

JLM33
Membres-
Compteur de contenus
8 -
Inscription
-
Dernière visite
JLM33's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
Infection par PHISH/Paypalfraud.1
JLM33 a répondu à un(e) sujet de JLM33 dans Analyses et éradication malwares
OK ça marche, MERCI à vous tous -
Infection par PHISH/Paypalfraud.1
JLM33 a répondu à un(e) sujet de JLM33 dans Analyses et éradication malwares
Merci oGu et Desch. Je n'ai pas le mail que vous citez dans ma boite Thunderbird. Si je l'ai reçu, il a été mis automatiquement dans les indésirables qui sont systématiquement effacés lorsque je quitte Thunderbird. Pourtant malgré ça Avira me le signale toujours. -
Bonjour, Avira me signale une infection par PHISH/Paypalfraud.1, que je n'arrive pas à éradiquer. Ci-dessous les rapports d'Avira et HJT. Que puis-je faire ? Merci beaucoup pour votre aide. Avira AntiVir Personal Report file date: mardi 13 mai 2008 09:39 Scanning for 1262804 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PROGRÉCIF Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 12:24:37 AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 12:24:37 LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 12:24:37 LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 12:24:37 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 05:30:08 ANTIVIR3.VDF : 7.0.4.28 148992 Bytes 13/05/2008 07:34:25 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 12:24:38 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 19:37:57 AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 10:17:07 AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 22:16:52 AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 22:16:36 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 12:19:25 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 19:37:53 AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 12:19:20 AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 10:17:06 AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 10:17:04 AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 10:17:00 AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 12:24:37 AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 12:24:37 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 12:24:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 12:24:36 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 12:24:36 SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 12:24:37 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 12:24:37 NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 12:24:37 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 12:24:14 RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 12:24:15 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mardi 13 mai 2008 09:39 Starting search for hidden objects. '45904' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'cmdagent.exe' - '1' Module(s) have been scanned Scan process 'cfp.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 31 processes with 31 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' <Prog' Récif> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\e46610lw.default\Mail\Local Folders\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[Message-ID: <dl9Bg9-1AI06K-82@cpanel.error> ][From: "support@membernotifier.com" <support@membernot][subject: Alert Regarding Your Paypal Account]3050.mim [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Paypalfraud.1 [WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: mardi 13 mai 2008 10:32 Used time: 52:59 min The scan has been done completely. 9185 Scanning directories 586603 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 586602 Files not concerned 37122 Archives were scanned 3 Warnings 0 Notes 45904 Objects were scanned with rootkit scan 0 Hidden objects were found Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:15:40, on 13/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O18 - Filter: AutorunsDisabled - (no CLSID) - (no file) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 6440 bytes
-
Infection par Win32:TratBHO & Co / Rapports HJT et ComboFix
JLM33 a répondu à un(e) sujet de JLM33 dans Analyses et éradication malwares
Hourra ! Les test effectués avec Avira et Ewido sont positifs. Un grand MERCI à toi pour m'avoir apporté ton aide -
Infection par Win32:TratBHO & Co / Rapports HJT et ComboFix
JLM33 a répondu à un(e) sujet de JLM33 dans Analyses et éradication malwares
Je n'arrive pas à désinstaller ComboFix : message "Windows ne trouve pas ComboFix. Vérifiez que vous avez entré le nom correctement et essayez à nouveau." Pourtant, il est bien sur mon bureau... Puis-je le supprimer par clic-droit et faire ce que tu m'as dit ensuite ? -
Infection par Win32:TratBHO & Co / Rapports HJT et ComboFix
JLM33 a répondu à un(e) sujet de JLM33 dans Analyses et éradication malwares
OK, revoici les rapports : 1/ il y a deux rapports combofix 2/ impossible d'avoir un rapport pour ewido malgré deux tentatives (le bouton était grisé, inactif). Ewido n'a rien détecté du tout les deux fois. Combofix (1/2) : ComboFix 07-08-09.3 - "HP_Propri‚taire" 2008-03-27 15:37:36.3 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.497 [GMT 1:00] Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\mbxmqlkl.ini C:\WINDOWS\system32\enmjvcdx.ini ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\temp C:\WINDOWS\system32\enmjvcdx.ini C:\WINDOWS\system32\mbxmqlkl.ini ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) 2008-03-27 15:37 51,200 --a------ C:\WINDOWS\nircmd.exe 2008-03-27 11:33 <REP> d-------- C:\Program Files\Avira 2008-03-27 11:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira 2008-03-27 00:11 <REP> d-------- C:\Program Files\MSXML 4.0 2008-03-26 23:58 <REP> d--h----- C:\WINDOWS\$hf_mig$ (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-03-27 12:58 --------- d-------- C:\Program Files\Mozilla Thunderbird 2008-03-27 12:18 --------- d-------- C:\Program Files\Paint Shop Pro 8 2008-03-27 11:23 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\OpenOffice.org2 2008-03-27 11:04 --------- d-------- C:\Program Files\Avast4 2008-03-27 10:27 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\SolidDocuments 2008-03-24 03:18 719480 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-24 03:18 173964 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-02-21 16:43 --------- d-------- C:\Program Files\POI Mixer 2008-02-21 16:36 --------- d-------- C:\Program Files\DivX 2008-02-17 14:02 --------- d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-02 18:38 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2008-01-09 12:18 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-01-09 12:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 12:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-01-09 12:18 129784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-09 12:18 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-09 12:18 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-01-09 12:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-01-09 12:16 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 12:16 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 12:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-01-09 12:16 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 12:16 682496 --a------ C:\WINDOWS\system32\DivX.dll 2008-01-09 12:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2005-09-25 19:05:34 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17] "mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 C:\WINDOWS\SOUNDMAN.EXE] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 11:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 19:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56] UberIcon.lnk - C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 20:52:34] Y'z Shadow.lnk - C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 21:09:06] Y'z ToolBar.lnk - C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"=01000000 "ClearRecentDocsOnExit"=1 (0x1) "NoLogoff"=0 (0x0) "NoRecentDocsNetHood"=01000000 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL] IMOLApp.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN] C:\Program Files\TweakDUN\tweakdun.exe splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "iPodService"=3 (0x3) "Fax"=3 (0x3) R1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys R3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS R3 USB_RNDIS;ADI Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE26bus.sys S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE26mdm.sys S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);C:\WINDOWS\system32\DRIVERS\se26nd5.sys S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE26obex.sys S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM);C:\WINDOWS\system32\DRIVERS\se26unic.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}] AutoRun\command- G:\InstallTomTomHOME.exe *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB Contents of the 'Scheduled Tasks' folder 2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe 2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 15:38:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-03-27 15:39:31 C:\ComboFix-quarantined-files.txt ... 2008-03-27 15:39 --- E O F --- Combofix (2/2) : 2008-03-26 09:39 1580078 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\enmjvcdx.ini.vir 2008-03-26 12:46 1580198 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mbxmqlkl.ini.vir Structure du dossier pour le volume Prog' R‚cif Le num‚ro de s‚rie du volume est 94F9-F819 C:\QOOBOX \---Quarantine +---C | \---WINDOWS | \---system32 | enmjvcdx.ini.vir | mbxmqlkl.ini.vir | \---Registry_backups Avira : AntiVir PersonalEdition Classic Report file date: jeudi 27 mars 2008 17:11 Scanning for 1168332 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: HP_Propriétaire Computer name: PROGRÉCIF Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 10:36:45 ANTIVIR3.VDF : 7.0.3.82 107520 Bytes 27/03/2008 10:36:45 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 10:36:45 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 10:36:45 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 27 mars 2008 17:11 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'Shareaza.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'ps2.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' <Prog' Récif> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: jeudi 27 mars 2008 18:05 Used time: 53:25 min The scan has been done completely. 8686 Scanning directories 563485 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 563485 Files not concerned 28697 Archives were scanned 3 Warnings 0 Notes HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:48, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Shareaza\Shareaza.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 8059 bytes -
Infection par Win32:TratBHO & Co / Rapports HJT et ComboFix
JLM33 a répondu à un(e) sujet de JLM33 dans Analyses et éradication malwares
Merci pour ton aide. J'ai fait la procédure intégralement et dans l'ordre, "apparemment" plus de Win32/TratBHO par contre TR/Trash.Gen et Takedawnload.a découverts. Voici les 4 rapports demandés : 1/Combofix : ComboFix 08-03-25.4 - HP_Propriétaire 2008-03-27 10:03:14.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.591 [GMT 1:00] Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))))))) . 2008-03-27 09:41 . 2008-03-27 09:41 <REP> d-------- C:\WINDOWS\LastGood 2008-03-27 00:11 . 2008-03-27 00:11 <REP> d-------- C:\Program Files\MSXML 4.0 2008-03-27 00:11 . 2008-03-27 00:11 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-03-26 23:58 . 2008-03-27 09:44 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-03-26 09:42 . 2008-03-26 12:46 1,580,198 ---hs---- C:\WINDOWS\system32\mbxmqlkl.ini 2008-03-25 09:39 . 2008-03-26 09:39 1,580,078 ---hs---- C:\WINDOWS\system32\enmjvcdx.ini 2008-03-24 03:19 . 2008-03-24 03:19 <REP> d-------- C:\temp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 08:59 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\utorrent 2008-03-27 08:49 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-27 08:40 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\OpenOffice.org2 2008-03-26 22:19 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SolidDocuments 2008-02-21 15:43 --------- d-----w C:\Program Files\POI Mixer 2008-02-21 15:36 --------- d-----w C:\Program Files\DivX 2008-02-17 13:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-02-02 17:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-09 11:18 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-09 11:18 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-31 11:20 14 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat 2007-12-31 11:20 14 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat 2005-09-25 19:05 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ------- Sigcheck ------- 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 02:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll 2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll 2007-04-18 13:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll 2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\system32\wininet.dll 2007-01-04 14:55 663040 25d38ffa2b441e326850ae4cb67d1a91 C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe 2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-26_23.02.29.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-26 23:11:58 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe - 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll - 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll + 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll - 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll + 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2006-11-04 13:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll + 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll - 2004-08-19 14:09:38 553,472 ------w C:\WINDOWS\system32\oleaut32.dll + 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\oleaut32.dll + 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll + 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll - 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll + 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll - 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll - 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-03-27 08:39:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_208.dat + 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}] C:\WINDOWS\system32\geebx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 13:08 219952] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05 4354048] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21 1204224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112] "mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22 389632] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 15:09 138240] C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216] UberIcon.lnk - C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 20:52:34 180224] Y'z Shadow.lnk - C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 21:09:06 151552] Y'z ToolBar.lnk - C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"= 01000000 "NoLogoff"= 0 (0x0) "NoRecentDocsNetHood"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32] msldr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj] rqromkj.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a--c--- 2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] --a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-07-20 19:20 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN] --a------ 2001-09-19 23:29 720896 C:\Program Files\TweakDUN\tweakdun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "iPodService"=3 (0x3) "Fax"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26569:TCP"= 26569:TCP:eMule : TCP entrant "6224:UDP"= 6224:UDP:eMule : UDP entrant "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6346:TCP"= 6346:TCP:Shareaza tcp "6346:UDP"= 6346:UDP:Shareaza udp "25566:TCP"= 25566:TCP:uTorrent TCP "25566:UDP"= 25566:UDP:uTorrent udp R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-04-13 09:00] R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 10:04:54 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon.dll . Temps d'accomplissement: 2008-03-27 10:05:13 ComboFix-quarantined-files.txt 2008-03-27 09:05:11 . 2008-03-26 23:11:58 --- E O F --- 2/ Ewido : __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Not-A-Virus.PUP.Takedawnload.a Path: C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP501\A0137236.exe Risk: Low 3/ Avira : AntiVir PersonalEdition Classic Report file date: jeudi 27 mars 2008 11:40 Scanning for 1168332 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: HP_Propriétaire Computer name: PROGRÉCIF Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 10:36:45 ANTIVIR3.VDF : 7.0.3.82 107520 Bytes 27/03/2008 10:36:45 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 10:36:45 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 10:36:45 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 27 mars 2008 11:40 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'YzToolBar.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'Shareaza.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'ps2.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' <Prog' Récif> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\WINDOWS\system32\rqromkj.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '485d8388.qua'! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: jeudi 27 mars 2008 12:35 Used time: 55:08 min The scan has been done completely. 8761 Scanning directories 564188 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 564187 Files not concerned 28704 Archives were scanned 3 Warnings 0 Notes 4/ HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:30, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\program files\a-squared free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Shareaza\Shareaza.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E64BDFD2-7DC9-493A-94F2-928604F2AF8D} - C:\WINDOWS\system32\geebx.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing) O20 - Winlogon Notify: rqromkj - rqromkj.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 8462 bytes -
Infection par Win32:TratBHO & Co / Rapports HJT et ComboFix
JLM33 a posté un sujet dans Analyses et éradication malwares
Bonsoir, Avast! a détecté une infection de ma bécane par Win32:TratBHO, ce qui m'a fait supprimer quelques .dll. Malheureusement un second scan a montré que ce virus est toujours présent ! Voici les rapports HijackThis et ComboFix. Merci beaucoup pour votre aide à me débarrasser du virus. 1/ComboFix : ComboFix 08-03-25.4 - HP_Propriétaire 2008-03-26 22:56:16.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.581 [GMT 1:00] Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nnnnmkk.dll C:\WINDOWS\system32\pmnlklk.dll C:\WINDOWS\system32\pmnmnop.dll C:\WINDOWS\system32\rqromkj.dll C:\WINDOWS\system32\xbeeg.ini C:\WINDOWS\system32\xbeeg.ini2 D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))))))) . 2008-03-26 09:42 . 2008-03-26 12:46 1,580,198 ---hs---- C:\WINDOWS\system32\mbxmqlkl.ini 2008-03-25 09:39 . 2008-03-26 09:39 1,580,078 ---hs---- C:\WINDOWS\system32\enmjvcdx.ini 2008-03-24 03:19 . 2008-03-24 03:19 <REP> d-------- C:\temp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 18:43 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-21 15:43 --------- d-----w C:\Program Files\POI Mixer 2008-02-21 15:36 --------- d-----w C:\Program Files\DivX 2008-02-17 13:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-02-02 17:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2005-09-25 19:05 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ------- Sigcheck ------- 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-04-18 13:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll 2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\system32\wininet.dll 2007-01-04 14:55 663040 25d38ffa2b441e326850ae4cb67d1a91 C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}] C:\WINDOWS\system32\geebx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 13:08 219952] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05 4354048] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21 1204224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112] "mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22 389632] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 15:09 138240] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"= 01000000 "NoLogoff"= 0 (0x0) "NoRecentDocsNetHood"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32] msldr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj] rqromkj.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a--c--- 2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] --a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-07-20 19:20 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN] --a------ 2001-09-19 23:29 720896 C:\Program Files\TweakDUN\tweakdun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "iPodService"=3 (0x3) "Fax"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26569:TCP"= 26569:TCP:eMule : TCP entrant "6224:UDP"= 6224:UDP:eMule : UDP entrant "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6346:TCP"= 6346:TCP:Shareaza tcp "6346:UDP"= 6346:UDP:Shareaza udp "25566:TCP"= 25566:TCP:uTorrent TCP "25566:UDP"= 25566:UDP:uTorrent udp R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-04-13 09:00] R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-26 22:59:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN 2/HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:05:03, on 26/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E64BDFD2-7DC9-493A-94F2-928604F2AF8D} - C:\WINDOWS\system32\geebx.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing) O20 - Winlogon Notify: rqromkj - rqromkj.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe --