponse 1 / 37
Arash Messages postés 291 Date d'inscription mercredi 19 mars 2008 Statut Membre Dernière intervention 16 juin 2008 62
31 mars 2008 à 17:11
Salut
deux possibilite
1. tente la meme operation en mode sans echec
2. note le path de ton fichier et supprime le manuellement
0
Réponse 2 / 37
falbator
31 mars 2008 à 17:17
Merci pour ta réponse, Arash.
Il me semble qu'il s'agit d'un fichier temporaire, possible de le virer manuellement?

non trouvé : cheval de Troie Trojan.Win32.Agent.ixj Le fichier: C:\DOCUME~1\fab\LOCALS~1\Temp\nsx5E.tmp\ns5F.tmp
0
Arash Messages postés 291 Date d'inscription mercredi 19 mars 2008 Statut Membre Dernière intervention 16 juin 2008 62
31 mars 2008 à 17:39
t'embete pas, tu fait une recherche 'temp' et tu vide tout les dossier temp (si tu es seul sur la machine, tu evrait en avoir 2 qui apparraisse, mais je pense que le chemin le plus logique est C:\Documents and Settings\Administrator\Local Settings\Temp
0
Réponse 3 / 37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 17:33
slt,




colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 4 / 37
falbator
31 mars 2008 à 17:48
Ok, merci jlpjlp
Voici le rapport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:33, on 31/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\eden\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 18:09
slt

ton windows n'est pas a jour

si tu n'as pas de parefeu mets en un:

Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

____
tu as avast et kaspersky? vire avast sinon cela va planter

https://www.avast.com/fr-fr/uninstall-utility

_____

colle le rapport kaspersky
0
Réponse 6 / 37
falbator
31 mars 2008 à 18:51
Désolé, un peu long..

J'ai viré avast.
J'ai installé online armor : d'ailleurs, il me renvoie souvent un message concernant msnmsg.exe (il me dit "incoming access allowed, port ...": j'ai du laisser le programme ds la zone de confiance), mais ... je n'ai pas lancé msn.. normal?

Par contre, je ne sais pas de quel rapport kaspersky tu me parles ( désolé, mon ignorance est grande... ;) )

Merci !
0
Réponse 7 / 37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 18:58
colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 8 / 37
falbator
31 mars 2008 à 20:11
Voila le rapport totalscan:

ANALYSIS: 2008-03-31 20:08:39
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 6.0 6.0.0.300 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029241 application/realspy HackTools No 0 Yes No c:\program files\real spy monitor
00033713 Univ.AP.J Virus/Worm No 1 Yes No C:\System Volume Information\_restore{AB527632-46D8-48BD-AEE4-51FA1A5C31F3}\RP493\change.log.4
00125938 Application/RealSpy HackTools No 0 Yes No C:\System Volume Information\_restore{AB527632-46D8-48BD-AEE4-51FA1A5C31F3}\RP527\A0120076.DLL
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Cookies\fab@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies-1.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000011.bak[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.toplist.cz/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.weborama.fr/]
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Cookies\fab@adopt.hbmediapro[2].txt
00172431 Application/RealSpy HackTools No 0 Yes No C:\System Volume Information\_restore{AB527632-46D8-48BD-AEE4-51FA1A5C31F3}\RP527\A0120077.EXE
00199982 Cookie/Buydomains TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Cookies\fab@www47.buydomains[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\fab\Application Data\Mozilla\Firefox\Profiles\n9ll01zp.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\eb0.C82E145A01C89351.history\00000010.bak[.smartadserver.com/]
00287538 Bck/Poebot.IQ Virus/Trojan No 1 Yes No C:\WINDOWS\system32\gsbybgs.exe
00400035 Adware/SaveNow Adware No 0 No No C:\Program Files\bsplayer212.941_clip.exe[BSplayer_WhenUSave_InstallerInst.exe]
00522904 Adware/WhenUSearch Adware No 0 Yes No C:\Program Files\bsplayer212.941_clip.exe
01304424 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Spy\NewSpy.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 9 / 37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 20:30
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\gsbybgs.exe
C:\Program Files\bsplayer212.941_clip.exe
C:\Program Files\Spy\NewSpy.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________

vire ce qui est dans movedfile en allant dans poste de travail puis c puis otmovit

____________

désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là : https://www.informatruc.com
___________
scan avec kaspersky que tu as et si une infection est trouvée colle moi le rapport
0
Réponse 10 / 37
falbator
31 mars 2008 à 20:37
Ok
Voila le rapport:

File/Folder not found.
C:\WINDOWS\system32\gsbybgs.exe moved successfully.
C:\Program Files\bsplayer212.941_clip.exe moved successfully.
C:\Program Files\Spy\NewSpy.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03312008_203232


Je dois donc virer le contenu du fichier moveit??

Pas de demande de redémarrage, par contre.

Etape suivante? .. ;)


PS/ merci bcp......
0
Réponse 11 / 37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 20:39
Je dois donc virer le contenu du fichier moveit??
oui
vire ce qui est dans movedfile en allant dans poste de travail puis c puis otmovit

____________

désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là : https://www.informatruc.com
___________
scan avec kaspersky que tu as et si une infection est trouvée colle moi le rapport
0
Réponse 12 / 37
falbator
31 mars 2008 à 20:57
Ok pour les fichiers ( cf rapport) et la restauration ( que j'ai réactivé après réinitialisation pc).
Par contre, depuis mes modifs, kaspersky s'affole ( messages du genre:

Le processus C:\WINDOWS\Explorer.EXE (PID: 1672) tente de s'intégrer au processus C:\Program Files\OpenOffice.org 2.0\program\soffice.exe (PID: 672). Ce comportement est caractéristique de certains programmes malicieux.

Qu'en penses tu?

Sinon, j'ai fait un scan kaspersky, et rien de découvert ( j'analyse uniqmt les secteurs critiques, ou les disk amovibles aussi?)

Comment savoir maintenant si tout est ok? ...
0
Réponse 13 / 37
falbator
31 mars 2008 à 21:06
Je reçois des messages kaspersky a la pelle ( du genre de tout à l'heure). J'attends de savoir s'il s'agit d'une sorte de "réglages" pour admettre les fonctions de online armor, ou est-ce anormal? ( je clique à chaque fois sur "ignorer", mais lorsque j'ai voulu une fois cliquer sur " annuler " , windows m'a immédiatement affiché un mess d'arret systeme ( "arret dans 40 sec, fermer les applications..etc");
Dois tout mettre dans la zone de confiance??
0
Réponse 14 / 37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 avril 2008 à 09:33
analyse ce fichier sur virus total et dis si infécté: https://www.virustotal.com/gui/
C:\WINDOWS\Explorer.EXE


__________________


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
__________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 15 / 37
falbator
1 avril 2008 à 19:11
Voila le rapport ComboFix:

ComboFix 08-03-30.5 - fab 2008-04-01 18:59:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.623 [GMT 2:00]
Endroit: C:\Documents and Settings\fab\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 20:31 . 2008-03-31 20:31 <REP> d-------- C:\_OTMoveIt
2008-03-31 20:31 . 2008-03-31 20:31 290,304 --a------ C:\Program Files\OTMoveIt2.exe
2008-03-31 20:22 . 2008-03-31 20:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 19:04 . 2008-03-31 19:09 <REP> d-------- C:\Program Files\Panda Security
2008-03-31 18:28 . 2008-04-01 17:33 <REP> d-------- C:\Documents and Settings\fab\Application Data\OnlineArmor
2008-03-31 18:28 . 2008-03-31 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-31 18:27 . 2008-03-31 18:27 <REP> d-------- C:\Program Files\Tall Emu
2008-03-31 18:27 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-31 18:27 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-31 18:27 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-03-31 18:26 . 2008-03-31 18:27 15,718,949 --a------ C:\Program Files\OnlineArmor_Setup_Free.exe
2008-03-31 17:12 . 2008-03-31 17:13 15,942,656 --a------ C:\Program Files\IE7Setup.exe
2008-03-13 22:45 . 2008-03-13 22:45 69,536 --ah----- C:\WINDOWS\MEMORY.DMP
2008-03-12 18:24 . 2003-05-30 10:00 1,962,496 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-03-12 01:36 . 2008-03-12 01:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 01:36 . 2008-03-12 01:36 2,553 --a------ C:\WINDOWS\unins000.dat
2008-03-12 01:26 . 2008-03-12 01:36 9,723,880 --a------ C:\Program Files\spybotsd152.exe
2008-03-11 18:34 . 2008-03-11 19:18 67,196,968 --a------ C:\Program Files\directx_nov2007_redist.exe
2008-03-10 22:42 . 2008-03-13 00:55 <REP> d-------- C:\Program Files\PKR
2008-03-10 22:42 . 2008-03-10 22:41 821,160 --a------ C:\Program Files\pkrinstall.exe
2008-03-06 19:36 . 2008-03-27 00:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 19:36 . 2008-03-06 19:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:06 106,364,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 17:04 4,003,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 15:34 --------- d-----w C:\Documents and Settings\fab\Application Data\OpenOffice.org2
2008-03-31 22:21 378,212 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:21 1,428,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 18:32 --------- d-----w C:\Program Files\Spy
2008-03-30 19:52 --------- d-sh--r C:\Program Files\Real Spy Monitor
2008-03-30 19:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 16:02 --------- d-----w C:\Documents and Settings\fab\Application Data\Azureus
2008-03-27 19:06 --------- d-----w C:\Program Files\eMule
2008-03-21 11:18 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-20 16:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-12 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 16:43 --------- d-----w C:\Program Files\Azureus
2008-03-05 10:11 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-02-21 17:43 349,378 ----a-w C:\Program Files\mpeg2avi.exe
2008-02-20 13:04 884,736 ----a-w C:\Program Files\vkaraoke.exe
2008-02-18 23:09 --------- d-----w C:\Program Files\Mio Technology
2008-02-18 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 22:45 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-17 22:46 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2008-01-31 21:45 7,639,560 ----a-w C:\Program Files\Azureus_3.0.3.4_windows.exe
2008-01-09 13:49 120 ----a-w C:\drmHeader.bin
2007-12-23 23:10 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2007-11-10 14:50 2,263,473 ----a-w C:\Program Files\french_translated.exe
2007-11-10 14:43 8,742,512 ----a-w C:\Program Files\winamp55_full_emusic-7plus_fr-fr.exe
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-09-16 16:57 61,647,736 ----a-w C:\Program Files\directx_directx_9.0c_-_mise_a_jour_aout_2007_francais_10906.exe
2007-09-16 16:39 709,227 ----a-w C:\Program Files\directx-uninstaller.zip
2007-09-16 16:33 56,169,848 ----a-w C:\Program Files\directx_jun2007_redist.exe
2007-09-16 16:19 883,584 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-16 13:31 1,585,664 ----a-w C:\Program Files\siw.exe
2007-08-24 10:05 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-08-02 13:14 1,437,696 ----a-w C:\Program Files\MioSync-v1_2-PND.exe
2007-08-02 13:11 1,892,024 ----a-w C:\Program Files\Mio-C510-C710-Mio-Transfer.zip
2007-08-02 13:09 284,672 ----a-w C:\Program Files\MioMap-V3-Updater.msi
2007-07-05 19:05 359,965 ----a-w C:\Program Files\SetupPoker.exe
2007-05-17 17:42 15,714,552 ----a-w C:\Program Files\GoogleEarthWin.exe
2007-04-18 11:46 1,085,886 ----a-w C:\Program Files\rooarr391.exe
2007-03-26 17:29 889,619 ----a-w C:\Program Files\setup.exe
2007-02-22 22:23 1,104,585 ----a-w C:\Program Files\QcmSU.exe
2007-02-06 22:18 513,834 ----a-w C:\Program Files\clientinstall.exe
2007-02-02 16:59 532,003 ----a-w C:\Program Files\mkvtoavi.exe
2007-01-30 22:09 6,359,282 ----a-w C:\Program Files\Satsuki.Decoder.Pack.3.1.1.0.exe
2007-01-14 18:35 2,714,626 ----a-w C:\Program Files\mpc_install_xp_6.4.9.0b_fr.exe
2007-01-01 17:33 167,637 ----a-w C:\Program Files\mp3DC204.exe
2006-12-27 19:50 201 ----a-w C:\Program Files\http--www.emule-paradise.com-.url
2006-12-25 23:29 8,799,656 ----a-w C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe
2006-12-25 03:27 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-28 19:58 4,804,192 ----a-w C:\Program Files\WinAVI_Video_Converter_Fr.exe
2006-11-11 16:45 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2006-11-08 11:34 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-03 11:06 2,250,037 ----a-w C:\Program Files\setupixdisc.exe
2006-09-10 13:16 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2006-08-25 18:52 5,011,968 ----a-w C:\Program Files\ampw10.exe
2006-08-22 12:21 22,083,376 ----a-w C:\Program Files\QuickTimeInstaller.exe
2006-08-20 20:32 1,450,904 ----a-w C:\Program Files\daemon403-x86.exe
2006-08-18 22:52 23,488,648 ----a-w C:\Program Files\AdbeRdr708_fr_FR.exe
2006-08-14 16:15 12,641,625 ----a-w C:\Program Files\PDFCreator-0_9_2_GPLGhostscript.exe
2006-07-27 14:31 97,673,998 ----a-w C:\Program Files\OOo_2.0.3_Win32Intel_install_fr.exe
2006-07-24 18:31 1,960,426 ----a-w C:\Program Files\winscp382setupintl2.exe
2006-07-20 18:37 9,109,072 ----a-w C:\Program Files\TU2006TrialFR.exe
2006-07-20 18:26 1,228,864 ----a-w C:\Program Files\registryrepair_rr28.exe
2006-07-20 12:26 13,649,984 ----a-w C:\Program Files\kav6.0.0.300fr.exe
2006-07-01 02:16 13,728,706 ----a-w C:\Program Files\Install_NeoDivXSuite.exe
2002-04-21 08:42 210,944 ----a-w C:\Program Files\Mpeg2aviGUI.exe
2002-04-17 11:21 32,768 ----a-w C:\Program Files\divxauto40b.exe
2002-04-17 11:16 1,947 ----a-w C:\Program Files\divxauto40b.txt
2002-04-16 09:34 176,128 ----a-w C:\Program Files\m2apx3g.016.exe
2002-04-16 09:21 1,089 ----a-w C:\Program Files\readme.txt
2006-12-06 17:12 89,632 -csha-w C:\WINDOWS\fidbox.dat
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\user32.dll
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\dllcache\user32.dll


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-10-07 02:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 20:09 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 20:06 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 20:10 114688]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 17:35 8597586]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-22 15:01 282624]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09 139367]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-04 14:48 185896]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-10-07 02:00 13312]

C:\Documents and Settings\fab\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2003-10-07 02:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-04-17 21:58]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-14 16:16:19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 19:05:39
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-04-01 19:07:45
ComboFix-quarantined-files.txt 2008-04-01 17:07:39
Pre-Run: 7,897,714,688 octets libres
Post-Run: 7,909,920,768 octets libres
0
Réponse 16 / 37
falbator
1 avril 2008 à 19:12
voila le rapport combo fix:

ComboFix 08-03-30.5 - fab 2008-04-01 18:59:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.623 [GMT 2:00]
Endroit: C:\Documents and Settings\fab\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 20:31 . 2008-03-31 20:31 <REP> d-------- C:\_OTMoveIt
2008-03-31 20:31 . 2008-03-31 20:31 290,304 --a------ C:\Program Files\OTMoveIt2.exe
2008-03-31 20:22 . 2008-03-31 20:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 19:04 . 2008-03-31 19:09 <REP> d-------- C:\Program Files\Panda Security
2008-03-31 18:28 . 2008-04-01 17:33 <REP> d-------- C:\Documents and Settings\fab\Application Data\OnlineArmor
2008-03-31 18:28 . 2008-03-31 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-31 18:27 . 2008-03-31 18:27 <REP> d-------- C:\Program Files\Tall Emu
2008-03-31 18:27 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-31 18:27 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-31 18:27 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-03-31 18:26 . 2008-03-31 18:27 15,718,949 --a------ C:\Program Files\OnlineArmor_Setup_Free.exe
2008-03-31 17:12 . 2008-03-31 17:13 15,942,656 --a------ C:\Program Files\IE7Setup.exe
2008-03-13 22:45 . 2008-03-13 22:45 69,536 --ah----- C:\WINDOWS\MEMORY.DMP
2008-03-12 18:24 . 2003-05-30 10:00 1,962,496 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-03-12 01:36 . 2008-03-12 01:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 01:36 . 2008-03-12 01:36 2,553 --a------ C:\WINDOWS\unins000.dat
2008-03-12 01:26 . 2008-03-12 01:36 9,723,880 --a------ C:\Program Files\spybotsd152.exe
2008-03-11 18:34 . 2008-03-11 19:18 67,196,968 --a------ C:\Program Files\directx_nov2007_redist.exe
2008-03-10 22:42 . 2008-03-13 00:55 <REP> d-------- C:\Program Files\PKR
2008-03-10 22:42 . 2008-03-10 22:41 821,160 --a------ C:\Program Files\pkrinstall.exe
2008-03-06 19:36 . 2008-03-27 00:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 19:36 . 2008-03-06 19:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:06 106,364,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 17:04 4,003,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 15:34 --------- d-----w C:\Documents and Settings\fab\Application Data\OpenOffice.org2
2008-03-31 22:21 378,212 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:21 1,428,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 18:32 --------- d-----w C:\Program Files\Spy
2008-03-30 19:52 --------- d-sh--r C:\Program Files\Real Spy Monitor
2008-03-30 19:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 16:02 --------- d-----w C:\Documents and Settings\fab\Application Data\Azureus
2008-03-27 19:06 --------- d-----w C:\Program Files\eMule
2008-03-21 11:18 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-20 16:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-12 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 16:43 --------- d-----w C:\Program Files\Azureus
2008-03-05 10:11 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-02-21 17:43 349,378 ----a-w C:\Program Files\mpeg2avi.exe
2008-02-20 13:04 884,736 ----a-w C:\Program Files\vkaraoke.exe
2008-02-18 23:09 --------- d-----w C:\Program Files\Mio Technology
2008-02-18 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 22:45 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-17 22:46 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2008-01-31 21:45 7,639,560 ----a-w C:\Program Files\Azureus_3.0.3.4_windows.exe
2008-01-09 13:49 120 ----a-w C:\drmHeader.bin
2007-12-23 23:10 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2007-11-10 14:50 2,263,473 ----a-w C:\Program Files\french_translated.exe
2007-11-10 14:43 8,742,512 ----a-w C:\Program Files\winamp55_full_emusic-7plus_fr-fr.exe
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-09-16 16:57 61,647,736 ----a-w C:\Program Files\directx_directx_9.0c_-_mise_a_jour_aout_2007_francais_10906.exe
2007-09-16 16:39 709,227 ----a-w C:\Program Files\directx-uninstaller.zip
2007-09-16 16:33 56,169,848 ----a-w C:\Program Files\directx_jun2007_redist.exe
2007-09-16 16:19 883,584 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-16 13:31 1,585,664 ----a-w C:\Program Files\siw.exe
2007-08-24 10:05 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-08-02 13:14 1,437,696 ----a-w C:\Program Files\MioSync-v1_2-PND.exe
2007-08-02 13:11 1,892,024 ----a-w C:\Program Files\Mio-C510-C710-Mio-Transfer.zip
2007-08-02 13:09 284,672 ----a-w C:\Program Files\MioMap-V3-Updater.msi
2007-07-05 19:05 359,965 ----a-w C:\Program Files\SetupPoker.exe
2007-05-17 17:42 15,714,552 ----a-w C:\Program Files\GoogleEarthWin.exe
2007-04-18 11:46 1,085,886 ----a-w C:\Program Files\rooarr391.exe
2007-03-26 17:29 889,619 ----a-w C:\Program Files\setup.exe
2007-02-22 22:23 1,104,585 ----a-w C:\Program Files\QcmSU.exe
2007-02-06 22:18 513,834 ----a-w C:\Program Files\clientinstall.exe
2007-02-02 16:59 532,003 ----a-w C:\Program Files\mkvtoavi.exe
2007-01-30 22:09 6,359,282 ----a-w C:\Program Files\Satsuki.Decoder.Pack.3.1.1.0.exe
2007-01-14 18:35 2,714,626 ----a-w C:\Program Files\mpc_install_xp_6.4.9.0b_fr.exe
2007-01-01 17:33 167,637 ----a-w C:\Program Files\mp3DC204.exe
2006-12-27 19:50 201 ----a-w C:\Program Files\http--www.emule-paradise.com-.url
2006-12-25 23:29 8,799,656 ----a-w C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe
2006-12-25 03:27 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-28 19:58 4,804,192 ----a-w C:\Program Files\WinAVI_Video_Converter_Fr.exe
2006-11-11 16:45 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2006-11-08 11:34 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-03 11:06 2,250,037 ----a-w C:\Program Files\setupixdisc.exe
2006-09-10 13:16 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2006-08-25 18:52 5,011,968 ----a-w C:\Program Files\ampw10.exe
2006-08-22 12:21 22,083,376 ----a-w C:\Program Files\QuickTimeInstaller.exe
2006-08-20 20:32 1,450,904 ----a-w C:\Program Files\daemon403-x86.exe
2006-08-18 22:52 23,488,648 ----a-w C:\Program Files\AdbeRdr708_fr_FR.exe
2006-08-14 16:15 12,641,625 ----a-w C:\Program Files\PDFCreator-0_9_2_GPLGhostscript.exe
2006-07-27 14:31 97,673,998 ----a-w C:\Program Files\OOo_2.0.3_Win32Intel_install_fr.exe
2006-07-24 18:31 1,960,426 ----a-w C:\Program Files\winscp382setupintl2.exe
2006-07-20 18:37 9,109,072 ----a-w C:\Program Files\TU2006TrialFR.exe
2006-07-20 18:26 1,228,864 ----a-w C:\Program Files\registryrepair_rr28.exe
2006-07-20 12:26 13,649,984 ----a-w C:\Program Files\kav6.0.0.300fr.exe
2006-07-01 02:16 13,728,706 ----a-w C:\Program Files\Install_NeoDivXSuite.exe
2002-04-21 08:42 210,944 ----a-w C:\Program Files\Mpeg2aviGUI.exe
2002-04-17 11:21 32,768 ----a-w C:\Program Files\divxauto40b.exe
2002-04-17 11:16 1,947 ----a-w C:\Program Files\divxauto40b.txt
2002-04-16 09:34 176,128 ----a-w C:\Program Files\m2apx3g.016.exe
2002-04-16 09:21 1,089 ----a-w C:\Program Files\readme.txt
2006-12-06 17:12 89,632 -csha-w C:\WINDOWS\fidbox.dat
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\user32.dll
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\dllcache\user32.dll


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-10-07 02:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 20:09 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 20:06 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 20:10 114688]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 17:35 8597586]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-22 15:01 282624]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09 139367]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-04 14:48 185896]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-10-07 02:00 13312]

C:\Documents and Settings\fab\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2003-10-07 02:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-04-17 21:58]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-14 16:16:19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 19:05:39
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-04-01 19:07:45
ComboFix-quarantined-files.txt 2008-04-01 17:07:39
Pre-Run: 7,897,714,688 octets libres
Post-Run: 7,909,920,768 octets libres
0
Réponse 17 / 37
falbator
1 avril 2008 à 19:13
ComboFix 08-03-30.5 - fab 2008-04-01 18:59:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.623 [GMT 2:00]
Endroit: C:\Documents and Settings\fab\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 20:31 . 2008-03-31 20:31 <REP> d-------- C:\_OTMoveIt
2008-03-31 20:31 . 2008-03-31 20:31 290,304 --a------ C:\Program Files\OTMoveIt2.exe
2008-03-31 20:22 . 2008-03-31 20:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 19:04 . 2008-03-31 19:09 <REP> d-------- C:\Program Files\Panda Security
2008-03-31 18:28 . 2008-04-01 17:33 <REP> d-------- C:\Documents and Settings\fab\Application Data\OnlineArmor
2008-03-31 18:28 . 2008-03-31 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-31 18:27 . 2008-03-31 18:27 <REP> d-------- C:\Program Files\Tall Emu
2008-03-31 18:27 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-31 18:27 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-31 18:27 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-03-31 18:26 . 2008-03-31 18:27 15,718,949 --a------ C:\Program Files\OnlineArmor_Setup_Free.exe
2008-03-31 17:12 . 2008-03-31 17:13 15,942,656 --a------ C:\Program Files\IE7Setup.exe
2008-03-13 22:45 . 2008-03-13 22:45 69,536 --ah----- C:\WINDOWS\MEMORY.DMP
2008-03-12 18:24 . 2003-05-30 10:00 1,962,496 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-03-12 01:36 . 2008-03-12 01:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 01:36 . 2008-03-12 01:36 2,553 --a------ C:\WINDOWS\unins000.dat
2008-03-12 01:26 . 2008-03-12 01:36 9,723,880 --a------ C:\Program Files\spybotsd152.exe
2008-03-11 18:34 . 2008-03-11 19:18 67,196,968 --a------ C:\Program Files\directx_nov2007_redist.exe
2008-03-10 22:42 . 2008-03-13 00:55 <REP> d-------- C:\Program Files\PKR
2008-03-10 22:42 . 2008-03-10 22:41 821,160 --a------ C:\Program Files\pkrinstall.exe
2008-03-06 19:36 . 2008-03-27 00:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 19:36 . 2008-03-06 19:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:06 106,364,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 17:04 4,003,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 15:34 --------- d-----w C:\Documents and Settings\fab\Application Data\OpenOffice.org2
2008-03-31 22:21 378,212 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:21 1,428,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 18:32 --------- d-----w C:\Program Files\Spy
2008-03-30 19:52 --------- d-sh--r C:\Program Files\Real Spy Monitor
2008-03-30 19:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 16:02 --------- d-----w C:\Documents and Settings\fab\Application Data\Azureus
2008-03-27 19:06 --------- d-----w C:\Program Files\eMule
2008-03-21 11:18 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-20 16:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-12 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 16:43 --------- d-----w C:\Program Files\Azureus
2008-03-05 10:11 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-02-21 17:43 349,378 ----a-w C:\Program Files\mpeg2avi.exe
2008-02-20 13:04 884,736 ----a-w C:\Program Files\vkaraoke.exe
2008-02-18 23:09 --------- d-----w C:\Program Files\Mio Technology
2008-02-18 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 22:45 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-17 22:46 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2008-01-31 21:45 7,639,560 ----a-w C:\Program Files\Azureus_3.0.3.4_windows.exe
2008-01-09 13:49 120 ----a-w C:\drmHeader.bin
2007-12-23 23:10 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2007-11-10 14:50 2,263,473 ----a-w C:\Program Files\french_translated.exe
2007-11-10 14:43 8,742,512 ----a-w C:\Program Files\winamp55_full_emusic-7plus_fr-fr.exe
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-09-16 16:57 61,647,736 ----a-w C:\Program Files\directx_directx_9.0c_-_mise_a_jour_aout_2007_francais_10906.exe
2007-09-16 16:39 709,227 ----a-w C:\Program Files\directx-uninstaller.zip
2007-09-16 16:33 56,169,848 ----a-w C:\Program Files\directx_jun2007_redist.exe
2007-09-16 16:19 883,584 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-16 13:31 1,585,664 ----a-w C:\Program Files\siw.exe
2007-08-24 10:05 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-08-02 13:14 1,437,696 ----a-w C:\Program Files\MioSync-v1_2-PND.exe
2007-08-02 13:11 1,892,024 ----a-w C:\Program Files\Mio-C510-C710-Mio-Transfer.zip
2007-08-02 13:09 284,672 ----a-w C:\Program Files\MioMap-V3-Updater.msi
2007-07-05 19:05 359,965 ----a-w C:\Program Files\SetupPoker.exe
2007-05-17 17:42 15,714,552 ----a-w C:\Program Files\GoogleEarthWin.exe
2007-04-18 11:46 1,085,886 ----a-w C:\Program Files\rooarr391.exe
2007-03-26 17:29 889,619 ----a-w C:\Program Files\setup.exe
2007-02-22 22:23 1,104,585 ----a-w C:\Program Files\QcmSU.exe
2007-02-06 22:18 513,834 ----a-w C:\Program Files\clientinstall.exe
2007-02-02 16:59 532,003 ----a-w C:\Program Files\mkvtoavi.exe
2007-01-30 22:09 6,359,282 ----a-w C:\Program Files\Satsuki.Decoder.Pack.3.1.1.0.exe
2007-01-14 18:35 2,714,626 ----a-w C:\Program Files\mpc_install_xp_6.4.9.0b_fr.exe
2007-01-01 17:33 167,637 ----a-w C:\Program Files\mp3DC204.exe
2006-12-27 19:50 201 ----a-w C:\Program Files\http--www.emule-paradise.com-.url
2006-12-25 23:29 8,799,656 ----a-w C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe
2006-12-25 03:27 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-28 19:58 4,804,192 ----a-w C:\Program Files\WinAVI_Video_Converter_Fr.exe
2006-11-11 16:45 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2006-11-08 11:34 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-03 11:06 2,250,037 ----a-w C:\Program Files\setupixdisc.exe
2006-09-10 13:16 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2006-08-25 18:52 5,011,968 ----a-w C:\Program Files\ampw10.exe
2006-08-22 12:21 22,083,376 ----a-w C:\Program Files\QuickTimeInstaller.exe
2006-08-20 20:32 1,450,904 ----a-w C:\Program Files\daemon403-x86.exe
2006-08-18 22:52 23,488,648 ----a-w C:\Program Files\AdbeRdr708_fr_FR.exe
2006-08-14 16:15 12,641,625 ----a-w C:\Program Files\PDFCreator-0_9_2_GPLGhostscript.exe
2006-07-27 14:31 97,673,998 ----a-w C:\Program Files\OOo_2.0.3_Win32Intel_install_fr.exe
2006-07-24 18:31 1,960,426 ----a-w C:\Program Files\winscp382setupintl2.exe
2006-07-20 18:37 9,109,072 ----a-w C:\Program Files\TU2006TrialFR.exe
2006-07-20 18:26 1,228,864 ----a-w C:\Program Files\registryrepair_rr28.exe
2006-07-20 12:26 13,649,984 ----a-w C:\Program Files\kav6.0.0.300fr.exe
2006-07-01 02:16 13,728,706 ----a-w C:\Program Files\Install_NeoDivXSuite.exe
2002-04-21 08:42 210,944 ----a-w C:\Program Files\Mpeg2aviGUI.exe
2002-04-17 11:21 32,768 ----a-w C:\Program Files\divxauto40b.exe
2002-04-17 11:16 1,947 ----a-w C:\Program Files\divxauto40b.txt
2002-04-16 09:34 176,128 ----a-w C:\Program Files\m2apx3g.016.exe
2002-04-16 09:21 1,089 ----a-w C:\Program Files\readme.txt
2006-12-06 17:12 89,632 -csha-w C:\WINDOWS\fidbox.dat
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\user32.dll
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\dllcache\user32.dll


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-10-07 02:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 20:09 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 20:06 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 20:10 114688]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 17:35 8597586]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-22 15:01 282624]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09 139367]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-04 14:48 185896]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-10-07 02:00 13312]

C:\Documents and Settings\fab\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2003-10-07 02:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-04-17 21:58]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-14 16:16:19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 19:05:39
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-04-01 19:07:45
ComboFix-quarantined-files.txt 2008-04-01 17:07:39
Pre-Run: 7,897,714,688 octets libres
Post-Run: 7,909,920,768 octets libres
0
Réponse 18 / 37
falbator
1 avril 2008 à 19:16
ok , voici le rapport:

ComboFix 08-03-30.5 - fab 2008-04-01 18:59:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.623 [GMT 2:00]
Endroit: C:\Documents and Settings\fab\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 20:31 . 2008-03-31 20:31 <REP> d-------- C:\_OTMoveIt
2008-03-31 20:31 . 2008-03-31 20:31 290,304 --a------ C:\Program Files\OTMoveIt2.exe
2008-03-31 20:22 . 2008-03-31 20:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 19:04 . 2008-03-31 19:09 <REP> d-------- C:\Program Files\Panda Security
2008-03-31 18:28 . 2008-04-01 17:33 <REP> d-------- C:\Documents and Settings\fab\Application Data\OnlineArmor
2008-03-31 18:28 . 2008-03-31 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-31 18:27 . 2008-03-31 18:27 <REP> d-------- C:\Program Files\Tall Emu
2008-03-31 18:27 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-31 18:27 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-31 18:27 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-03-31 18:26 . 2008-03-31 18:27 15,718,949 --a------ C:\Program Files\OnlineArmor_Setup_Free.exe
2008-03-31 17:12 . 2008-03-31 17:13 15,942,656 --a------ C:\Program Files\IE7Setup.exe
2008-03-13 22:45 . 2008-03-13 22:45 69,536 --ah----- C:\WINDOWS\MEMORY.DMP
2008-03-12 18:24 . 2003-05-30 10:00 1,962,496 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-03-12 01:36 . 2008-03-12 01:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 01:36 . 2008-03-12 01:36 2,553 --a------ C:\WINDOWS\unins000.dat
2008-03-12 01:26 . 2008-03-12 01:36 9,723,880 --a------ C:\Program Files\spybotsd152.exe
2008-03-11 18:34 . 2008-03-11 19:18 67,196,968 --a------ C:\Program Files\directx_nov2007_redist.exe
2008-03-10 22:42 . 2008-03-13 00:55 <REP> d-------- C:\Program Files\PKR
2008-03-10 22:42 . 2008-03-10 22:41 821,160 --a------ C:\Program Files\pkrinstall.exe
2008-03-06 19:36 . 2008-03-27 00:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 19:36 . 2008-03-06 19:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:06 106,364,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 17:04 4,003,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 15:34 --------- d-----w C:\Documents and Settings\fab\Application Data\OpenOffice.org2
2008-03-31 22:21 378,212 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:21 1,428,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 18:32 --------- d-----w C:\Program Files\Spy
2008-03-30 19:52 --------- d-sh--r C:\Program Files\Real Spy Monitor
2008-03-30 19:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 16:02 --------- d-----w C:\Documents and Settings\fab\Application Data\Azureus
2008-03-27 19:06 --------- d-----w C:\Program Files\eMule
2008-03-21 11:18 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-20 16:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-12 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 16:43 --------- d-----w C:\Program Files\Azureus
2008-03-05 10:11 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-02-21 17:43 349,378 ----a-w C:\Program Files\mpeg2avi.exe
2008-02-20 13:04 884,736 ----a-w C:\Program Files\vkaraoke.exe
2008-02-18 23:09 --------- d-----w C:\Program Files\Mio Technology
2008-02-18 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 22:45 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-17 22:46 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2008-01-31 21:45 7,639,560 ----a-w C:\Program Files\Azureus_3.0.3.4_windows.exe
2008-01-09 13:49 120 ----a-w C:\drmHeader.bin
2007-12-23 23:10 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2007-11-10 14:50 2,263,473 ----a-w C:\Program Files\french_translated.exe
2007-11-10 14:43 8,742,512 ----a-w C:\Program Files\winamp55_full_emusic-7plus_fr-fr.exe
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-09-16 16:57 61,647,736 ----a-w C:\Program Files\directx_directx_9.0c_-_mise_a_jour_aout_2007_francais_10906.exe
2007-09-16 16:39 709,227 ----a-w C:\Program Files\directx-uninstaller.zip
2007-09-16 16:33 56,169,848 ----a-w C:\Program Files\directx_jun2007_redist.exe
2007-09-16 16:19 883,584 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-16 13:31 1,585,664 ----a-w C:\Program Files\siw.exe
2007-08-24 10:05 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-08-02 13:14 1,437,696 ----a-w C:\Program Files\MioSync-v1_2-PND.exe
2007-08-02 13:11 1,892,024 ----a-w C:\Program Files\Mio-C510-C710-Mio-Transfer.zip
2007-08-02 13:09 284,672 ----a-w C:\Program Files\MioMap-V3-Updater.msi
2007-07-05 19:05 359,965 ----a-w C:\Program Files\SetupPoker.exe
2007-05-17 17:42 15,714,552 ----a-w C:\Program Files\GoogleEarthWin.exe
2007-04-18 11:46 1,085,886 ----a-w C:\Program Files\rooarr391.exe
2007-03-26 17:29 889,619 ----a-w C:\Program Files\setup.exe
2007-02-22 22:23 1,104,585 ----a-w C:\Program Files\QcmSU.exe
2007-02-06 22:18 513,834 ----a-w C:\Program Files\clientinstall.exe
2007-02-02 16:59 532,003 ----a-w C:\Program Files\mkvtoavi.exe
2007-01-30 22:09 6,359,282 ----a-w C:\Program Files\Satsuki.Decoder.Pack.3.1.1.0.exe
2007-01-14 18:35 2,714,626 ----a-w C:\Program Files\mpc_install_xp_6.4.9.0b_fr.exe
2007-01-01 17:33 167,637 ----a-w C:\Program Files\mp3DC204.exe
2006-12-27 19:50 201 ----a-w C:\Program Files\http--www.emule-paradise.com-.url
2006-12-25 23:29 8,799,656 ----a-w C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe
2006-12-25 03:27 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-28 19:58 4,804,192 ----a-w C:\Program Files\WinAVI_Video_Converter_Fr.exe
2006-11-11 16:45 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2006-11-08 11:34 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-03 11:06 2,250,037 ----a-w C:\Program Files\setupixdisc.exe
2006-09-10 13:16 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2006-08-25 18:52 5,011,968 ----a-w C:\Program Files\ampw10.exe
2006-08-22 12:21 22,083,376 ----a-w C:\Program Files\QuickTimeInstaller.exe
2006-08-20 20:32 1,450,904 ----a-w C:\Program Files\daemon403-x86.exe
2006-08-18 22:52 23,488,648 ----a-w C:\Program Files\AdbeRdr708_fr_FR.exe
2006-08-14 16:15 12,641,625 ----a-w C:\Program Files\PDFCreator-0_9_2_GPLGhostscript.exe
2006-07-27 14:31 97,673,998 ----a-w C:\Program Files\OOo_2.0.3_Win32Intel_install_fr.exe
2006-07-24 18:31 1,960,426 ----a-w C:\Program Files\winscp382setupintl2.exe
2006-07-20 18:37 9,109,072 ----a-w C:\Program Files\TU2006TrialFR.exe
2006-07-20 18:26 1,228,864 ----a-w C:\Program Files\registryrepair_rr28.exe
2006-07-20 12:26 13,649,984 ----a-w C:\Program Files\kav6.0.0.300fr.exe
2006-07-01 02:16 13,728,706 ----a-w C:\Program Files\Install_NeoDivXSuite.exe
2002-04-21 08:42 210,944 ----a-w C:\Program Files\Mpeg2aviGUI.exe
2002-04-17 11:21 32,768 ----a-w C:\Program Files\divxauto40b.exe
2002-04-17 11:16 1,947 ----a-w C:\Program Files\divxauto40b.txt
2002-04-16 09:34 176,128 ----a-w C:\Program Files\m2apx3g.016.exe
2002-04-16 09:21 1,089 ----a-w C:\Program Files\readme.txt
2006-12-06 17:12 89,632 -csha-w C:\WINDOWS\fidbox.dat
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\user32.dll
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\dllcache\user32.dll


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-10-07 02:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 20:09 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 20:06 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 20:10 114688]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 17:35 8597586]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-22 15:01 282624]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09 139367]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-04 14:48 185896]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-10-07 02:00 13312]

C:\Documents and Settings\fab\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2003-10-07 02:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-04-17 21:58]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-14 16:16:19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 19:05:39
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-04-01 19:07:45
ComboFix-quarantined-files.txt 2008-04-01 17:07:39
Pre-Run: 7,897,714,688 octets libres
Post-Run: 7,909,920,768 octets libres
0
Réponse 19 / 37
falbator
1 avril 2008 à 19:17
Je n'arrive pas à poster le rapport........
0
Réponse 20 / 37
falbator
1 avril 2008 à 19:19
ComboFix 08-03-30.5 - fab 2008-04-01 18:59:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.623 [GMT 2:00]
Endroit: C:\Documents and Settings\fab\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 20:31 . 2008-03-31 20:31 <REP> d-------- C:\_OTMoveIt
2008-03-31 20:31 . 2008-03-31 20:31 290,304 --a------ C:\Program Files\OTMoveIt2.exe
2008-03-31 20:22 . 2008-03-31 20:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 19:04 . 2008-03-31 19:09 <REP> d-------- C:\Program Files\Panda Security
2008-03-31 18:28 . 2008-04-01 17:33 <REP> d-------- C:\Documents and Settings\fab\Application Data\OnlineArmor
2008-03-31 18:28 . 2008-03-31 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-31 18:27 . 2008-03-31 18:27 <REP> d-------- C:\Program Files\Tall Emu
2008-03-31 18:27 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-31 18:27 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-31 18:27 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-03-31 18:26 . 2008-03-31 18:27 15,718,949 --a------ C:\Program Files\OnlineArmor_Setup_Free.exe
2008-03-31 17:12 . 2008-03-31 17:13 15,942,656 --a------ C:\Program Files\IE7Setup.exe
2008-03-13 22:45 . 2008-03-13 22:45 69,536 --ah----- C:\WINDOWS\MEMORY.DMP
2008-03-12 18:24 . 2003-05-30 10:00 1,962,496 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-03-12 01:36 . 2008-03-12 01:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-12 01:36 . 2008-03-12 01:36 2,553 --a------ C:\WINDOWS\unins000.dat
2008-03-12 01:26 . 2008-03-12 01:36 9,723,880 --a------ C:\Program Files\spybotsd152.exe
2008-03-11 18:34 . 2008-03-11 19:18 67,196,968 --a------ C:\Program Files\directx_nov2007_redist.exe
2008-03-10 22:42 . 2008-03-13 00:55 <REP> d-------- C:\Program Files\PKR
2008-03-10 22:42 . 2008-03-10 22:41 821,160 --a------ C:\Program Files\pkrinstall.exe
2008-03-06 19:36 . 2008-03-27 00:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 19:36 . 2008-03-06 19:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 17:06 106,364,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 17:04 4,003,616 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 15:34 --------- d-----w C:\Documents and Settings\fab\Application Data\OpenOffice.org2
2008-03-31 22:21 378,212 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:21 1,428,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 18:32 --------- d-----w C:\Program Files\Spy
2008-03-30 19:52 --------- d-sh--r C:\Program Files\Real Spy Monitor
2008-03-30 19:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-29 16:02 --------- d-----w C:\Documents and Settings\fab\Application Data\Azureus
2008-03-27 19:06 --------- d-----w C:\Program Files\eMule
2008-03-21 11:18 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-20 16:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-12 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 16:43 --------- d-----w C:\Program Files\Azureus
2008-03-05 10:11 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-02-21 17:43 349,378 ----a-w C:\Program Files\mpeg2avi.exe
2008-02-20 13:04 884,736 ----a-w C:\Program Files\vkaraoke.exe
2008-02-18 23:09 --------- d-----w C:\Program Files\Mio Technology
2008-02-18 22:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 22:45 --------- d-----w C:\Program Files\Mio DigiWalker
2008-02-17 22:46 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2008-01-31 21:45 7,639,560 ----a-w C:\Program Files\Azureus_3.0.3.4_windows.exe
2008-01-09 13:49 120 ----a-w C:\drmHeader.bin
2007-12-23 23:10 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2007-11-10 14:50 2,263,473 ----a-w C:\Program Files\french_translated.exe
2007-11-10 14:43 8,742,512 ----a-w C:\Program Files\winamp55_full_emusic-7plus_fr-fr.exe
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-09-16 16:57 61,647,736 ----a-w C:\Program Files\directx_directx_9.0c_-_mise_a_jour_aout_2007_francais_10906.exe
2007-09-16 16:39 709,227 ----a-w C:\Program Files\directx-uninstaller.zip
2007-09-16 16:33 56,169,848 ----a-w C:\Program Files\directx_jun2007_redist.exe
2007-09-16 16:19 883,584 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-16 13:31 1,585,664 ----a-w C:\Program Files\siw.exe
2007-08-24 10:05 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-08-02 13:14 1,437,696 ----a-w C:\Program Files\MioSync-v1_2-PND.exe
2007-08-02 13:11 1,892,024 ----a-w C:\Program Files\Mio-C510-C710-Mio-Transfer.zip
2007-08-02 13:09 284,672 ----a-w C:\Program Files\MioMap-V3-Updater.msi
2007-07-05 19:05 359,965 ----a-w C:\Program Files\SetupPoker.exe
2007-05-17 17:42 15,714,552 ----a-w C:\Program Files\GoogleEarthWin.exe
2007-04-18 11:46 1,085,886 ----a-w C:\Program Files\rooarr391.exe
2007-03-26 17:29 889,619 ----a-w C:\Program Files\setup.exe
2007-02-22 22:23 1,104,585 ----a-w C:\Program Files\QcmSU.exe
2007-02-06 22:18 513,834 ----a-w C:\Program Files\clientinstall.exe
2007-02-02 16:59 532,003 ----a-w C:\Program Files\mkvtoavi.exe
2007-01-30 22:09 6,359,282 ----a-w C:\Program Files\Satsuki.Decoder.Pack.3.1.1.0.exe
2007-01-14 18:35 2,714,626 ----a-w C:\Program Files\mpc_install_xp_6.4.9.0b_fr.exe
2007-01-01 17:33 167,637 ----a-w C:\Program Files\mp3DC204.exe
2006-12-27 19:50 201 ----a-w C:\Program Files\http--www.emule-paradise.com-.url
2006-12-25 23:29 8,799,656 ----a-w C:\Program Files\Azureus_2.5.0.0_Win32.setup.exe
2006-12-25 03:27 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-28 19:58 4,804,192 ----a-w C:\Program Files\WinAVI_Video_Converter_Fr.exe
2006-11-11 16:45 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2006-11-08 11:34 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-11-03 11:06 2,250,037 ----a-w C:\Program Files\setupixdisc.exe
2006-09-10 13:16 2,585,264 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2006-08-25 18:52 5,011,968 ----a-w C:\Program Files\ampw10.exe
2006-08-22 12:21 22,083,376 ----a-w C:\Program Files\QuickTimeInstaller.exe
2006-08-20 20:32 1,450,904 ----a-w C:\Program Files\daemon403-x86.exe
2006-08-18 22:52 23,488,648 ----a-w C:\Program Files\AdbeRdr708_fr_FR.exe
2006-08-14 16:15 12,641,625 ----a-w C:\Program Files\PDFCreator-0_9_2_GPLGhostscript.exe
2006-07-27 14:31 97,673,998 ----a-w C:\Program Files\OOo_2.0.3_Win32Intel_install_fr.exe
2006-07-24 18:31 1,960,426 ----a-w C:\Program Files\winscp382setupintl2.exe
2006-07-20 18:37 9,109,072 ----a-w C:\Program Files\TU2006TrialFR.exe
2006-07-20 18:26 1,228,864 ----a-w C:\Program Files\registryrepair_rr28.exe
2006-07-20 12:26 13,649,984 ----a-w C:\Program Files\kav6.0.0.300fr.exe
2006-07-01 02:16 13,728,706 ----a-w C:\Program Files\Install_NeoDivXSuite.exe
2002-04-21 08:42 210,944 ----a-w C:\Program Files\Mpeg2aviGUI.exe
2002-04-17 11:21 32,768 ----a-w C:\Program Files\divxauto40b.exe
2002-04-17 11:16 1,947 ----a-w C:\Program Files\divxauto40b.txt
2002-04-16 09:34 176,128 ----a-w C:\Program Files\m2apx3g.016.exe
2002-04-16 09:21 1,089 ----a-w C:\Program Files\readme.txt
2006-12-06 17:12 89,632 -csha-w C:\WINDOWS\fidbox.dat
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\user32.dll
561,152 2003-10-07 00:00:00 C:\WINDOWS\system32\dllcache\user32.dll


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-10-07 02:00 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-07-19 20:09 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-07-19 20:06 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-07-19 20:10 114688]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 17:35 8597586]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-22 15:01 282624]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09 139367]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-04 14:48 185896]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-10-07 02:00 13312]

C:\Documents and Settings\fab\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22 61440]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2003-10-07 02:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-04-17 21:58]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-14 16:16:19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 19:05:39
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-04-01 19:07:45
ComboFix-quarantined-files.txt 2008-04-01 17:07:39
Pre-Run: 7,897,714,688 octets libres
Post-Run: 7,909,920,768 octets libres
0

Discussions similaires

Comment supprimer un compte Facebook sans email ni mot de passe ?
Joris77 -
Mahmoud96 -

23 réponses
Impossible de supprimer un message sur Instagram (iphone)
CanDeer -
Iphoneuser -

10 réponses