Virus Warning + crash du PC
adslHouba
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Le pc de mon père est infecté pas un virus, qui change le fond d'écran pour nous prévenir d'une pseudo attaque de virus ... le problème c'est qu'il a des processus qui fond crash windows vista :(
Voici le rapport combofix puis celui de HijackThis
ComboFix 08-04-04.1 - Paul 2008-04-06 11:18:48.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.681 [GMT 2:00]
Endroit: C:\anti\ComboFix.exe
.
TimedOut: Windir.dat
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Windows\180ax.exe
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\cdsm32.dll
C:\Windows\default.htm
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\saiemod.dll
C:\Windows\salm.exe
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\ctfmona.exe
C:\Windows\system32\drivers\grande48.sys
C:\Windows\system32\msixu.dll
C:\Windows\system32\wer8274.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\TEMP\salm.exe
C:\Windows\updatetc.exe
C:\Windows\voiceip.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_grande48
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:24 --------- d-----w C:\Program Files\seekmo
2008-04-06 09:19 9,984 ----a-w C:\Windows\winsb.dll
2008-04-06 09:05 63,505 ----a-w C:\Windows\System32\kwpm.dll
2008-04-06 09:05 20,992 ----a-w C:\winself.exe
2008-04-06 09:00 91,559 ----a-w C:\Windows\System32\wmsdkns.exe
2008-04-06 09:00 91,559 ----a-w C:\Windows\lfn.exe
2008-04-06 09:00 117,777 ----a-w C:\Windows\System32\dddaacdcbfdb.dll
2008-04-06 08:52 --------- d-----w C:\Users\Paul\AppData\Roaming\WinIFixer.com
2008-04-06 08:52 --------- d-----w C:\Program Files\WinIFixer
2008-04-06 08:51 160,256 ----a-w C:\Windows\System32\blackster.scr
2008-04-06 08:51 --------- d-----w C:\Users\Paul\AppData\Roaming\OpenOffice.org2
2008-04-05 17:22 20,992 ----a-w C:\Windows\winself.exe
2008-04-05 16:46 3,320 ----a-w C:\Windows\System32\tmp.reg
2008-04-05 16:44 691 ----a-w C:\Users\Paul\AppData\Roaming\GetValue.vbs
2008-04-05 16:44 35 ----a-w C:\Users\Paul\AppData\Roaming\SetValue.bat
2008-04-05 11:19 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 10:38 26,112 ----a-w C:\Windows\System32\marwin32.dll
2008-04-04 17:12 62,976 ----a-w C:\Windows\System32\CbEvtSvc.exe
2008-04-04 13:16 --------- d-----w C:\Program Files\Safari
2008-04-04 13:15 --------- d-----w C:\Program Files\iTunes
2008-04-04 13:15 --------- d-----w C:\Program Files\iPod
2008-04-04 13:14 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 13:14 --------- d-----w C:\Program Files\QuickTime
2008-04-03 17:11 --------- d-----w C:\Users\Paul\AppData\Roaming\FileZilla
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-16 18:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-16 17:59 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-16 17:59 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-16 17:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-24 12:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-17 20:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 20:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 20:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-17 20:15 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 20:15 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 20:15 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-17 20:15 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-17 20:15 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-17 20:15 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-17 20:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-17 20:14 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 20:14 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 20:14 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 20:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 20:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 20:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-17 20:14 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 20:14 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 20:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 20:14 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 20:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 20:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 20:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 20:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-13 11:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-02 10:09 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-04-05_19.09.20.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 09:19:40 14,848 ----a-w C:\Windows\apphelp32.dll
+ 2008-04-06 09:19:41 20,480 ----a-w C:\Windows\asferror32.dll
+ 2008-04-06 09:19:41 20,992 ----a-w C:\Windows\asycfilt32.dll
+ 2008-04-06 09:19:41 24,576 ----a-w C:\Windows\athprxy32.dll
+ 2008-04-06 09:19:41 9,984 ----a-w C:\Windows\ati2dvaa32.dll
+ 2008-04-06 09:19:41 31,744 ----a-w C:\Windows\ati2dvag32.dll
+ 2008-04-06 09:19:41 26,880 ----a-w C:\Windows\audiosrv32.dll
+ 2008-04-06 09:19:42 22,272 ----a-w C:\Windows\autodisc32.dll
+ 2008-04-06 09:19:42 15,872 ----a-w C:\Windows\avifile32.dll
+ 2008-04-06 09:19:42 21,504 ----a-w C:\Windows\avisynthex32.dll
+ 2008-04-06 09:19:42 20,992 ----a-w C:\Windows\aviwrap32.dll
- 2008-04-05 17:06:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-06 09:22:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-06 09:19:42 8,448 ----a-w C:\Windows\browserad.dll
+ 2008-04-06 09:19:40 12,032 ----a-w C:\Windows\changeurl_30.dll
+ 2008-04-06 09:19:44 27,904 ----a-w C:\Windows\FLEOK\180ax.exe
+ 2008-04-06 09:19:48 27,648 ----a-w C:\Windows\Installer\id53.exe
+ 2008-04-06 09:19:43 27,136 ----a-w C:\Windows\msa64chk.dll
+ 2008-04-06 09:19:43 14,848 ----a-w C:\Windows\msapasrc.dll
+ 2008-04-06 09:19:42 32,512 ----a-w C:\Windows\ntnut.exe
- 2008-04-05 10:04:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-06 09:24:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 17:06:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-05 10:04:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-06 09:23:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 17:06:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-04-06 09:19:42 28,672 ----a-w C:\Windows\shdocpe.dll
+ 2008-04-06 09:19:43 24,320 ----a-w C:\Windows\shdocpl.dll
+ 2008-04-06 09:00:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2008-04-06 09:00:35 16,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-04-05 10:38:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:00:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040620080407\index.dat
+ 2008-04-06 09:00:31 78,924 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2008-04-05 17:21:56 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS0PB44\setup[1].exe
+ 2008-04-06 09:05:24 94,225 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS0PB44\u126[1].exe
+ 2008-04-05 17:21:49 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHT5Y36S\3s[2].exe
+ 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHT5Y36S\setup[1].exe
+ 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKE2DEDY\2s[1].exe
+ 2008-04-05 17:21:41 76,288 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKE2DEDY\scan[2].exe
- 2008-04-05 10:38:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 09:05:27 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\1127954099.exe
- 2008-04-05 10:38:35 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
+ 2008-04-05 17:21:49 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
+ 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\978391817.exe
- 2008-04-05 10:38:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 09:19:44 16,896 ----a-w C:\Windows\System32\MSNSA32.dll
+ 2008-04-06 09:19:43 11,776 ----a-w C:\Windows\System32\ntnut32.exe
- 2008-04-05 16:45:31 103,314 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-06 08:56:11 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-05 16:45:31 116,988 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-06 08:56:12 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-05 16:45:31 609,532 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-06 08:56:12 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-05 16:45:31 689,846 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-06 08:56:12 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-06 09:19:43 18,432 ----a-w C:\Windows\System32\shdocpe.dll
+ 2008-04-06 09:19:43 14,080 ----a-w C:\Windows\System32\SIPSPI32.dll
- 2008-04-05 09:41:05 7,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
+ 2008-04-06 08:52:30 7,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
- 2008-04-05 09:41:05 73,816 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-06 08:52:30 74,188 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-04-05 12:38 26112 --a------ C:\Windows\System32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-14 21:09 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-07 17:24 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-05 11:21 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-05 11:21 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-05 11:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 12:11 4317184 C:\Windows\RtHDVCpl.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 21:15 185632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ctfmona"="C:\Windows\system32\ctfmona.exe" [ ]
"WinIFixer"="C:\Program Files\WinIFixer\WinIFixer.exe" [2008-04-03 11:30 720896]
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dddaacdcbfdb]
C:\Windows\system32\dddaacdcbfdb.dll 2008-04-06 11:00 117777 C:\Windows\System32\dddaacdcbfdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1346870814-1824890537-913970431-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8BDA2136-AC38-42CE-82FB-3E8048BC01C3}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{B514D9B5-B607-4A97-9260-131A617DB102}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{47E7A610-AC41-49E5-AEF6-AD97F2570304}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"UDP Query User{EB37D92C-9DCA-40E4-B0BC-A6245891FA63}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"TCP Query User{56FDF703-667C-4260-A1F8-ABEECB3E5A56}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= UDP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"UDP Query User{3AF75140-0CA7-4EED-B804-144FF6E3F300}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= TCP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"{73EBA63F-271E-4F83-9F49-E8CBACA822B1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EB04CAFD-B6B4-466C-AB1C-FB6943CC329F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5F0908CE-E167-4D5C-BFB9-3C95BE1D4105}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94D9E615-8FC4-48D9-939D-BCCDBD7447AB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 CbEvtSvc;CbEvtSvc;C:\Windows\System32\CbEvtSvc.exe [2008-04-04 19:12]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 17:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf5a22bc-5f49-11dc-a6d9-001a9268f4e7}]
\shell\AutoRun\command - K:\launcher.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 11:24:19
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\SXS.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 11:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 09:27:17
ComboFix2.txt 2008-04-05 17:09:53
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-06 08:56:45 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:51, on 06/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\Windows\System32\marwin32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\Windows\system32\ctfmona.exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: dddaacdcbfdb - C:\Windows\system32\dddaacdcbfdb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\Windows\System32\CbEvtSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
Le pc de mon père est infecté pas un virus, qui change le fond d'écran pour nous prévenir d'une pseudo attaque de virus ... le problème c'est qu'il a des processus qui fond crash windows vista :(
Voici le rapport combofix puis celui de HijackThis
ComboFix 08-04-04.1 - Paul 2008-04-06 11:18:48.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.681 [GMT 2:00]
Endroit: C:\anti\ComboFix.exe
.
TimedOut: Windir.dat
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Windows\180ax.exe
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\cdsm32.dll
C:\Windows\default.htm
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\saiemod.dll
C:\Windows\salm.exe
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\ctfmona.exe
C:\Windows\system32\drivers\grande48.sys
C:\Windows\system32\msixu.dll
C:\Windows\system32\wer8274.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\TEMP\salm.exe
C:\Windows\updatetc.exe
C:\Windows\voiceip.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_grande48
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:24 --------- d-----w C:\Program Files\seekmo
2008-04-06 09:19 9,984 ----a-w C:\Windows\winsb.dll
2008-04-06 09:05 63,505 ----a-w C:\Windows\System32\kwpm.dll
2008-04-06 09:05 20,992 ----a-w C:\winself.exe
2008-04-06 09:00 91,559 ----a-w C:\Windows\System32\wmsdkns.exe
2008-04-06 09:00 91,559 ----a-w C:\Windows\lfn.exe
2008-04-06 09:00 117,777 ----a-w C:\Windows\System32\dddaacdcbfdb.dll
2008-04-06 08:52 --------- d-----w C:\Users\Paul\AppData\Roaming\WinIFixer.com
2008-04-06 08:52 --------- d-----w C:\Program Files\WinIFixer
2008-04-06 08:51 160,256 ----a-w C:\Windows\System32\blackster.scr
2008-04-06 08:51 --------- d-----w C:\Users\Paul\AppData\Roaming\OpenOffice.org2
2008-04-05 17:22 20,992 ----a-w C:\Windows\winself.exe
2008-04-05 16:46 3,320 ----a-w C:\Windows\System32\tmp.reg
2008-04-05 16:44 691 ----a-w C:\Users\Paul\AppData\Roaming\GetValue.vbs
2008-04-05 16:44 35 ----a-w C:\Users\Paul\AppData\Roaming\SetValue.bat
2008-04-05 11:19 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 10:38 26,112 ----a-w C:\Windows\System32\marwin32.dll
2008-04-04 17:12 62,976 ----a-w C:\Windows\System32\CbEvtSvc.exe
2008-04-04 13:16 --------- d-----w C:\Program Files\Safari
2008-04-04 13:15 --------- d-----w C:\Program Files\iTunes
2008-04-04 13:15 --------- d-----w C:\Program Files\iPod
2008-04-04 13:14 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 13:14 --------- d-----w C:\Program Files\QuickTime
2008-04-03 17:11 --------- d-----w C:\Users\Paul\AppData\Roaming\FileZilla
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-16 18:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-16 17:59 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-16 17:59 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-16 17:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-24 12:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-17 20:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 20:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 20:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-17 20:15 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 20:15 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 20:15 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-17 20:15 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-17 20:15 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-17 20:15 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-17 20:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-17 20:14 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 20:14 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 20:14 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 20:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 20:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 20:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-17 20:14 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 20:14 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 20:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 20:14 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 20:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 20:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 20:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 20:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-13 11:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-02 10:09 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-04-05_19.09.20.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 09:19:40 14,848 ----a-w C:\Windows\apphelp32.dll
+ 2008-04-06 09:19:41 20,480 ----a-w C:\Windows\asferror32.dll
+ 2008-04-06 09:19:41 20,992 ----a-w C:\Windows\asycfilt32.dll
+ 2008-04-06 09:19:41 24,576 ----a-w C:\Windows\athprxy32.dll
+ 2008-04-06 09:19:41 9,984 ----a-w C:\Windows\ati2dvaa32.dll
+ 2008-04-06 09:19:41 31,744 ----a-w C:\Windows\ati2dvag32.dll
+ 2008-04-06 09:19:41 26,880 ----a-w C:\Windows\audiosrv32.dll
+ 2008-04-06 09:19:42 22,272 ----a-w C:\Windows\autodisc32.dll
+ 2008-04-06 09:19:42 15,872 ----a-w C:\Windows\avifile32.dll
+ 2008-04-06 09:19:42 21,504 ----a-w C:\Windows\avisynthex32.dll
+ 2008-04-06 09:19:42 20,992 ----a-w C:\Windows\aviwrap32.dll
- 2008-04-05 17:06:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-06 09:22:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-06 09:19:42 8,448 ----a-w C:\Windows\browserad.dll
+ 2008-04-06 09:19:40 12,032 ----a-w C:\Windows\changeurl_30.dll
+ 2008-04-06 09:19:44 27,904 ----a-w C:\Windows\FLEOK\180ax.exe
+ 2008-04-06 09:19:48 27,648 ----a-w C:\Windows\Installer\id53.exe
+ 2008-04-06 09:19:43 27,136 ----a-w C:\Windows\msa64chk.dll
+ 2008-04-06 09:19:43 14,848 ----a-w C:\Windows\msapasrc.dll
+ 2008-04-06 09:19:42 32,512 ----a-w C:\Windows\ntnut.exe
- 2008-04-05 10:04:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-06 09:24:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 17:06:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-05 10:04:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-06 09:23:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 17:06:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-04-06 09:19:42 28,672 ----a-w C:\Windows\shdocpe.dll
+ 2008-04-06 09:19:43 24,320 ----a-w C:\Windows\shdocpl.dll
+ 2008-04-06 09:00:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2008-04-06 09:00:35 16,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-04-05 10:38:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:00:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040620080407\index.dat
+ 2008-04-06 09:00:31 78,924 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2008-04-05 17:21:56 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS0PB44\setup[1].exe
+ 2008-04-06 09:05:24 94,225 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS0PB44\u126[1].exe
+ 2008-04-05 17:21:49 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHT5Y36S\3s[2].exe
+ 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHT5Y36S\setup[1].exe
+ 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKE2DEDY\2s[1].exe
+ 2008-04-05 17:21:41 76,288 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKE2DEDY\scan[2].exe
- 2008-04-05 10:38:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 09:05:27 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\1127954099.exe
- 2008-04-05 10:38:35 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
+ 2008-04-05 17:21:49 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
+ 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\978391817.exe
- 2008-04-05 10:38:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 09:19:44 16,896 ----a-w C:\Windows\System32\MSNSA32.dll
+ 2008-04-06 09:19:43 11,776 ----a-w C:\Windows\System32\ntnut32.exe
- 2008-04-05 16:45:31 103,314 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-06 08:56:11 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-05 16:45:31 116,988 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-06 08:56:12 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-05 16:45:31 609,532 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-06 08:56:12 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-05 16:45:31 689,846 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-06 08:56:12 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-06 09:19:43 18,432 ----a-w C:\Windows\System32\shdocpe.dll
+ 2008-04-06 09:19:43 14,080 ----a-w C:\Windows\System32\SIPSPI32.dll
- 2008-04-05 09:41:05 7,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
+ 2008-04-06 08:52:30 7,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
- 2008-04-05 09:41:05 73,816 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-06 08:52:30 74,188 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-04-05 12:38 26112 --a------ C:\Windows\System32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-14 21:09 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-07 17:24 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-05 11:21 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-05 11:21 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-05 11:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 12:11 4317184 C:\Windows\RtHDVCpl.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 21:15 185632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ctfmona"="C:\Windows\system32\ctfmona.exe" [ ]
"WinIFixer"="C:\Program Files\WinIFixer\WinIFixer.exe" [2008-04-03 11:30 720896]
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dddaacdcbfdb]
C:\Windows\system32\dddaacdcbfdb.dll 2008-04-06 11:00 117777 C:\Windows\System32\dddaacdcbfdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1346870814-1824890537-913970431-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8BDA2136-AC38-42CE-82FB-3E8048BC01C3}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{B514D9B5-B607-4A97-9260-131A617DB102}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{47E7A610-AC41-49E5-AEF6-AD97F2570304}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"UDP Query User{EB37D92C-9DCA-40E4-B0BC-A6245891FA63}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"TCP Query User{56FDF703-667C-4260-A1F8-ABEECB3E5A56}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= UDP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"UDP Query User{3AF75140-0CA7-4EED-B804-144FF6E3F300}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= TCP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"{73EBA63F-271E-4F83-9F49-E8CBACA822B1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EB04CAFD-B6B4-466C-AB1C-FB6943CC329F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5F0908CE-E167-4D5C-BFB9-3C95BE1D4105}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94D9E615-8FC4-48D9-939D-BCCDBD7447AB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 CbEvtSvc;CbEvtSvc;C:\Windows\System32\CbEvtSvc.exe [2008-04-04 19:12]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 17:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf5a22bc-5f49-11dc-a6d9-001a9268f4e7}]
\shell\AutoRun\command - K:\launcher.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 11:24:19
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\SXS.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 11:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 09:27:17
ComboFix2.txt 2008-04-05 17:09:53
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-06 08:56:45 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:51, on 06/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\Windows\System32\marwin32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\Windows\system32\ctfmona.exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: dddaacdcbfdb - C:\Windows\system32\dddaacdcbfdb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\Windows\System32\CbEvtSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
A voir également:
- Virus Warning + crash du PC
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
42 réponses
Bonjour à tous,
j'ai aujourd'hui le même problème.
Je m'arrache les cheveux mais je ne trouve pas, et en plus... je ne comprends pas trop ce je lis ci-dessus.
C'est la galère ce truc, pourquoi les anti-virus n'arrivent pas à le combattre? C'est dingue.
Bref j'aurais voulu savoir si au bout du compte vous avez réussi, ou s'il faut que je jette mon ordinateur par la fenêtre...
ps: merci aux informaticiens qui nous envoient des trucs pareils, c'est vraiment pourri.
j'ai aujourd'hui le même problème.
Je m'arrache les cheveux mais je ne trouve pas, et en plus... je ne comprends pas trop ce je lis ci-dessus.
C'est la galère ce truc, pourquoi les anti-virus n'arrivent pas à le combattre? C'est dingue.
Bref j'aurais voulu savoir si au bout du compte vous avez réussi, ou s'il faut que je jette mon ordinateur par la fenêtre...
ps: merci aux informaticiens qui nous envoient des trucs pareils, c'est vraiment pourri.
Bonsoir Ludivine :)
Il serait préférable que tu crées ton propre « topik » message personnel. Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Donc
Fais ce qui suit, SVP
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
Merci
Il serait préférable que tu crées ton propre « topik » message personnel. Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Donc
Fais ce qui suit, SVP
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
Merci
