Sujet Précédent Sujet Suivant

Infecte par virus et trojans (log hjt inclus)

fallaitpas Messages postés 4 Statut Membre -  
 fallaitpas -
Bonjour a tous,

suite a l'installation d'un logiciel craque (oui je sais, fallait pas... d'ou mon pseudo) j'ai ete infecte par tout un tas de trucs virus, trojans, je ne sais pas trop, dont le fameux "VIRUS ALERT" a cote de l'horloge.

J'ai commence par faire un nettoyage du systeme comme recommande ici: http://www.commentcamarche.net/faq/sujet 266 analyse interpretation d un log hijackthis#1 nettoyer le systeme

et ca a l'air d'avoir corrige pas mal de trucs, mais j'ai l'impression il reste quelques trucs louches donc je vais coller ci dessous les logs hijackthis et smitfraudfix en esperant que vous pourrez m'aider.

merci d'avance !

PS: desole pour le manque d'accents => clavier QWERTY...
A voir également:

30 réponses

  • 1
  • 2
Réponse 1 / 30
Utilisateur anonyme
 
ok il a bien bossé

reposte un log hijackthis stp
1
Réponse 2 / 30
Utilisateur anonyme
 
il résiste le petit

A LIRE JUSQU'EN BAS

Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
1
Réponse 3 / 30
Utilisateur anonyme
 
je regarde et te dit

1
fallaitpas
 
Bonjour,

je me permets de te relancer pour etre bien sur que tout est ok dans le dernier log.
a priori on dirait que tout est ok sur le pc et tout est redevenu comme avant, mais bon...
0
Réponse 4 / 30
fallaitpas
 
OK
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
fallaitpas
 
c'est fait

voila donc le log de smitfraudfix option 2 en mode sans echec:

SmitFraudFix v2.367

Scan done at 15:14:46.62, Mon 10/27/2008
Run from C:\Documents and Settings\jeremy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{455163EC-1277-456A-A6C3-68A6B74196F3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{455163EC-1277-456A-A6C3-68A6B74196F3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{455163EC-1277-456A-A6C3-68A6B74196F3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 6 / 30
fallaitpas
 
et le log de anti-malware:

Malwarebytes' Anti-Malware 1.30
Database version: 1328
Windows 5.1.2600 Service Pack 3

10/27/2008 3:35:19 PM
mbam-log-2008-10-27 (15-35-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 94016
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\rqRHwVLC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xjyecc.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{343085b6-e613-4e82-8989-93a18d11fa27} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{343085b6-e613-4e82-8989-93a18d11fa27} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3d63242-8e3c-4b59-b068-1185624708e6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3d63242-8e3c-4b59-b068-1185624708e6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343085b6-e613-4e82-8989-93a18d11fa27} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d71c4af2-9e0d-4eb3-98a6-f542e6f360d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ca9331b (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrhwvlc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrhwvlc -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\xjyecc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqRHwVLC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\CLVwHRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CLVwHRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pvdyumih.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\himuydvp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\Content.IE5\1AHRYH3G\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayywevdk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efvtbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcccbyAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKDusp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umxjrkup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayAPggH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 7 / 30
fallaitpas
 
et un autre truc: a chaque fois que je redemarre, l'optiom mise a jour automatique de windows est desactivee
0
Réponse 8 / 30
fallaitpas
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:27, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\eTrustITM\ppcl.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\CA\eTrustITM\ppcl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nordicmast.local
O17 - HKLM\Software\..\Telephony: DomainName = nordicmast.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nordicmast.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: xjyecc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
0
Réponse 9 / 30
fallaitpas
 
ca y est, le rapport est ci dessous

en tout cas ca a l'air d'avoir change quelque chose: plein de raccourcis qui avaient disparus du bureau sont reapparus !

ComboFix 08-10-26.01 - Jeremy 2008-10-27 16:20:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1552 [GMT 1:00]
Command switches used :: C:\Documents and Settings\jeremy\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\smfyjtsa.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-27 15:11 . 2008-10-27 15:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 15:11 . 2008-10-27 15:11 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\Malwarebytes
2008-10-27 15:11 . 2008-10-27 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 15:11 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 15:11 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 14:45 . 2008-10-27 14:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-27 14:21 . 2008-10-27 14:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-27 14:11 . 2008-10-27 14:11 <DIR> d-------- C:\Program Files\CCleaner
2008-10-27 14:09 . 2008-10-27 14:09 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-27 13:55 . 2008-10-27 13:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-27 13:55 . 2008-10-27 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-27 13:54 . 2008-10-27 13:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-27 12:28 . 2008-10-27 15:14 1,586 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-27 12:00 . 2008-10-27 12:00 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-27 11:56 . 2008-10-27 11:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-27 11:51 . 2008-10-27 12:13 <DIR> d-------- C:\SDFix
2008-10-27 10:59 . 2008-10-27 10:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-27 10:50 . 2008-10-27 10:50 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-27 10:50 . 2008-10-27 10:50 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-27 09:42 . 2008-10-27 09:42 142 --a------ C:\WINDOWS\wininit.ini
2008-10-27 09:24 . 2008-10-27 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:37 . 2008-10-27 08:40 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-10-27 08:37 . 2008-10-27 08:40 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-10-27 08:37 . 2008-10-27 08:51 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\Autodesk
2008-10-27 08:37 . 2008-10-27 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-10-27 07:58 . 2008-10-27 07:58 <DIR> d-------- C:\install
2008-10-26 20:59 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-10-26 20:58 . 2008-10-26 20:58 <DIR> d-------- C:\Program Files\MSBuild
2008-10-26 20:56 . 2008-10-26 20:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-26 20:55 . 2008-10-26 20:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-10-26 20:55 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-10-26 16:33 . 2008-10-26 16:33 <DIR> d-------- C:\Program Files\uTorrent
2008-10-26 16:33 . 2008-10-27 07:56 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\uTorrent
2008-10-24 11:44 . 2008-10-24 11:44 <DIR> d-------- C:\Program Files\Skype
2008-10-24 11:44 . 2008-10-24 11:44 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-10-24 11:44 . 2008-10-27 16:03 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\skypePM
2008-10-24 11:44 . 2008-10-27 15:48 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\Skype
2008-10-24 11:44 . 2008-10-24 11:44 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-24 11:43 . 2008-10-24 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-24 11:08 . 2008-10-15 17:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 11:05 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-24 11:05 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-24 11:04 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-24 11:04 . 2008-04-13 19:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-10-22 14:44 . 2008-10-22 14:44 <DIR> d-------- C:\Documents and Settings\jeremy\Bluetooth Software
2008-10-22 14:42 . 2008-10-27 16:17 <DIR> d-------- C:\Documents and Settings\jeremy
2008-10-22 14:38 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-10-22 14:38 . 2003-03-18 19:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-22 14:38 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-22 14:37 . 2008-10-22 14:38 <DIR> d-------- C:\Program Files\CA
2008-10-22 14:34 . 2008-10-22 14:34 <DIR> d-------- C:\Documents and Settings\administrator\Bluetooth Software
2008-10-22 14:34 . 2008-10-22 14:34 <DIR> d-------- C:\Documents and Settings\administrator
2008-10-22 14:33 . 2008-10-22 14:33 <DIR> d-------- C:\WINDOWS\SchCache
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-22 13:12 . 2008-10-22 13:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-22 13:11 . 2008-10-22 13:11 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-22 13:03 . 2008-10-22 13:03 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-22 13:01 . 2008-10-22 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-22 13:01 . 2008-10-22 15:20 70,878 --a------ C:\WINDOWS\system32\nvModes.dat
2008-10-22 13:01 . 2008-10-27 16:30 70,878 --a------ C:\WINDOWS\system32\nvModes.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-22 11:54 --------- d-----w C:\Program Files\WIDCOMM
2008-10-22 11:49 --------- d-----w C:\Program Files\Synaptics
2008-10-22 11:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-22 11:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-22 11:42 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-10-22 11:42 --------- d-----w C:\Documents and Settings\a\Application Data\InstallShield
2008-10-22 11:41 --------- d-----w C:\Program Files\Intel
2008-10-22 11:41 --------- d-----w C:\Program Files\Common Files\postureAgent
2008-10-22 11:39 --------- d-----w C:\Program Files\CONEXANT
2008-10-22 11:34 --------- d-----w C:\Program Files\Analog Devices
2008-10-22 09:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-02 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-02 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 404248]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"nwiz"="nwiz.exe" [2008-01-02 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xjyecc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2008-07-23 44800]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 16:30:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CA\eTrustITM\Ppcl.exe
C:\Program Files\CA\eTrustITM\Ppcl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2008-10-27 16:32:19 - machine was rebooted [Jeremy]
ComboFix-quarantined-files.txt 2008-10-27 15:32:15

Pre-Run: 105,537,937,408 bytes free
Post-Run: 105,511,264,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

184 --- E O F --- 2008-10-24 10:11:35
0
Réponse 10 / 30
fallaitpas
 
OK, je regarderai ce soir.
merci !
0
Réponse 11 / 30
Utilisateur anonyme
 
bonjour

tu a bien fait de me relancer reposte un log hijackthis stp
0
Réponse 12 / 30
fallaitpas
 
voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48, on 2008-10-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\SETUP.EXE
C:\DOCUME~1\jeremy\LOCALS~1\Temp\ose00000.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nordicmast.local
O17 - HKLM\Software\..\Telephony: DomainName = nordicmast.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nordicmast.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = nordicmast.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: xjyecc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
0
Réponse 13 / 30
fallaitpas
 
euuuhh pour info j'etais en train d'installer un truc a partir de mon lecteur DVD d'ou le "D: setup.exe"
0
Réponse 14 / 30
Utilisateur anonyme
 
pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

File::

Folder::


Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 15 / 30
fallaitpas
 
le log combo fix:

ComboFix 08-10-27.05 - Jeremy 2008-10-28 15:01:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1377 [GMT 1:00]
Running from: C:\Documents and Settings\jeremy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jeremy\Desktop\CFscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-28 14:52 . 2008-10-28 14:52 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-28 14:51 . 2008-10-28 14:51 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-28 14:48 . 2008-10-28 14:51 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-28 14:48 . 2008-10-28 14:48 <DIR> dr-h----- C:\MSOCache
2008-10-28 14:48 . 2008-10-28 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-27 15:11 . 2008-10-27 15:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 15:11 . 2008-10-27 15:11 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\Malwarebytes
2008-10-27 15:11 . 2008-10-27 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 15:11 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 15:11 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 14:45 . 2008-10-27 14:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-27 14:21 . 2008-10-27 14:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-27 14:11 . 2008-10-27 14:11 <DIR> d-------- C:\Program Files\CCleaner
2008-10-27 14:09 . 2008-10-27 14:09 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-27 13:55 . 2008-10-27 13:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-27 13:55 . 2008-10-27 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-27 13:54 . 2008-10-27 13:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-27 12:28 . 2008-10-27 15:14 1,586 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-27 12:00 . 2008-10-27 12:00 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-27 11:56 . 2008-10-27 11:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-27 11:51 . 2008-10-27 12:13 <DIR> d-------- C:\SDFix
2008-10-27 10:59 . 2008-10-27 10:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-27 10:50 . 2008-10-27 10:50 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-27 10:50 . 2008-10-27 10:50 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-27 09:42 . 2008-10-27 09:42 142 --a------ C:\WINDOWS\wininit.ini
2008-10-27 09:24 . 2008-10-27 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:37 . 2008-10-27 08:40 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-10-27 08:37 . 2008-10-27 08:40 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-10-27 08:37 . 2008-10-27 08:51 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\Autodesk
2008-10-27 08:37 . 2008-10-27 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-10-27 07:58 . 2008-10-27 07:58 <DIR> d-------- C:\install
2008-10-26 20:59 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-10-26 20:58 . 2008-10-26 20:58 <DIR> d-------- C:\Program Files\MSBuild
2008-10-26 20:56 . 2008-10-26 20:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-26 20:55 . 2008-10-26 20:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-10-26 20:55 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-10-26 16:33 . 2008-10-26 16:33 <DIR> d-------- C:\Program Files\uTorrent
2008-10-26 16:33 . 2008-10-27 07:56 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\uTorrent
2008-10-24 11:44 . 2008-10-24 11:44 <DIR> d-------- C:\Program Files\Skype
2008-10-24 11:44 . 2008-10-24 11:44 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-10-24 11:44 . 2008-10-27 16:03 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\skypePM
2008-10-24 11:44 . 2008-10-27 16:31 <DIR> d-------- C:\Documents and Settings\jeremy\Application Data\Skype
2008-10-24 11:44 . 2008-10-24 11:44 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-24 11:43 . 2008-10-24 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-24 11:08 . 2008-10-15 17:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 11:05 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-24 11:05 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-24 11:04 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-24 11:04 . 2008-04-13 19:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-10-22 14:44 . 2008-10-22 14:44 <DIR> d-------- C:\Documents and Settings\jeremy\Bluetooth Software
2008-10-22 14:42 . 2008-10-27 16:17 <DIR> d-------- C:\Documents and Settings\jeremy
2008-10-22 14:38 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-10-22 14:38 . 2003-03-18 19:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-22 14:38 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-22 14:37 . 2008-10-22 14:38 <DIR> d-------- C:\Program Files\CA
2008-10-22 14:34 . 2008-10-22 14:34 <DIR> d-------- C:\Documents and Settings\administrator\Bluetooth Software
2008-10-22 14:34 . 2008-10-22 14:34 <DIR> d-------- C:\Documents and Settings\administrator
2008-10-22 14:33 . 2008-10-22 14:33 <DIR> d-------- C:\WINDOWS\SchCache
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-22 13:13 . 2008-10-22 13:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-22 13:12 . 2008-10-22 13:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-22 13:11 . 2008-10-22 13:11 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-22 13:03 . 2008-10-22 13:03 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-22 13:01 . 2008-10-22 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-22 13:01 . 2008-10-22 15:20 70,878 --a------ C:\WINDOWS\system32\nvModes.dat
2008-10-22 13:01 . 2008-10-28 14:56 70,878 --a------ C:\WINDOWS\system32\nvModes.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-22 11:54 --------- d-----w C:\Program Files\WIDCOMM
2008-10-22 11:49 --------- d-----w C:\Program Files\Synaptics
2008-10-22 11:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-22 11:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-22 11:42 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-10-22 11:42 --------- d-----w C:\Documents and Settings\a\Application Data\InstallShield
2008-10-22 11:41 --------- d-----w C:\Program Files\Intel
2008-10-22 11:41 --------- d-----w C:\Program Files\Common Files\postureAgent
2008-10-22 11:39 --------- d-----w C:\Program Files\CONEXANT
2008-10-22 11:34 --------- d-----w C:\Program Files\Analog Devices
2008-10-22 09:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 15:06 1,560,576 ----a-w C:\WINDOWS\system32\BttnCmns_64.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-27_16.32.04.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-28 13:52:25 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-10-28 13:52:27 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-10-28 13:52:25 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-10-28 13:51:17 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-10-28 13:51:47 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-10-28 13:51:48 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-10-28 13:51:48 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-10-28 13:51:48 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-10-28 13:51:48 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-10-28 13:51:49 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-10-28 13:51:48 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-10-28 13:51:49 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-10-28 13:52:25 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-10-28 13:51:48 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-10-28 13:51:49 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-10-28 13:52:24 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-10-28 13:52:25 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-10-28 13:51:48 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-10-28 13:51:17 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-10-28 13:52:01 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-10-28 13:52:11 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-10-28 13:52:09 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-10-28 13:52:11 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-10-28 13:52:15 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2008-10-28 13:52:02 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-10-28 13:52:18 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-10-28 13:52:03 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-10-28 13:52:03 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-10-28 13:52:25 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-10-28 13:48:43 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
+ 2008-10-28 13:52:55 20,240 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-28 13:52:55 217,864 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-28 13:52:55 18,704 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-28 13:52:55 35,088 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-28 13:52:55 845,584 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-28 13:52:55 922,384 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-28 13:52:55 272,648 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-28 13:52:55 888,080 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-28 13:52:55 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
- 1999-10-17 20:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2006-10-26 13:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-17 20:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2006-10-26 12:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2006-10-26 12:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
- 2008-10-27 14:46:48 67,398 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-27 15:34:24 67,398 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-27 14:46:48 428,780 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-27 15:34:24 428,780 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-26 12:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
+ 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-02 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-02 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 404248]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"nwiz"="nwiz.exe" [2008-01-02 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2008-07-23 44800]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 15:02:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-28 15:03:29
ComboFix-quarantined-files.txt 2008-10-28 14:03:27
ComboFix2.txt 2008-10-27 15:32:20

Pre-Run: 104,274,468,864 bytes free
Post-Run: 104,288,866,304 bytes free

227 --- E O F --- 2008-10-24 10:11:35
0
Réponse 16 / 30
fallaitpas
 
et le log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10, on 2008-10-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nordicmast.local
O17 - HKLM\Software\..\Telephony: DomainName = nordicmast.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nordicmast.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = nordicmast.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
0
Réponse 17 / 30
Utilisateur anonyme
 
reposte un log hijackthis stp je regarde
0
Réponse 18 / 30
Utilisateur anonyme
 
ok

comment va ton pc ?
0
Réponse 19 / 30
fallaitpas
 
plutot bien :-)
je ne remarque plus rien d'anormal
0
Réponse 20 / 30
Utilisateur anonyme
 
bonjour

ton dernier rapport est clean

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
TI college plus (calculatrice probleme)
help39 -
Utilisateur anonyme -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses