| 3 g!rly, le 29 jui 2008 à 17:36:29La suite :
Copie le texte ci-dessous :
Folder::
C:\Documents and Settings\All Users\Application Data\crynypar
C:\Program Files\bgzrgce
C:\Program Files\Spyware-Secure
File::
C:\WINDOWS\system32\oncpwraj.exe
C:\WINDOWS\system32\tspgbuhy.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenMsgUi"=-
"cfgsrvchk"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"05zUNuiBjl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CmdMsgUi"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
What the heck ? | Voici le rapport combo fix (je n'ai pas redémarré l'ordi, il ne me l'a pas demandé)
ComboFix 08-07-28.6 - Compaq_Propriétaire 2008-07-29 17:42:32.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.556 [GMT 2:00]
Endroit: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\oncpwraj.exe
C:\WINDOWS\system32\tspgbuhy.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\crynypar
C:\Documents and Settings\All Users\Application Data\crynypar\mlgrwven.exe
C:\Program Files\bgzrgce
C:\Program Files\bgzrgce\CmdMsgUi.dll
C:\WINDOWS\system32\oncpwraj.exe
C:\WINDOWS\system32\tspgbuhy.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))
.
2008-07-28 17:55 . 2008-07-28 17:55 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-07-28 17:55 . 2008-07-28 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 08:22 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-27 19:39 . 2008-07-27 19:39 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-27 10:15 . 2008-07-29 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-27 10:15 . 2008-07-29 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-19 10:05 . 2008-07-19 10:05 <REP> d-------- C:\Program Files\AIM6
2008-07-19 10:05 . 2008-07-19 10:05 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 10:02 . 2008-07-19 10:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-19 10:02 . 2008-07-19 10:05 961 --ah----- C:\IPH.PH
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 15:38 --------- d-----w C:\Program Files\Lx_cats
2008-07-29 15:13 2,665,962 ----a-w C:\ComboFix.exe
2008-07-29 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-29 11:25 --------- d-----w C:\Program Files\lg_fwupdate
2008-07-29 11:25 --------- d-----w C:\Program Files\eMule
2008-07-28 06:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-27 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 07:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-20 10:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-16 06:56 356 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-06-24 09:12 --------- d-----w C:\Program Files\Java
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 17:09 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\eMule
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-07 17:18 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 05:05 344064]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 01:44 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-05 01:21 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 02:50 253952]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 16:36 196608]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 13:29 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 19:24 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-07-12 11:58 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-10-07 19:33 249856]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 22:03 69632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 08:20 98304]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe" [2007-11-25 11:05 370176]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-10-07 17:16:08 200704]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-07 17:18:49 126136]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-01-05 C:\WINDOWS\Tasks\Connexion facile à Internet.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-05-24 17:46]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-GenMsgUi - C:\WINDOWS\system32\oncpwraj.exe
HKCU-Run-cfgsrvchk - C:\WINDOWS\system32\tspgbuhy.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 17:43:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-29 17:44:21
ComboFix-quarantined-files.txt 2008-07-29 15:44:16
ComboFix2.txt 2008-07-29 15:17:05
Pre-Run: 43,640,307,712 octets libres
Post-Run: 43,653,283,840 octets libres
146 --- E O F --- 2008-07-27 17:39:08
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:47, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
End of file - 9965 bytes
fallait il que je redémarre l'ordi ou pas ? |
| 18 Mat, le 15 aoû 2008 à 01:15:53Bonjour,
J'ai le meme problème.
Voici mon log.txt, peut-on m'aider svp ?????
ComboFix 08-08-14.01 - Mathieu 2008-08-15 1:23:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.208 [GMT 2:00]
Endroit: C:\Documents and Settings\Mathieu\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathieu\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
FILE ::
C:\WINDOWS\system32\oncpwraj.exe
C:\WINDOWS\system32\tspgbuhy.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible sites infectés -----
http://speedy.via.ecp.fr
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 00:22 . 2008-08-15 00:22 <REP> d-------- C:\WINDOWS\report
2008-08-15 00:22 . 2008-08-15 00:22 <REP> d-------- C:\WINDOWS\AU_Backup
2008-08-15 00:22 . 2008-08-15 00:22 26,093,329 --a------ C:\WINDOWS\LPT$VPN.477
2008-08-15 00:22 . 2008-08-15 00:22 1,964,523 --a------ C:\WINDOWS\tsc.ptn
2008-08-15 00:22 . 2008-08-15 00:22 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-08-15 00:22 . 2008-08-15 00:22 333,576 --a------ C:\WINDOWS\TSC.exe
2008-08-15 00:22 . 2008-08-15 00:22 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-08-15 00:22 . 2008-08-15 00:22 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-08-15 00:22 . 2008-08-15 00:58 823 --a------ C:\WINDOWS\tsc.ini
2008-08-15 00:21 . 2008-08-15 00:22 26,093,329 --a------ C:\WINDOWS\VPTNFILE.477
2008-08-15 00:20 . 2008-08-15 00:22 <REP> d-------- C:\WINDOWS\AU_Temp
2008-08-15 00:20 . 2008-08-15 00:20 <REP> d-------- C:\WINDOWS\AU_Log
2008-08-15 00:20 . 2008-08-15 00:20 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-08-15 00:20 . 2008-08-15 00:20 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-08-15 00:20 . 2008-08-15 00:20 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-08-15 00:20 . 2008-08-15 00:20 170 --a------ C:\WINDOWS\GetServer.ini
2008-08-14 23:51 . 2008-08-14 23:51 <REP> d-------- C:\Program Files\ehbvajd
2008-08-14 23:51 . 2008-08-14 23:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fcrifyvg
2008-08-14 23:51 . 2008-08-14 23:51 53,248 --a------ C:\WINDOWS\rkvotyhw.exe
2008-08-14 23:50 . 2008-08-14 23:50 81,920 --a------ C:\WINDOWS\system32\vujuxexq.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-07-08 19:14 --------- d-----w C:\Program Files\LimeWire
2008-06-15 23:53 --------- d-----w C:\Program Files\Bersirc
2008-06-15 22:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 22:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2006-04-17 22:53 55,360 ----a-w C:\Documents and Settings\Mathieu\Application Data\GDIPFONTCACHEV1.DAT
2004-01-22 12:43 683,132 ----a-w C:\Program Files\flashplayer7installer.exe
2002-08-04 23:32 667,648 ----a-w C:\Program Files\ivinav.ax
2002-08-04 23:32 561,152 ----a-w C:\Program Files\iviaudio.ax
2002-08-04 23:32 102,400 ----a-w C:\Program Files\WinDVD.exe
2002-08-04 23:32 1,511,424 ----a-w C:\Program Files\ivivideo.ax
2002-08-04 23:27 13 ----a-w C:\Program Files\WINDVD.exe.local
2002-08-04 23:25 237,568 ----a-w C:\Program Files\IVIWebBrowserX.ocx
2002-08-04 23:25 237,568 ----a-w C:\Program Files\IVIVRX.ocx
2002-08-04 23:25 204,800 ----a-w C:\Program Files\DSPDMO.dll
2002-08-04 23:24 344,064 ----a-w C:\Program Files\IVIAudioModeX.ocx
2002-08-04 23:24 327,680 ----a-w C:\Program Files\IVINavigationX.ocx
2002-08-04 23:24 299,008 ----a-w C:\Program Files\IVIAudioEffectX.ocx
2002-08-04 23:24 262,144 ----a-w C:\Program Files\IVICaptureX.ocx
2002-08-04 23:24 253,952 ----a-w C:\Program Files\IVIAudioSRSX.ocx
2002-08-04 23:23 290,816 ----a-w C:\Program Files\IVIBookmarkX.ocx
2002-08-04 23:23 270,336 ----a-w C:\Program Files\IVILanguageX.ocx
2002-08-04 23:23 245,760 ----a-w C:\Program Files\IVIColorX.ocx
2002-08-04 23:23 217,088 ----a-w C:\Program Files\expDMO.dll
2002-08-04 23:23 147,456 ----a-w C:\Program Files\timestretchDMO.dll
2002-08-04 23:22 626,688 ----a-w C:\Program Files\IVIPlayerX.ocx
2002-08-04 23:22 299,008 ----a-w C:\Program Files\IVIDisplayX.ocx
2002-08-04 23:22 1,712,128 ----a-w C:\Program Files\IVIVideoWndX.ocx
2002-08-04 23:18 24,576 ----a-w C:\Program Files\IVIGUI.dll
2002-08-04 23:18 2,363,392 ----a-w C:\Program Files\GPIProxy.dll
2002-08-04 23:17 147,456 ----a-w C:\Program Files\IviAudioProcess.ax
2002-08-04 23:16 77,824 ----a-w C:\Program Files\IviContainerDMO.dll
2002-07-13 20:29 688,437 ----a-w C:\Program Files\WinDVD.chm
2002-05-08 13:49 59,840 ----a-w C:\Program Files\SurroundTest.ac3
2002-04-29 13:55 143,360 ----a-w C:\Program Files\DMO_TSXT.dll
2002-04-29 13:55 143,360 ----a-w C:\Program Files\ComTruSurroundXT.dll
2001-12-09 17:37 5,132 ----a-w C:\Program Files\ReadMe.txt
2001-07-02 18:06 7,596 ----a-w C:\Program Files\license.txt
2000-12-22 10:24 671,744 ----a-w C:\Program Files\DolbyHph.dll
2000-12-05 01:18 53,248 ----a-w C:\Program Files\DHIVI.dll
2000-05-18 09:53 4,900 ----a-w C:\Program Files\DolbyHph.ll
.
------- Sigcheck -------
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2003-09-25 18:57 561152 78524a7af390ea5071b400936c73e4ff C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2002-11-22 21:29 529920 1467d0f30f0d88dd5daf3b4c2eac6034 C:\WINDOWS\$NtUninstallKB824141$\user32.dll
2002-08-29 20:45 561152 0abf2f5280940d32d1d52bd3500b0c37 C:\WINDOWS\$NtUninstallKB826939$\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 2349f281aa54f66e9c0486d3c3a25cf4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2005-03-02 20:10 578048 2349f281aa54f66e9c0486d3c3a25cf4 C:\WINDOWS\system32\user32.dll
2002-08-29 20:45 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-19 16:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:09 1036288 18e0fd214dd9980a5f3575ca574d9b15 C:\WINDOWS\explorer.exe
2002-08-29 20:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 18e0fd214dd9980a5f3575ca574d9b15 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"ComUtil"="C:\WINDOWS\system32\vujuxexq.exe" [2008-08-14 23:50 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-02-11 18:30 151597]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-20 23:43 155648]
"mntui"="C:\WINDOWS\rkvotyhw.exe" [2008-08-14 23:51 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 20:14 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"LTBOw609G2"="C:\Documents and Settings\All Users\Application Data\fcrifyvg\totapevu.exe" [2008-08-14 23:51 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"stract"= {26B95B86-C126-5928-A7BB-022F3B744D0A} - C:\Program Files\ehbvajd\stract.dll [2008-08-14 23:51 98304]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="C:\\WINDOWS\\\\Explorer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 00:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Stlth317;Stlth317;C:\WINDOWS\system32\DRIVERS\stlth317.sys [2002-08-07 16:00]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-02-17 16:33]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 01:25:51
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-08-15 1:29:22
ComboFix-quarantined-files.txt 2008-08-14 23:28:19
ComboFix2.txt 2008-08-14 23:14:33
Pre-Run: 911,503,360 octets libres
Post-Run: 901,410,816 octets libres
160 |
|
Anti trojan horse pour mac os x 10.3.9
