Malware impossible à enlever

Aldebaran33 Messages postés 28 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,


Depuis quelques temps j'ai 3 malwares sur mon ordi détectés par le logiciel antimalwares mais ils n'arrivent pas à les supprimer. J'ai également essayé avec combifix. A la fin du nettoyage il me dit qu'il a supprimé le fichier infecté ainsi que les 2 clés mais je les retrouve au démarrage suivant. J'ai voulu utilisé combofix en mode sans échec mais je ne retrouve pas le fichier permettant d'éxécuter la commande. J'ai juste pu l'utilisé en mode diagnostic, je ne sais pas si c'est aussi efficace.
En tout cas je commence en avoir marre de ces 3 malwares sur mon ordi.

Quelqu'un pourrait il m'aider ?

D'avance merci.
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

▶ Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp


▶ Télécharge hijackthis et enregistre le fichier d'installation sur ton bureau.

▶ Ensuite double-cliques sur le fichier d'installation puis sur "exécuter".

▶ Cliques sur "Install" en vérifiant que le chemin d'installation est bien dans tes programmes et puis sur "I Accept".

▶ Cliques sur "Do a system scan and save a logfile".

▶ Laisse l'analyse se terminer jusqu'à l'apparition du rapport dans le bloc note.

▶ Ensuite fais un copié/collé du rapport dans ta prochaine réponse sur le forum



Comment copier/coller le rapport :


Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
0
Réponse 2 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:40, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\o\Bureau\Crazy Browser.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [combofix] \ /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 3 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Pourrais tu poster le rapport de malwarebytes stp ??
0
Réponse 4 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1400
Windows 5.1.2600 Service Pack 3

16/11/2008 12:29:38
mbam-log-2008-11-16 (12-29-35).txt

Type de recherche: Examen rapide
Eléments examinés: 1908
Temps écoulé: 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\onxyikd.dll (Trojan.BHO.H) -> No action taken.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
vas vider la quarantaine de malwarebytes et fais une analyse complete stp
0
Réponse 6 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
rocessus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvcpuu (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\onxyikd.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\hklqwl.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\o\Local Settings\temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 7 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
quels sont les fichiers que tu retrouves à chaques fois au redémarrage de ton PC ??
0
Réponse 8 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Je retrouve le fichier onxyikd.dll alors que l'anti malware me dit que c'est un trojan.
Quand je fais un log il me dit que c'est un programme inconnu. Je ne peux le supprimer manuellement car il me dit que mon disque est plein ou protégé en écriture.
Il est est présent également dans deux clés.
J'ai refait un nouvel examen complet avec comme résultat les 3 elements nuisibles que j'ai toujours.( tout a l'heure j'avais des 12 malwares mais les 9 autres n'étaient pas prévu et j'ai pu les supprimer normalement).
Voici le rapport:



Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f2e6c22-39b0-4a89-8de9-ab4e99f6c35f} (Trojan.BHO.H) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\onxyikd.dll (Trojan.BHO.H) -> No action taken.
0
Réponse 9 / 32
naruto
 
telecharge le prog (malware anti malware ou encore spybot)
0
Réponse 10 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Est ce que tu acceptes le redémarrage du PC pour terminer la suppression de malwarebytes ??
0
Réponse 11 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Bien entendu j'accepte le redémmarage du PC après avoir supprimé les trojans je refais un scan et je me retrouve avec les 3 malwares à nouveau.
0
Réponse 12 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Télécharger l'utilitaire FixVundo (Symantec)

▶ Lancer "FixVundo" en double-cliquant sur son icône.

▶ Démarrer l'analyse en Cliquant sur "Start".

▶ A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.

▶ copier/coller le rapport dans le nouveau message sur le forum
0
Réponse 13 / 32
Séb71530 Messages postés 4 Statut Membre
 
salut geoffrey5

J etais en ligne avec toi le 12/11 mais plus de nouvelles car j ai pas pu repondre dans la mem journée. Peut tu ma aider j ai fait un post intitulé "trojan agent et plus de connexion internet"
Merci...(je desespere!!!)
0
Réponse 14 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Le scan s'est terminé en me disant qu'il n'y avait pas trouvé de virus. Il n'y a rien dans le rapport de plus.

Qu"est que je vais pouvoir faire de plus ?
0
Réponse 15 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Télécharge sur le bureau Virtumundobegone

▶ déconnecte internet et désactive ton antivirus le temps de la manipulation

=> Double clic sur VirtumundoBeGone.exe

=> Clic Continue ==> clic Start

=> Clic Oui

=> A la fin si Vundo est présent , le PC s’éteint et redémarre

▶ Si Ecran bleu et message : Erreur fatale .. pas de problème

=> Poste le rapport VBG.TXT qui est sur le bureau
0
Réponse 16 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
J'avais deja utilisé ce logiciel, je les refait voila le rapport, l'ordinateur ne s'est pas éteint il détecte quand mon fichier.


11/15/2008, 23:32:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\o\Bureau\VirtumundoBeGone.exe" )
[11/15/2008, 23:33:07] - User choose NOT to continue. Exiting...

[11/16/2008, 8:09:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\o\Bureau\VirtumundoBeGone.exe" )
[11/16/2008, 8:09:24] - Detected System Information:
[11/16/2008, 8:09:24] - Windows Version: 5.1.2600, Service Pack 3
[11/16/2008, 8:09:24] - Current Username: o (Admin)
[11/16/2008, 8:09:24] - Windows is in NORMAL mode.
[11/16/2008, 8:09:24] - Searching for Browser Helper Objects:
[11/16/2008, 8:09:24] - BHO 1: {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} ()
[11/16/2008, 8:09:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2008, 8:09:24] - Checking for HKLM\...\Winlogon\Notify\onxyikd
[11/16/2008, 8:09:24] - Key not found: HKLM\...\Winlogon\Notify\onxyikd, continuing.
[11/16/2008, 8:09:24] - Finished Searching Browser Helper Objects
[11/16/2008, 8:09:24] - Finishing up...
[11/16/2008, 8:09:24] - Nothing found! Exiting...

[11/16/2008, 18:13:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\o\Bureau\VirtumundoBeGone.exe" )
[11/16/2008, 18:13:52] - Detected System Information:
[11/16/2008, 18:13:52] - Windows Version: 5.1.2600, Service Pack 3
[11/16/2008, 18:13:52] - Current Username: o (Admin)
[11/16/2008, 18:13:52] - Windows is in NORMAL mode.
[11/16/2008, 18:13:52] - Searching for Browser Helper Objects:
[11/16/2008, 18:13:52] - BHO 1: {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} ()
[11/16/2008, 18:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2008, 18:13:52] - Checking for HKLM\...\Winlogon\Notify\onxyikd
[11/16/2008, 18:13:52] - Key not found: HKLM\...\Winlogon\Notify\onxyikd, continuing.
[11/16/2008, 18:13:52] - Finished Searching Browser Helper Objects
[11/16/2008, 18:13:52] - Finishing up...
[11/16/2008, 18:13:52] - Nothing found! Exiting...
0
Réponse 17 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
refais une analyse avec combofix et poste le rapport stp
0
Réponse 18 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport:


ComboFix 08-11-12.01 - o 2008-11-16 18:25:04.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.225 [GMT 1:00]
Lancé depuis: c:\documents and settings\o\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 10:45 --------- d-----w c:\program files\Logitech
2008-10-26 09:46 --------- d-----w c:\program files\Creative
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-12 17:36 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-10-12 17:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-12 17:05 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
2008-10-05 16:14 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
2008-10-05 16:14 87,552 ----a-w c:\windows\system32\VACFix.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\o4Patch.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
2008-10-05 16:14 82,432 ----a-w c:\windows\system32\404Fix.exe
2008-10-05 16:14 53,248 ----a-w c:\windows\system32\Process.exe
2008-10-05 16:14 51,200 ----a-w c:\windows\system32\dumphive.exe
2008-10-05 16:14 289,144 ----a-w c:\windows\system32\VCCLSID.exe
2008-10-05 16:14 288,417 ----a-w c:\windows\system32\SrchSTS.exe
2008-10-05 16:14 25,600 ----a-w c:\windows\system32\WS2Fix.exe
2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
2008-09-28 17:12 --------- d-----w c:\program files\AVG
2008-09-28 16:31 104,960 ----a-w c:\windows\system32\znngdin.dll
2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-14 14:24 69,120 ----a-w c:\windows\system32\olethk32.dll
2008-09-14 14:24 69,120 ----a-w c:\windows\system32\dllcache\olethk32.dll
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 09:11 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
.

((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
\Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
\Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
\Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
FF -: plugin - c:\documents and settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 18:30:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\DrvTrNTl.dll
.
Heure de fin: 2008-11-16 18:34:10
ComboFix-quarantined-files.txt 2008-11-16 17:33:44
ComboFix2.txt 2008-11-13 21:31:00
ComboFix3.txt 2008-09-29 19:32:26
ComboFix4.txt 2008-09-28 16:38:18

Avant-CF: 103 201 234 944 octets libres
Après-CF: 103,324,852,224 octets libres

388 --- E O F --- 2008-11-12 23:39:56
0
Réponse 19 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport:


ComboFix 08-11-12.01 - o 2008-11-16 18:25:04.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.225 [GMT 1:00]
Lancé depuis: c:\documents and settings\o\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 10:45 --------- d-----w c:\program files\Logitech
2008-10-26 09:46 --------- d-----w c:\program files\Creative
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-12 17:36 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-10-12 17:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-12 17:05 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
2008-10-05 16:14 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
2008-10-05 16:14 87,552 ----a-w c:\windows\system32\VACFix.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\o4Patch.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
2008-10-05 16:14 82,432 ----a-w c:\windows\system32\404Fix.exe
2008-10-05 16:14 53,248 ----a-w c:\windows\system32\Process.exe
2008-10-05 16:14 51,200 ----a-w c:\windows\system32\dumphive.exe
2008-10-05 16:14 289,144 ----a-w c:\windows\system32\VCCLSID.exe
2008-10-05 16:14 288,417 ----a-w c:\windows\system32\SrchSTS.exe
2008-10-05 16:14 25,600 ----a-w c:\windows\system32\WS2Fix.exe
2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
2008-09-28 17:12 --------- d-----w c:\program files\AVG
2008-09-28 16:31 104,960 ----a-w c:\windows\system32\znngdin.dll
2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-14 14:24 69,120 ----a-w c:\windows\system32\olethk32.dll
2008-09-14 14:24 69,120 ----a-w c:\windows\system32\dllcache\olethk32.dll
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 09:11 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
.

((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
\Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
\Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
\Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
FF -: plugin - c:\documents and settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 18:30:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\DrvTrNTl.dll
.
Heure de fin: 2008-11-16 18:34:10
ComboFix-quarantined-files.txt 2008-11-16 17:33:44
ComboFix2.txt 2008-11-13 21:31:00
ComboFix3.txt 2008-09-29 19:32:26
ComboFix4.txt 2008-09-28 16:38:18

Avant-CF: 103 201 234 944 octets libres
Après-CF: 103,324,852,224 octets libres

388 --- E O F --- 2008-11-12 23:39:56
0
Réponse 20 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Copie le texte en gras ci-dessous :

File::
c:\windows\system32\onxyikd.dll


Folder::


Registry::



▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
bazfile -

18 réponses
supprimer tor.jack android
sabinelouisonbruno -
akaloupile -

4 réponses
Tor.Jack.Malware
Camille -
bazfile -

1 réponse
Retirer le mode sécurisé sur l'écran de la TV connectée Free
beatrice -
baladur13 -

1 réponse
je n'arrive pas a supprimer un virus sur mon téléphone
nath340 -
christou -

26 réponses