Aller au contenu

gorby1980

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

À propos de gorby1980

  • Date de naissance 01/07/1980

Profile Information

  • Sexe
    Male
  • Localisation
    Courroux, Suisse

gorby1980's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. gorby1980
    Apparemment, c'est réglé.
  2. gorby1980
    Bonjour. J'ai Windows XP comme système et Avira comme anti-virus. Comme j'ai des problèmes, j'ai fait tourner ComboFix. Voici le rapport : ComboFix 11-02-05.01 - Florian 06.02.2011 14:53:35.7.2 - x86 Lancé depuis: c:\documents and settings\Florian\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\~WRD1154.tmp c:\documents and settings\Florian\Application Data\desktop.ini c:\documents and settings\Florian\Application Data\igxpgd32.dat c:\documents and settings\Florian\Application Data\inst.exe c:\program files\Internet Explorer\complete.dat c:\program files\Internet Explorer\dmlconf.dat c:\windows\daemon.dll c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVCHOST32 ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-06 au 2011-02-06 )))))))))))))))))))))))))))))))))))) . 2011-02-06 13:48 . 2011-02-06 13:48 -------- dc----w- c:\documents and settings\Florian\Application Data\Avira 2011-02-06 13:44 . 2011-02-06 13:45 -------- d-----w- c:\windows\system32\NtmsData 2011-02-06 13:41 . 2010-12-06 07:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-06 13:41 . 2010-12-06 07:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-06 13:41 . 2010-06-17 13:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-02-06 13:41 . 2010-06-17 13:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-02-06 13:41 . 2011-02-06 13:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira 2011-02-06 13:41 . 2011-02-06 13:41 -------- d-----w- c:\program files\Avira 2011-02-06 13:27 . 2011-02-06 13:23 6360005 ----a-w- c:\program files\nvu-1.0-win32-installer-fr.exe 2011-02-06 11:02 . 2010-02-02 09:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2011-02-06 11:02 . 2010-02-02 09:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2011-02-06 11:02 . 2010-02-02 09:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2011-02-06 10:54 . 2011-02-06 13:33 -------- d-----w- c:\program files\Spyware Doctor 2011-02-06 10:54 . 2011-02-06 12:10 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-02-06 10:54 . 2011-02-06 12:10 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-02-06 10:38 . 2011-02-06 10:55 -------- dc----w- c:\documents and settings\Florian\Application Data\GetRightToGo 2011-02-05 19:14 . 2011-02-05 19:14 -------- dcsh--w- c:\documents and settings\Florian\UserData 2011-02-05 18:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-05 08:28 . 2011-02-05 08:49 -------- d-----w- c:\program files\RegTweaker 2011-02-04 23:38 . 2011-02-05 20:14 -------- d-----w- c:\program files\temp 2011-02-04 23:37 . 2011-02-06 14:04 -------- d-----w- c:\program files\wetlipcc 2011-02-03 15:42 . 2011-02-03 15:42 -------- dc----w- c:\documents and settings\Florian\Application Data\Cat Girl Alliance 2011-01-30 21:57 . 2011-01-30 21:57 -------- d-----w- c:\program files\Prima 2011-01-30 21:52 . 2011-01-30 21:52 -------- dc----w- c:\documents and settings\Florian\Application Data\DAEMON Tools Pro 2011-01-30 21:52 . 2011-01-30 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2011-01-30 17:55 . 2002-08-30 13:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe 2011-01-30 17:55 . 2002-08-30 13:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe 2011-01-30 17:55 . 2002-08-30 13:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll 2011-01-30 17:55 . 2002-08-30 13:00 6656 ----a-w- c:\windows\system32\c_is2022.dll 2011-01-30 15:51 . 2001-08-23 16:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2011-01-30 15:51 . 2001-08-23 16:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2011-01-30 15:51 . 2001-08-23 16:47 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2011-01-30 15:51 . 2001-08-23 16:47 8192 ----a-w- c:\windows\system32\kbdkor.dll 2011-01-30 15:51 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll 2011-01-30 15:51 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2011-01-30 15:51 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2011-01-30 15:51 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2011-01-30 15:51 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll 2011-01-30 15:51 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll 2011-01-30 15:51 . 2008-04-14 03:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2011-01-30 15:51 . 2008-04-14 03:31 6144 ----a-w- c:\windows\system32\kbd106.dll 2011-01-30 15:21 . 2011-01-30 19:12 -------- d-----w- c:\program files\ƒpƒNƒb‚¿‚Ⴄ‚¼!! 2011-01-12 17:01 . 2011-01-12 17:01 -------- d-----w- c:\documents and settings\Florian\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:12 . 2007-08-11 08:36 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2006-03-02 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-06-28 08:14 . 2010-06-28 08:14 341907 ----a-w- c:\program files\RHosts.exe 2010-06-27 22:36 . 2010-06-27 22:36 6153352 ----a-w- c:\program files\mbam-setup.exe 2010-06-27 22:14 . 2010-06-27 22:14 1224471 ----a-w- c:\program files\UsbFix.exe 2010-06-27 07:44 . 2010-06-27 07:44 1940640 ----a-w- c:\program files\RegCureSetup_CB.exe 2010-05-07 20:22 . 2010-05-07 20:22 1535112 ----a-w- c:\program files\rcsetup137_slim.exe 2010-03-15 10:51 . 2010-03-15 10:50 2390808 ----a-w- c:\program files\mp3tagv246setup.exe 2010-01-08 22:15 . 2010-01-08 22:15 504320 ----a-w- c:\program files\daemon347.exe 2010-01-08 20:56 . 2010-01-08 20:55 5374528 ----a-w- c:\program files\isobuster_isobuster_2.6_francais_10024.exe 2009-11-28 15:16 . 2009-11-28 15:16 2161920 ----a-w- c:\program files\mp3tagv245asetup.exe 2009-11-24 09:00 . 2009-11-24 09:00 2147428 ----a-w- c:\program files\mp3tag_mp3tag_2.44_francais_12753.exe 2009-11-17 16:12 . 2009-11-17 16:12 220454 ----a-w- c:\program files\unlocker1.8.8.exe 2008-11-07 16:21 . 2008-11-07 16:21 2015356 -c--a-w- c:\program files\VirtualDub.exe 2008-07-19 12:13 . 2008-07-19 12:13 4782536 -c--a-w- c:\program files\daemon4300-lite.exe 2008-07-05 12:33 . 2008-07-05 12:33 10072368 -c--a-w- c:\program files\copytodvd4_setup-avangate_678.exe 2008-05-06 08:53 . 2008-05-06 08:53 35745976 -c--a-w- c:\program files\AVSVideoReMaker.exe 2008-02-26 12:39 . 2008-02-26 12:39 164993 -c--a-w- c:\program files\mp3DC202.exe 2008-01-18 09:23 . 2008-01-18 09:23 412199 -c--a-w- c:\program files\asftools310.exe 2008-01-01 16:30 . 2008-01-01 16:30 39262553 -c--a-w- c:\program files\WE55FraTrial.exe 2007-12-28 08:57 . 2007-12-28 08:57 15180000 -c--a-w- c:\program files\gimp-2.4.2-i686-setup.exe 2007-12-02 18:02 . 2007-12-02 18:02 19343592 -c--a-w- c:\program files\internet_video_converter_1.50_en_setup.exe 2007-11-10 08:21 . 2007-11-10 08:21 223388 -c--a-w- c:\program files\MXPie Patch v3.6.exe 2007-10-24 22:46 . 2007-10-24 22:46 734160 -c--a-w- c:\program files\VobSub_2.23.exe 2007-10-02 09:26 . 2007-10-02 09:26 513911 -c--a-w- c:\program files\ZyGoVideo2Win.exe 2007-10-02 08:52 . 2007-10-02 08:52 13856793 -c--a-w- c:\program files\quicktimealt176.exe 2007-08-14 22:03 . 2007-08-14 22:03 2007901 -c--a-w- c:\program files\CodecPackPl.exe 2007-08-14 06:59 . 2007-08-14 06:59 3294480 -c--a-w- c:\program files\DivXCodec.exe 2007-08-13 19:22 . 2007-08-13 19:22 823296 -c--a-w- c:\program files\winmx353.exe 2002-09-11 20:54 . 2008-01-01 16:08 1708852 -c--a-w- c:\program files\FPESETUP_wu.exe 2000-11-15 08:21 . 2007-12-03 17:07 267751 -c--a-w- c:\program files\hjsplit.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}] 2010-12-12 08:56 242176 ------w- c:\program files\RegTweaker\key.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 68856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-09-23 689016] "Google Update"="c:\documents and settings\Florian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-26 136176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 53248] "S3Trayp"="S3trayp.exe" [2006-07-10 176128] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256] "lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-09 198160] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,,c:\program files\wetlipcc\fklxspls.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-12-08 16:35 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-08-16 07:42 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-10-09 07:06 198160 ------w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\lxczcoms.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\WinMX\\WinMX.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\FileZilla Client\\filezilla.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port "58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port "58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port "58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port "58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port "58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port "58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port "58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port "6699:TCP"= 6699:TCP:TCP-WinMx "6257:UDP"= 6257:UDP:UDP-WinMx R1 MpKsl6a12704a;MpKsl6a12704a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2199C634-5E85-4870-A4A3-1F96AA4D1C91}\MpKsl6a12704a.sys [x] R1 MpKsl6df85491;MpKsl6df85491;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2199C634-5E85-4870-A4A3-1F96AA4D1C91}\MpKsl6df85491.sys [x] R1 MpKslc1c357bc;MpKslc1c357bc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2199C634-5E85-4870-A4A3-1F96AA4D1C91}\MpKslc1c357bc.sys [x] R1 tcuptzyx;tcuptzyx;c:\windows\system32\drivers\tcuptzyx.sys [x] R3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2008-11-18 16640] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-12-20 251760] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552] R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x] S0 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136] S0 d347prt;d347prt;c:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-08 691696] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664] S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [2004-10-05 15872] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SSMDRV [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] 2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contenu du dossier 'Tâches planifiées' 2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-630328440-725345543-1004Core.job - c:\documents and settings\Florian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-26 13:32] 2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-630328440-725345543-1004UA.job - c:\documents and settings\Florian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-26 13:32] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.teletext.ch/TSR1/100-00.html uInternet Settings,ProxyServer = http=127.0.0.1:8992 uInternet Settings,ProxyOverride = <local> IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe Trusted Zone: link.io\www Trusted Zone: megaupload.com\www FF - ProfilePath - c:\documents and settings\Florian\Application Data\Mozilla\Firefox\Profiles\tpv9lt36.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.teletext.ch/tsr1/100-00.html FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Facemoi - c:\facemoi\facemoi.exe HKLM-Run-Facemoi - c:\facemoi\facemoi.exe AddRemove-eBay Icon - c:\documents and settings\Florian\Application Data\Desktopicon\uninst.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-02-06 15:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2356) c:\windows\system32\webcheck.dll c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\program files\Fichiers communs\Microsoft Shared\Web Components\10\1036\OWCI10.DLL c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\Fichiers communs\Microsoft Shared\Web Components\11\1036\OWCI11.DLL c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\eappprxy.dll c:\windows\system32\ImgUtil.dll c:\windows\system32\pngfilt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxczcoms.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\VTTimer.exe c:\windows\system32\S3trayp.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2011-02-06 15:09:39 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-06 14:09 Avant-CF: 15'388'868'608 octets libres Après-CF: 15'464'312'832 octets libres - - End Of File - - B8D9DB6EE18F67F703A3A2843C195587 HELP !!!!!!!!!!!!!
  3. gorby1980
    Voici le rapport Hijack This : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:02:51, on 26.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\system32\lxczcoms.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teletext.ch/TSR1/100-00.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.link.io O15 - Trusted Zone: http://www.megaupload.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - (no file) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -- End of file - 6720 bytes Merci pour tout. L'ordi marche comme sur des roulettes.
  4. gorby1980
    Voici le dernier rapport : WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP ?dition familiale" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  5. gorby1980
    Voici le rapport Combofix : ComboFix 08-05-21.2 - Florian 2008-05-24 23:51:16.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 2:00] Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Florian\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe C:\WINDOWS\TEMP\rtdrvmon.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Florian\Bureau\SmitfraudFix C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\404Fix.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\dumphive.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\exit.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\GenericRenosFix.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\HostsChk.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\IEDFix.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\Process.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\Reboot.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\restart.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\SmitfraudFix.cmd C:\Documents and Settings\Florian\Bureau\SmitfraudFix\SmiUpdate.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\SrchSTS.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\swreg.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\swsc.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\swxcacls.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\UIFix.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\unzip.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\VACFix.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\VCCLSID.exe C:\Documents and Settings\Florian\Bureau\SmitfraudFix\WS2Fix.exe C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-24 10:02 . 2008-05-24 10:02 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-24 10:02 . 2008-05-24 10:02 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2008-05-24 10:02 . 2008-05-24 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-23 19:29 . 2008-05-23 19:29 <REP> d-------- C:\Program Files\Sun 2008-05-23 19:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-23 19:14 . 2008-05-23 19:17 3,196 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-23 09:46 . 2008-05-23 09:46 <REP> d-------- C:\Program Files\Trend Micro 2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun 2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6 2008-05-22 16:16 . 2008-05-23 19:28 <REP> d-------- C:\Program Files\Java 2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-05-22 14:42 . 2008-05-23 10:03 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons 2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo! 2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo! 2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack 2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU 2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe 2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 21:34 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent 2008-05-23 12:27 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla 2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent 2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0 2008-05-13 22:27 --------- d-----w C:\Program Files\DivX 2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client 2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe 2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe 2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe 2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe 2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe 2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe 2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe 2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log 2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe 2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe 2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip 2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar 2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe 2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe 2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe 2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat 2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat 2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat 2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying 2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe 2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt 2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-22_16.35.09.18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-22 13:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-24 21:54:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2005-04-13 00:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2005-04-13 00:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2005-04-13 01:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.DivXa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\lxczcoms.exe"= "C:\\Program Files\\WinMX\\WinMX.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port "58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port "58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port "58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port "58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port "58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port "58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port "58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] S2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 23:54:21 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\PROGRA~1\McAfee.com\VSO\McShield.exe C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe C:\WINDOWS\system32\cscript.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-24 23:57:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-24 21:57:36 ComboFix2.txt 2008-05-24 07:53:16 ComboFix3.txt 2008-05-23 08:05:39 ComboFix4.txt 2008-05-22 22:07:43 ComboFix5.txt 2008-05-22 16:40:02 Pre-Run: 75,525,308,416 octets libres Post-Run: 75,694,030,848 octets libres 221 --- E O F --- 2008-05-16 14:58:13
  6. gorby1980
    Et voici le rapport Kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, May 24, 2008 10:55:54 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 24/05/2008 Kaspersky Anti-Virus database records: 799589 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 67648 Number of viruses found: 6 Number of infected objects: 23 Number of suspicious objects: 0 Duration of the scan process: 00:43:00 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\bittorrent.log Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Courtney Cummz - Episode 22.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Devon Michaels - Episode 02.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Huxley - Episode 20.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Lawrence - Episode 17.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Storm - Episode 10.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Trina Michaels - Episode 07.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Ms. Haven - Episode 11.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 On 1 - Tory Lane (23).mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 On 1 - Mrs Rayveness.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 on 1 - Mrs. King.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 on 1 - Mrs. L'Amour.mpg Object is locked skipped C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 on 1 - Mrs. Robbins.mpg Object is locked skipped C:\Documents and Settings\Florian\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe RAR: infected - 1 skipped C:\Documents and Settings\Florian\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab/veohminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab/askminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opm skipped C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab/jamanminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi Embedded: infected - 4 skipped C:\Documents and Settings\Florian\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Historique\History.IE5\MSHist012008052420080525\index.dat Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Florian\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Florian\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\elsq.exe.vir Infected: Trojan.Win32.Vapsup.fmv skipped C:\QooBox\Quarantine\C\WINDOWS\gnowmebk.dll.vir Infected: Trojan.Win32.Vapsup.fmu skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab/veohminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab/askminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opm skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab/jamanminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi Embedded: infected - 4 skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043893.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043894.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043897.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043899.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043900.exe Infected: Trojan-Downloader.Win32.Agent.opm skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP276\A0045071.dll Infected: Trojan.Win32.Vapsup.fnc skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP279\A0045123.exe Infected: Trojan.Win32.Vapsup.fmv skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP279\A0045124.dll Infected: Trojan.Win32.Vapsup.fmu skipped C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP279\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{66D46F96-A882-48BC-A4A1-A8D11515306D}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  7. gorby1980
    Voici le nouveau rapport Combofix : ComboFix 08-05-21.2 - Florian 2008-05-24 9:46:48.5 - NTFSx86 Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Florian\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\elsq.exe C:\WINDOWS\gnowmebk.dll C:\WINDOWS\mdtgkswr.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\elsq.exe C:\WINDOWS\gnowmebk.dll C:\WINDOWS\mdtgkswr.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-23 19:29 . 2008-05-23 19:29 <REP> d-------- C:\Program Files\Sun 2008-05-23 19:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-23 19:14 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-23 19:14 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-23 19:14 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-23 19:14 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-23 19:14 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-23 19:14 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-23 19:14 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-23 19:14 . 2008-05-23 19:17 3,196 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-23 09:46 . 2008-05-23 09:46 <REP> d-------- C:\Program Files\Trend Micro 2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun 2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6 2008-05-22 16:16 . 2008-05-23 19:28 <REP> d-------- C:\Program Files\Java 2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-05-22 14:42 . 2008-05-23 10:03 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons 2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo! 2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo! 2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack 2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU 2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe 2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-23 22:16 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent 2008-05-23 12:27 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla 2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent 2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0 2008-05-13 22:27 --------- d-----w C:\Program Files\DivX 2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client 2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe 2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe 2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe 2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe 2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe 2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe 2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe 2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log 2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe 2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe 2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip 2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar 2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe 2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe 2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe 2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat 2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat 2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat 2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying 2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe 2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt 2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-22_16.35.09.18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-22 13:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-24 07:49:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2005-04-13 00:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2005-04-13 00:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2005-04-13 01:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-05-24 07:50:15 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "gnowmebk"= {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.DivXa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\lxczcoms.exe"= "C:\\Program Files\\WinMX\\WinMX.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port "58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port "58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port "58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port "58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port "58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port "58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port "58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] S2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 09:49:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\PROGRA~1\McAfee.com\VSO\McShield.exe C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe C:\WINDOWS\system32\cscript.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-24 9:53:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-24 07:53:10 ComboFix2.txt 2008-05-23 08:05:39 ComboFix3.txt 2008-05-22 22:07:43 ComboFix4.txt 2008-05-22 16:40:02 ComboFix5.txt 2008-05-22 14:35:34 Pre-Run: 75,343,835,136 octets libres Post-Run: 75,499,053,056 octets libres 192 --- E O F --- 2008-05-16 14:58:13
  8. gorby1980
    Voici le deuxième rapport : SmitFraudFix v2.320 Rapport fait à 19:17:20.20, 23.05.2008 Executé à partir de C:\Documents and Settings\Florian\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 65.75.216.6 www.winmx.com err.winmx.com 205.238.40.54 www.winmx.com err.winmx.com 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com 205.238.40.1 cache3.winmx.com test3204.winmx.com 205.238.40.2 cache4.winmx.com test3205.winmx.com 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net 82.43.229.238 test2.winmxgroup.net 205.238.40.1 test3.winmxgroup.net 205.238.40.2 test4.winmxgroup.net 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri C:\WINDOWS\gktxaspm.dll deleted. C:\WINDOWS\pxgdslro.dll deleted. »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\Florian\Bureau\Error Cleaner.url supprimé C:\DOCUME~1\Florian\Bureau\Privacy Protector.url supprimé C:\DOCUME~1\Florian\Bureau\Spyware?Malware Protection.url supprimé C:\DOCUME~1\Florian\Favoris\Error Cleaner.url supprimé C:\DOCUME~1\Florian\Favoris\Privacy Protector.url supprimé C:\DOCUME~1\Florian\Favoris\Spyware?Malware Protection.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  9. gorby1980
    Voici le premier rapport : mitFraudFix v2.320 Rapport fait à 19:14:42.12, 23.05.2008 Executé à partir de C:\Documents and Settings\Florian\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\system32\lxczcoms.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Florian »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Florian\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Florian\Favoris C:\DOCUME~1\Florian\Favoris\Error Cleaner.url PRESENT ! C:\DOCUME~1\Florian\Favoris\Privacy Protector.url PRESENT ! C:\DOCUME~1\Florian\Favoris\Spyware?Malware Protection.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau C:\DOCUME~1\Florian\Bureau\Error Cleaner.url PRESENT ! C:\DOCUME~1\Florian\Bureau\Privacy Protector.url PRESENT ! C:\DOCUME~1\Florian\Bureau\Spyware?Malware Protection.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri [!] Suspicious: gktxaspm.dll Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} TypeLib: {6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B} Interface: {9B19A112-5F7E-4549-BDC1-9462DDC7D0B9} Classe: gktxaspm.bpew Classe: gktxaspm.ToolBar.1 [!] Suspicious: pxgdslro.dll SSODL: pxgdslro - {06B91A23-D280-4D41-B179-4CB92C393665} »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  10. gorby1980
    Bonjour, Hier après-midi, un malware s'est installé sur mon ordinateur. Trois icônes de liens internet s'installent sur mon bureau et dans mes favoris, les trois menant vers trois pages d'un même site d'anti-virus. Je reçois depuis des alertes fréquentes selon lesquelles mon ordinateur est infecté. De plus, une autre page de vente d'anti-virus s'impose comme page de démarrage internet. Ma connexion a également tendance à ralentir. Précisons que j'utilise McAfee comme anti-virus et qu'il ne me détecte rien. J'ai installé ComboFix et il me vire les trois icônes et les trois raccourcis, me donnant une heure ou deux de répit. Mais ces charognes reviennent et ça repart de plus belle. Voici le rapport Combofix: ComboFix 08-05-21.2 - Florian 2008-05-23 10:03:10.4 - NTFSx86 Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Florian\Bureau\Error Cleaner.url C:\Documents and Settings\Florian\Bureau\Privacy Protector.url C:\Documents and Settings\Florian\Bureau\Spyware&Malware Protection.url C:\Documents and Settings\Florian\Favoris\Error Cleaner.url C:\Documents and Settings\Florian\Favoris\Privacy Protector.url C:\Documents and Settings\Florian\Favoris\Spyware&Malware Protection.url . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))))))) . 2008-05-23 09:46 . 2008-05-23 09:46 <REP> d-------- C:\Program Files\Trend Micro 2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun 2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6 2008-05-22 16:16 . 2008-05-22 16:16 <REP> d-------- C:\Program Files\Java 2008-05-22 16:16 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-05-22 14:42 . 2008-05-23 10:03 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons 2008-05-22 13:35 . 2008-05-21 17:43 331,776 --a------ C:\WINDOWS\pxgdslro.dll 2008-05-22 13:35 . 2008-05-21 17:43 237,568 --a------ C:\WINDOWS\gnowmebk.dll 2008-05-22 13:35 . 2008-05-21 17:43 200,704 --a------ C:\WINDOWS\gktxaspm.dll 2008-05-22 13:35 . 2008-05-21 17:43 159,744 --a------ C:\WINDOWS\elsq.exe 2008-05-22 13:35 . 2008-05-21 17:44 90,112 --a------ C:\WINDOWS\mdtgkswr.exe 2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo! 2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo! 2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack 2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU 2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU 2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe 2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-23 07:20 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent 2008-05-22 17:09 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla 2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent 2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0 2008-05-13 22:27 --------- d-----w C:\Program Files\DivX 2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client 2008-04-18 05:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-04-18 05:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe 2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe 2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe 2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe 2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe 2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe 2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe 2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log 2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe 2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe 2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip 2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar 2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe 2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe 2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe 2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat 2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat 2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat 2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying 2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe 2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt 2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-22_16.35.09.18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-22 13:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-23 07:08:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-21 17:43 200704] [HKEY_CLASSES_ROOT\clsid\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}] [HKEY_CLASSES_ROOT\gktxaspm.1] [HKEY_CLASSES_ROOT\TypeLib\{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}] [HKEY_CLASSES_ROOT\gktxaspm] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "gnowmebk"= {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 237568] "pxgdslro"= {06B91A23-D280-4D41-B179-4CB92C393665} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.DivXa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\lxczcoms.exe"= "C:\\Program Files\\WinMX\\WinMX.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port "58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port "58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port "58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port "58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port "58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port "58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port "58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 10:04:55 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-23 10:05:38 ComboFix-quarantined-files.txt 2008-05-23 08:05:34 ComboFix2.txt 2008-05-22 22:07:43 ComboFix3.txt 2008-05-22 16:40:02 ComboFix4.txt 2008-05-22 14:35:34 Pre-Run: 75,753,906,176 octets libres Post-Run: 75,762,503,680 octets libres 193 --- E O F --- 2008-05-16 14:58:13 Voici maintenant le rapport Hijack This : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:19:53, on 23.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\system32\lxczcoms.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\Documents and Settings\Florian\Bureau\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net O1 - Hosts: 82.43.229.238 test2.winmxgroup.net O1 - Hosts: 205.238.40.1 test3.winmxgroup.net O1 - Hosts: 205.238.40.2 test4.winmxgroup.net O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.link.io O15 - Trusted Zone: http://www.megaupload.com O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - (no file) O21 - SSODL: gnowmebk - {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll O21 - SSODL: pxgdslro - {06B91A23-D280-4D41-B179-4CB92C393665} - C:\WINDOWS\pxgdslro.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -- End of file - 12275 bytes Merci d'avance
×
×
  • Créer...