Lenteur, blocage avec analyse HijackThis
cucharon39
Messages postés
3
Statut
Membre
-
cucharon39 Messages postés 3 Statut Membre -
cucharon39 Messages postés 3 Statut Membre -
Bonjour,
Depuis vendredi mon ordinateur ne me permet plus de faire de recherches sur Google (en tapant un mot, il y a écrit "chargement" sur l'onglet et puis cela tourne indéfiniment.
J'ai également d'autre symptomes comme une lenteur de l'ordinateur pour ouvrir des programmes, des messages "mémoire insuffisante de windows", des fenêtres de publicités qui s'ouvre ou un chargement ce la page suivante :
https://www.hugedomains.com/domain_profile.cfm?d=adnetserver&e=com
J'ai essayé Ad-ware et spywarefigther. Ils ont enlevé beaucoup de spyware mais pas totalement.
J'utilise Spybot et chaque fois que je reboote, il bloque l'élément 484c21fb.
J'ai utilisé Ccleaner et j'ai scanné avec AVG anti-spyware qui a trouvé un spyware mais qui ne parvient pas à la supprimer car il apparaît après chaque redémarrge.
Le rapport est le suivant :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 08:10:43 29/04/2008
+ Résultat de l'analyse:
C:\WINDOWS\system32\Αdobe\winspool.exe -> Downloader.PurityScan.fk : Aucune action entreprise.
[2908] C:\WINDOWS\system32\DOBE~1\winspool.exe -> Downloader.PurityScan.fk : Aucune action entreprise.
Fin du rapport
J'ai également fait un rapport avec HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:37, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common files\?ymantec\w?crtupd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\DOBE~1\winspool.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [exit meet obj active] C:\Documents and Settings\All Users\Application Data\Upload Global Exit Meet\2user.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S84.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM4b7f1267] Rundll32.exe "C:\WINDOWS\system32\yteecepo.dll",s
O4 - HKLM\..\Run: [484c21fb] rundll32.exe "C:\WINDOWS\system32\uivxrigu.dll",b
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dzgnqnhe] "C:\Program Files\Common files\?ymantec\w?crtupd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Aowt] "C:\WINDOWS\system32\DOBE~1\winspool.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://nomad.solvay.com/InternalSite/WhlCompMgr.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cg35.intra
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cg35.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cg35.intra
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXIgR2FyY2lh\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
Depuis vendredi mon ordinateur ne me permet plus de faire de recherches sur Google (en tapant un mot, il y a écrit "chargement" sur l'onglet et puis cela tourne indéfiniment.
J'ai également d'autre symptomes comme une lenteur de l'ordinateur pour ouvrir des programmes, des messages "mémoire insuffisante de windows", des fenêtres de publicités qui s'ouvre ou un chargement ce la page suivante :
https://www.hugedomains.com/domain_profile.cfm?d=adnetserver&e=com
J'ai essayé Ad-ware et spywarefigther. Ils ont enlevé beaucoup de spyware mais pas totalement.
J'utilise Spybot et chaque fois que je reboote, il bloque l'élément 484c21fb.
J'ai utilisé Ccleaner et j'ai scanné avec AVG anti-spyware qui a trouvé un spyware mais qui ne parvient pas à la supprimer car il apparaît après chaque redémarrge.
Le rapport est le suivant :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 08:10:43 29/04/2008
+ Résultat de l'analyse:
C:\WINDOWS\system32\Αdobe\winspool.exe -> Downloader.PurityScan.fk : Aucune action entreprise.
[2908] C:\WINDOWS\system32\DOBE~1\winspool.exe -> Downloader.PurityScan.fk : Aucune action entreprise.
Fin du rapport
J'ai également fait un rapport avec HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:37, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common files\?ymantec\w?crtupd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\DOBE~1\winspool.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [exit meet obj active] C:\Documents and Settings\All Users\Application Data\Upload Global Exit Meet\2user.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S84.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM4b7f1267] Rundll32.exe "C:\WINDOWS\system32\yteecepo.dll",s
O4 - HKLM\..\Run: [484c21fb] rundll32.exe "C:\WINDOWS\system32\uivxrigu.dll",b
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dzgnqnhe] "C:\Program Files\Common files\?ymantec\w?crtupd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Aowt] "C:\WINDOWS\system32\DOBE~1\winspool.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://nomad.solvay.com/InternalSite/WhlCompMgr.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cg35.intra
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cg35.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cg35.intra
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXIgR2FyY2lh\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
A voir également:
- Lenteur, blocage avec analyse HijackThis
- Lenteur pc - Guide
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Echec de l'analyse antivirus - Astuces et Solutions
4 réponses
Salut
coche les lignes suivantes
C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\Run: [exit meet obj active] C:\Documents and Settings\All Users\Application Data\Upload Global Exit Meet\2user.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Aowt] "C:\WINDOWS\system32\DOBE~1\winspool.exe" -vt ndrv
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXIgR2FyY2lh\command.exe (file missing)
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
Voilà
coche les lignes suivantes
C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [Microsoft Update] wuampd.exe
O4 - HKLM\..\Run: [exit meet obj active] C:\Documents and Settings\All Users\Application Data\Upload Global Exit Meet\2user.exe
O4 - HKCU\..\Run: [Microsoft Update] wuampd.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Mr Garcia\Application Data\Microsoft\Windows\mgdhk.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [Aowt] "C:\WINDOWS\system32\DOBE~1\winspool.exe" -vt ndrv
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXIgR2FyY2lh\command.exe (file missing)
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
Voilà
Aussi va faire un tour sur ce lien et fais tout ce qui ait dit tu devrait gagner en rapidité
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire
nico hijack c est pour voir ce qui se passe , ensuite les specialistes utilisent les utilitaires adaptes et ce sont ces lignes qui se supprime ou redevienne normal
mais la tu supprimes une partie de l infection, mais pas le tout.
je crois qu il y a du travail sur son ordi.
mais la tu supprimes une partie de l infection, mais pas le tout.
je crois qu il y a du travail sur son ordi.
Bonjour,
J'ai chercher PurityScan sur le forum et papyber indique de passer Combofix.
Je l'ai passé et je peux à nouveau rechercher sous Google et AVG n'indique plus ce dowloader au démarrage.
Le dernier point qui reste est l'élément 484c21fb au démarrage qui est bloqué par spybot.
Voilà le rapport de Combofix.
ComboFix 08-04-27.1 - Mr Garcia 2008-04-30 0:38:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.65 [GMT 2:00]
Endroit: C:\Outils\Antivirus\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AntiSpywareMaster
C:\Program Files\CPV
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\SoftwareOnline
C:\Program Files\SoftwareOnline\soproc.exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\ddcCSIyW.dll
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\?dobe\
C:\WINDOWS\system32\dobe~1\winspool.exe
C:\WINDOWS\system32\dqcbahpy.ini
C:\WINDOWS\system32\dsfcfyql.dll
C:\WINDOWS\system32\enfjgiga.dll
C:\WINDOWS\system32\fcccdeDT.dll
C:\WINDOWS\system32\fwixenrm.dll
C:\WINDOWS\system32\gkyglxlh.dll
C:\WINDOWS\system32\hlxlgykg.ini
C:\WINDOWS\system32\jfkyvagv.dll
C:\WINDOWS\system32\kqquenvm.dll
C:\WINDOWS\system32\lxgawrqd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mefpywvd.dll
C:\WINDOWS\system32\mrnexiwf.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\njimsgtl.dll
C:\WINDOWS\system32\nmbusaoy.ini
C:\WINDOWS\system32\oqnplkfc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rqRhfGVo.dll
C:\WINDOWS\system32\sbsmnnqg.dll
C:\WINDOWS\system32\ugirxviu.ini
C:\WINDOWS\system32\uivxrigu.dll
C:\WINDOWS\system32\vgavykfj.ini
C:\WINDOWS\system32\wenaehaq.dll
C:\WINDOWS\system32\wmorncmq.dll
C:\WINDOWS\system32\wthcnfxr.dll
C:\WINDOWS\system32\WyISCcdd.ini
C:\WINDOWS\system32\WyISCcdd.ini2
C:\WINDOWS\system32\xkirvxth.dll
C:\WINDOWS\system32\yteecepo.dll
C:\WINDOWS\TXIgR2FyY2lh\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NNSERV
-------\Service_cmdService
-------\Service_NNServ
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))))))
.
2008-04-29 23:33 . 2008-04-29 23:33 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-29 20:53 . 2008-04-29 20:54 <REP> d-------- C:\Outils
2008-04-29 20:03 . 2008-04-29 20:03 <REP> d-------- C:\Program Files\Trend Micro
2008-04-28 20:42 . 2008-04-28 20:42 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\Grisoft
2008-04-28 20:41 . 2008-04-28 20:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-28 20:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-28 20:25 . 2008-04-28 20:25 <REP> d-------- C:\Program Files\CCleaner
2008-04-27 19:29 . 2008-04-29 23:29 109,772 --a------ C:\WINDOWS\BM4b7f1267.xml
2008-04-25 23:16 . 2008-04-25 23:16 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-25 23:15 . 2008-04-25 23:26 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-25 22:05 . 2008-04-25 22:56 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-25 22:05 . 2008-04-25 22:05 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\PC Tools
2008-04-25 22:05 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-25 22:05 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-25 22:05 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-25 22:05 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-25 21:34 . 2008-04-25 21:34 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-04-25 21:30 . 2008-04-25 22:18 0 --a------ C:\WINDOWS\system32\atmtd.dll.tmp
2008-04-25 21:24 . 2008-04-30 00:25 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-25 07:35 . 2008-04-25 18:55 1,509,159 ---hs---- C:\WINDOWS\system32\apckyubh.ini
2008-04-23 20:59 . 2008-04-23 23:46 1,540,677 ---hs---- C:\WINDOWS\system32\dtmsljku.ini
2008-04-23 00:31 . 2008-04-29 19:40 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner
2008-04-23 00:01 . 2008-04-22 23:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-23 00:01 . 2008-04-23 00:01 2,559 --a------ C:\WINDOWS\unins000.dat
2008-04-22 23:46 . 2008-04-22 23:49 <REP> d-------- C:\Program Files\Inet_Get_2
2008-04-22 23:46 . 2008-04-26 00:34 10 --a------ C:\Program Files\.autoreg
2008-04-21 23:46 . 2008-04-21 23:46 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-21 23:30 . 2008-04-25 10:15 <REP> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 23:30 . 2008-04-26 10:09 <REP> d-------- C:\WINDOWS\system32\wTmp
2008-04-21 23:30 . 2008-04-26 10:09 <REP> d-------- C:\WINDOWS\system32\IBn
2008-04-21 23:30 . 2008-04-21 23:30 <REP> d-------- C:\Temp\berDrv11
2008-04-21 23:30 . 2008-04-30 00:39 <REP> d-------- C:\Temp
2008-04-16 23:46 . 2008-04-16 23:46 <REP> d-------- C:\Program Files\uTorrent
2008-04-16 23:46 . 2008-04-29 20:04 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\uTorrent
2008-04-03 09:41 . 2008-04-03 09:41 1,409 --a------ C:\WINDOWS\system32\tmp9ECCE.FOT
2008-04-01 17:31 . 2008-04-01 17:31 <REP> d-------- C:\Program Files\Mindscape
2008-04-01 17:31 . 2008-04-01 17:31 0 --a------ C:\WINDOWS\SETUP32.INI
2008-04-01 17:12 . 2008-04-01 17:15 <REP> d-------- C:\TCHOUPI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 18:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-29 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-25 21:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 20:54 --------- d-----w C:\Program Files\Warez P2P Client
2008-04-23 18:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 21:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-21 21:35 --------- d-----w C:\Program Files\Common files
2008-03-26 22:35 --------- d-----w C:\Documents and Settings\Mr Garcia\Application Data\Thunderbird
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:07 --------- d-----w C:\Program Files\Outlook Express Quick Backup
2008-03-17 19:58 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-17 19:58 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-15 18:52 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-15 18:52 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-15 18:52 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-11 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 20:14 --------- d-----w C:\Program Files\DivX
2008-03-11 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\list vga idle save
2008-03-10 23:36 --------- d-----w C:\Program Files\CyberLink
2008-03-10 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\flag ace stupid data
2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2005-08-01 09:44 10,844,936 ----a-w C:\Program Files\GoogleEarth.exe
2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2005-05-07 06:42 385,175 --sh--w C:\WINDOWS\Web\printers\sarlitu.bak1
2005-05-05 08:19 385,179 --sh--w C:\WINDOWS\Web\printers\sarlitu.bak2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00320615-B6C2-40A6-8F99-F1C52D674FAD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A80A7AF-DF70-3C8F-A48B-CDFBFF997C05}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3cfd5654-e5a5-40c7-870a-e561134d48a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62ADB702-F3C5-4E33-AB05-654609D6B442}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75AAA603-93A5-4D01-A99B-DC9CAF70379F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DD9D129-8A78-4828-9A1F-1C6814A870B2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B038AAE4-425F-470D-A731-2E45BB2248AB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4DF35D7-AE43-D5EB-19E1-D08F745679C6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB775CF4-ADB1-4721-8EF1-ED03967CDC32}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4A77638-D721-4D7D-B4BB-21498BF202D3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3692701-a122-4c6c-ac60-7a08124fc07e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE8A6763-9384-4CC0-8A6D-27E746A36564}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dzgnqnhe"="C:\Program Files\Common files\?ymantec\w?crtupd.exe" [2008-04-11 19:52 230400]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3600 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 01:09 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Microsoft Update"="wuampd.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccdeDT]
fcccdeDT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aowt]
C:\WINDOWS\system32\DOBE~1\winspool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-06-10 22:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4b7f1267]
C:\WINDOWS\system32\yteecepo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 05:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
--a------ 2006-02-21 06:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exit meet obj active]
--a------ 2006-05-22 22:20 368582 C:\Documents and Settings\All Users\Application Data\Upload Global Exit Meet\2user.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-06-03 08:59 4640768 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2003-06-03 08:59 323584 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 16:26 406016 C:\WINDOWS\System32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-10 12:08 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SOProc_SoRefRegSoAlertWxLiteNnAj]
--a------ 2007-10-25 18:43 8516608 C:\WINDOWS\system32\shell32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-04-03 15:26 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys [2006-11-04 19:52]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 11:19]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S3 c_su_1b;Caspar driver (c_su_1b.sys);C:\WINDOWS\system32\Drivers\c_su_1b.sys [2003-08-28 09:52]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys []
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 07:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 00:51:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-30 1:04:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 23:04:27
Pre-Run: 15,783,911,424 octets libres
Post-Run: 15,740,219,392 octets libres
263 --- E O F --- 2008-04-13 21:51:42
Merci de votre aide.
Bon WE à tous
J'ai chercher PurityScan sur le forum et papyber indique de passer Combofix.
Je l'ai passé et je peux à nouveau rechercher sous Google et AVG n'indique plus ce dowloader au démarrage.
Le dernier point qui reste est l'élément 484c21fb au démarrage qui est bloqué par spybot.
Voilà le rapport de Combofix.
ComboFix 08-04-27.1 - Mr Garcia 2008-04-30 0:38:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.65 [GMT 2:00]
Endroit: C:\Outils\Antivirus\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AntiSpywareMaster
C:\Program Files\CPV
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\SoftwareOnline
C:\Program Files\SoftwareOnline\soproc.exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\ddcCSIyW.dll
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\?dobe\
C:\WINDOWS\system32\dobe~1\winspool.exe
C:\WINDOWS\system32\dqcbahpy.ini
C:\WINDOWS\system32\dsfcfyql.dll
C:\WINDOWS\system32\enfjgiga.dll
C:\WINDOWS\system32\fcccdeDT.dll
C:\WINDOWS\system32\fwixenrm.dll
C:\WINDOWS\system32\gkyglxlh.dll
C:\WINDOWS\system32\hlxlgykg.ini
C:\WINDOWS\system32\jfkyvagv.dll
C:\WINDOWS\system32\kqquenvm.dll
C:\WINDOWS\system32\lxgawrqd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mefpywvd.dll
C:\WINDOWS\system32\mrnexiwf.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\njimsgtl.dll
C:\WINDOWS\system32\nmbusaoy.ini
C:\WINDOWS\system32\oqnplkfc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rqRhfGVo.dll
C:\WINDOWS\system32\sbsmnnqg.dll
C:\WINDOWS\system32\ugirxviu.ini
C:\WINDOWS\system32\uivxrigu.dll
C:\WINDOWS\system32\vgavykfj.ini
C:\WINDOWS\system32\wenaehaq.dll
C:\WINDOWS\system32\wmorncmq.dll
C:\WINDOWS\system32\wthcnfxr.dll
C:\WINDOWS\system32\WyISCcdd.ini
C:\WINDOWS\system32\WyISCcdd.ini2
C:\WINDOWS\system32\xkirvxth.dll
C:\WINDOWS\system32\yteecepo.dll
C:\WINDOWS\TXIgR2FyY2lh\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NNSERV
-------\Service_cmdService
-------\Service_NNServ
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))))))
.
2008-04-29 23:33 . 2008-04-29 23:33 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-29 20:53 . 2008-04-29 20:54 <REP> d-------- C:\Outils
2008-04-29 20:03 . 2008-04-29 20:03 <REP> d-------- C:\Program Files\Trend Micro
2008-04-28 20:42 . 2008-04-28 20:42 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\Grisoft
2008-04-28 20:41 . 2008-04-28 20:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-28 20:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-28 20:25 . 2008-04-28 20:25 <REP> d-------- C:\Program Files\CCleaner
2008-04-27 19:29 . 2008-04-29 23:29 109,772 --a------ C:\WINDOWS\BM4b7f1267.xml
2008-04-25 23:16 . 2008-04-25 23:16 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-04-25 23:15 . 2008-04-25 23:26 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-04-25 22:05 . 2008-04-25 22:56 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-25 22:05 . 2008-04-25 22:05 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\PC Tools
2008-04-25 22:05 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-25 22:05 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-25 22:05 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-25 22:05 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-25 21:34 . 2008-04-25 21:34 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-04-25 21:30 . 2008-04-25 22:18 0 --a------ C:\WINDOWS\system32\atmtd.dll.tmp
2008-04-25 21:24 . 2008-04-30 00:25 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-25 07:35 . 2008-04-25 18:55 1,509,159 ---hs---- C:\WINDOWS\system32\apckyubh.ini
2008-04-23 20:59 . 2008-04-23 23:46 1,540,677 ---hs---- C:\WINDOWS\system32\dtmsljku.ini
2008-04-23 00:31 . 2008-04-29 19:40 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\SpeedRunner
2008-04-23 00:01 . 2008-04-22 23:57 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-23 00:01 . 2008-04-23 00:01 2,559 --a------ C:\WINDOWS\unins000.dat
2008-04-22 23:46 . 2008-04-22 23:49 <REP> d-------- C:\Program Files\Inet_Get_2
2008-04-22 23:46 . 2008-04-26 00:34 10 --a------ C:\Program Files\.autoreg
2008-04-21 23:46 . 2008-04-21 23:46 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-21 23:30 . 2008-04-25 10:15 <REP> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 23:30 . 2008-04-26 10:09 <REP> d-------- C:\WINDOWS\system32\wTmp
2008-04-21 23:30 . 2008-04-26 10:09 <REP> d-------- C:\WINDOWS\system32\IBn
2008-04-21 23:30 . 2008-04-21 23:30 <REP> d-------- C:\Temp\berDrv11
2008-04-21 23:30 . 2008-04-30 00:39 <REP> d-------- C:\Temp
2008-04-16 23:46 . 2008-04-16 23:46 <REP> d-------- C:\Program Files\uTorrent
2008-04-16 23:46 . 2008-04-29 20:04 <REP> d-------- C:\Documents and Settings\Mr Garcia\Application Data\uTorrent
2008-04-03 09:41 . 2008-04-03 09:41 1,409 --a------ C:\WINDOWS\system32\tmp9ECCE.FOT
2008-04-01 17:31 . 2008-04-01 17:31 <REP> d-------- C:\Program Files\Mindscape
2008-04-01 17:31 . 2008-04-01 17:31 0 --a------ C:\WINDOWS\SETUP32.INI
2008-04-01 17:12 . 2008-04-01 17:15 <REP> d-------- C:\TCHOUPI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 18:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-29 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-25 21:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 20:54 --------- d-----w C:\Program Files\Warez P2P Client
2008-04-23 18:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 21:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-21 21:35 --------- d-----w C:\Program Files\Common files
2008-03-26 22:35 --------- d-----w C:\Documents and Settings\Mr Garcia\Application Data\Thunderbird
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:07 --------- d-----w C:\Program Files\Outlook Express Quick Backup
2008-03-17 19:58 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-17 19:58 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-15 18:52 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-15 18:52 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-15 18:52 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-11 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 20:14 --------- d-----w C:\Program Files\DivX
2008-03-11 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\list vga idle save
2008-03-10 23:36 --------- d-----w C:\Program Files\CyberLink
2008-03-10 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\flag ace stupid data
2008-02-21 13:38 946,832 ----a-w C:\WINDOWS\system32\_ISource30.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2005-08-01 09:44 10,844,936 ----a-w C:\Program Files\GoogleEarth.exe
2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2005-05-07 06:42 385,175 --sh--w C:\WINDOWS\Web\printers\sarlitu.bak1
2005-05-05 08:19 385,179 --sh--w C:\WINDOWS\Web\printers\sarlitu.bak2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00320615-B6C2-40A6-8F99-F1C52D674FAD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A80A7AF-DF70-3C8F-A48B-CDFBFF997C05}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3cfd5654-e5a5-40c7-870a-e561134d48a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62ADB702-F3C5-4E33-AB05-654609D6B442}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75AAA603-93A5-4D01-A99B-DC9CAF70379F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DD9D129-8A78-4828-9A1F-1C6814A870B2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B038AAE4-425F-470D-A731-2E45BB2248AB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4DF35D7-AE43-D5EB-19E1-D08F745679C6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB775CF4-ADB1-4721-8EF1-ED03967CDC32}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4A77638-D721-4D7D-B4BB-21498BF202D3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3692701-a122-4c6c-ac60-7a08124fc07e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE8A6763-9384-4CC0-8A6D-27E746A36564}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dzgnqnhe"="C:\Program Files\Common files\?ymantec\w?crtupd.exe" [2008-04-11 19:52 230400]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3600 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 01:09 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Microsoft Update"="wuampd.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccdeDT]
fcccdeDT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aowt]
C:\WINDOWS\system32\DOBE~1\winspool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-06-10 22:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4b7f1267]
C:\WINDOWS\system32\yteecepo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 05:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
--a------ 2006-02-21 06:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exit meet obj active]
--a------ 2006-05-22 22:20 368582 C:\Documents and Settings\All Users\Application Data\Upload Global Exit Meet\2user.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-06-03 08:59 4640768 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2003-06-03 08:59 323584 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 16:26 406016 C:\WINDOWS\System32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-10 12:08 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SOProc_SoRefRegSoAlertWxLiteNnAj]
--a------ 2007-10-25 18:43 8516608 C:\WINDOWS\system32\shell32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-04-03 15:26 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys [2006-11-04 19:52]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 11:19]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S3 c_su_1b;Caspar driver (c_su_1b.sys);C:\WINDOWS\system32\Drivers\c_su_1b.sys [2003-08-28 09:52]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys []
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 07:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 00:51:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-30 1:04:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 23:04:27
Pre-Run: 15,783,911,424 octets libres
Post-Run: 15,740,219,392 octets libres
263 --- E O F --- 2008-04-13 21:51:42
Merci de votre aide.
Bon WE à tous
Un certains nombre de lignes ont disparu et mon ordi fonctionne plus vite.
Cependant, je pense que j'ai encore un virus et je ne suis pas très perspicace puisque :
- AVG a chaque démarrage me signale le Downloader.PurityScan.fk et il n'arrive pas à le mettre en quarantaine.
- Spybot me signale qye l'élément Bm4b7f1267 cherche à modifier le registre et en le fixant avec HijackThis, il revient à chaque démarrage.
- une fenêtre c'est ouverte sur firefox : http://fr1.darkorbit.bigpoint.com/?aid=653&aig=22
J'envoie le rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:50, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common files\?ymantec\w?crtupd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/fr/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [484c21fb] rundll32.exe "C:\WINDOWS\system32\fwixenrm.dll",b
O4 - HKLM\..\Run: [BM4b7f1267] Rundll32.exe "C:\WINDOWS\system32\mefpywvd.dll",s
O4 - HKCU\..\Run: [Dzgnqnhe] "C:\Program Files\Common files\?ymantec\w?crtupd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://nomad.solvay.com/InternalSite/WhlCompMgr.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cg35.intra
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cg35.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cg35.intra
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXIgR2FyY2lh\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe