Problème de trojan - Page 2

Précédent
  • 1
  • 2
  1. smoky93 Messages postés 15 Statut Membre
     
    bonsoir,

    voici les trois rapports, sdfix et combofix effectué avec succès , il démarre en mode sans echec, rapport hitjack

    merci de me tenir informer

    stef

    1-sdfix
    2-combofix
    3-hitjack

    [b]SDFix: Version 1.190 [/b]
    Run by STEF on 10/06/2008 at 20:28

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\WinCtrl32.dll - Deleted

    Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-10 20:35:21
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    ToUcamVProperty = C:\Program Files\Philips ToUcam Camera\VProperty.exe??U?c?a?m? ?C?a?m?e?r?a?\?V?P?r?o?p?e?r?t?y?.?e?x?e???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"
    "C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "F:\\fscommand\\Vividas.exe"="F:\\fscommand\\Vividas.exe:*:Disabled:Vividas Player"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Sun 30 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 22 Apr 2006 20 A..H. --- "C:\Documents and Settings\STEF\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Mon 11 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\STEF\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Mon 11 Jul 2005 400 A.SH. --- "C:\Documents and Settings\STEF\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

    [b]Finished![/b]

    -------------------------------------------------------------------------------------------------------------------------------------------------------------

    ComboFix 08-06-09.7 - STEF 2008-06-10 20:41:00.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.610 [GMT 2:00]
    Endroit: C:\Documents and Settings\STEF\Mes documents\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\STEF\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\install.exe
    C:\WINDOWS\system32\cfNTwyxx.ini
    C:\WINDOWS\system32\cfNTwyxx.ini2
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nVyxaGgh.ini
    C:\WINDOWS\system32\nVyxaGgh.ini2
    C:\WINDOWS\system32\oqsfyejx.ini
    C:\WINDOWS\system32\sgdmwawo.ini
    C:\WINDOWS\system32\tpvxvbpo.ini
    C:\WINDOWS\system32\VwwacMoq.ini
    C:\WINDOWS\system32\VwwacMoq.ini2
    C:\WINDOWS\system32\wpokavnd.ini
    C:\WINDOWS\system32\YIQsCMoq.ini
    C:\WINDOWS\system32\YIQsCMoq.ini2

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-10 20:26 . 2008-06-10 20:26 <REP> d-------- C:\WINDOWS\ERUNT
    2008-06-10 20:19 . 2008-06-10 20:20 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-06-10 20:18 . 2008-06-09 14:25 <REP> d-------- C:\SDFix
    2008-06-10 20:09 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 20:09 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-09 20:25 . 2008-06-09 20:33 3,904 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-08 17:03 . 2008-06-08 17:03 <REP> d--hs---- C:\FOUND.007
    2008-06-07 17:12 . 2008-06-07 17:12 <REP> d-------- C:\Malwarebytes' Anti-Malware
    2008-06-07 17:02 . 2008-06-07 17:02 <REP> d--hs---- C:\FOUND.006
    2008-06-06 22:57 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-06 22:51 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\is-A1GDT.tmp
    2008-06-06 22:38 . 2008-06-06 22:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-06 22:38 . 2008-06-06 22:38 <REP> d-------- C:\Documents and Settings\STEF\Application Data\Malwarebytes
    2008-06-06 22:38 . 2008-06-06 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-06 22:38 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-06 22:37 . 2008-06-10 20:45 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-06-06 22:32 . 2008-06-06 22:32 <REP> d--hs---- C:\FOUND.005
    2008-06-05 19:11 . 2008-06-05 19:11 <REP> d--hs---- C:\FOUND.004
    2008-06-05 18:48 . 2008-06-05 18:48 <REP> d--hs---- C:\FOUND.003
    2008-06-04 19:06 . 2008-06-04 19:06 <REP> d-------- C:\Program Files\Navilog1
    2008-06-03 22:19 . 2008-06-03 22:19 <REP> d--hs---- C:\FOUND.002
    2008-06-03 21:26 . 2008-06-03 21:26 <REP> d-------- C:\Documents and Settings\STEF\Application Data\Grisoft
    2008-06-03 21:26 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-06-03 21:25 . 2008-06-03 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-03 20:46 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-05-31 09:43 . 2008-05-31 09:43 <REP> d-------- C:\Program Files\OLYMPUS
    2008-05-27 21:29 . 2008-05-27 21:29 <REP> d--hs---- C:\FOUND.001
    2008-05-14 22:30 . 2008-05-14 22:30 <REP> d--hs---- C:\FOUND.000
    2008-05-13 00:34 . 2008-05-13 00:34 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-05-13 00:34 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-26 21:15 42,120 ----a-w C:\Documents and Settings\STEF\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 22:49 1,606 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2006-09-20 20:17 461 ----a-w C:\Program Files\INSTALL.LOG
    2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
    2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3.sys
    2005-03-01 09:16 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A60E34-AED3-4139-8185-AA1AA6FE6842}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75C931B3-53F3-4070-808A-529EEF25AB08}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3BC1130-D5B2-48FF-98CC-C5D6D4CACDFE}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 01:20 401491]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 16:15 816368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Cmaudio"="cmicnfg.cpl" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216]
    "nwiz"="nwiz.exe" [2004-12-15 06:01 1490944 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01 86016]
    "PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-05-22 23:46 155648]
    "QuickTime Task"="C:\program files\quicktime\qttask.exe" [2005-07-13 13:45 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 18:09 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-04 18:08 69632]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-10 19:22 185896]
    "ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2001-11-28 14:50 118784]
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:12 53248]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "Norman ZANDA"="C:\Documents and Settings\STEF\Mes documents\Mes fichiers reçus\bin\ZLH.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffGYrR]
    iiffGYrR.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.yv12"= yv12vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcR65.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 10:19]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-10-31 18:46]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 12:00]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-15 20:07]
    R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-07-27 18:06]
    S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-13 00:34]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-12-19 19:30]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-10 18:46:36 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-10 20:47:13
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    ToUcamVProperty = C:\Program Files\Philips ToUcam Camera\VProperty.exe??U?c?a?m? ?C?a?m?e?r?a?\?V?P?r?o?p?e?r?t?y?.?e?x?e???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRAM FILES\NETGEAR\WG311V3\WINDOMAINLOGON.EXE
    C:\WINDOWS\ATKKBSERVICE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
    C:\DOCUMENTS AND SETTINGS\STEF\MES DOCUMENTS\MES FICHIERS REçUS\BIN\ZANDA.EXE
    C:\WINDOWS\SYSTEM32\NVSVC32.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
    C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\VSSERV.EXE
    C:\PROGRAM FILES\NETGEAR\WG311V3\WINDOMAINLOGON.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
    C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-10 20:51:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-10 18:51:26

    Pre-Run: 26,645,856,256 octets libres
    Post-Run: 26,565,869,568 octets libres

    208 --- E O F --- 2008-06-10 18:22:03
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:00:20, on 10/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Documents and Settings\STEF\Mes documents\Mes fichiers reçus\Bin\Zanda.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\program files\quicktime\qttask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Philips ToUcam Camera\VProperty.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
    C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\STEF\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {42A60E34-AED3-4139-8185-AA1AA6FE6842} - (no file)
    O2 - BHO: (no name) - {75C931B3-53F3-4070-808A-529EEF25AB08} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {B3BC1130-D5B2-48FF-98CC-C5D6D4CACDFE} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\STEF\Mes documents\Mes fichiers reçus\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: RAID Manager.lnk = ?
    O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206099195_b2cc8541d98191a755365297cb76009a&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O20 - Winlogon Notify: iiffGYrR - iiffGYrR.dll (file missing)
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\STEF\Mes documents\Mes fichiers reçus\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\STEF\Mes documents\Mes fichiers reçus\Bin\Zanda.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    C est bon, je ne vois plus d infection!

    Relance hijackthis en cliquant sur scan only et coches ces lignes :

    O2 - BHO: (no name) - {42A60E34-AED3-4139-8185-AA1AA6FE6842} - (no file)
    O2 - BHO: (no name) - {75C931B3-53F3-4070-808A-529EEF25AB08} - (no file)
    O2 - BHO: (no name) - {B3BC1130-D5B2-48FF-98CC-C5D6D4CACDFE} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - Global Startup: RAID Manager.lnk = ?
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?

    Ensuite cliques sur fix checked.

    Si tu n as plus de problemes, tu peux mettre résolu en haut de ton topic ;)
    0
Précédent
  • 1
  • 2