vinz95
-
Compteur de contenus
10 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par vinz95
-
Bonjour J'ai fait une analyse Hijackthis. Le résultat se trouve ci dessous. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:05:21, on 03/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe G:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: (no name) - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file) O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide O4 - HKLM\..\Run: [braviax] braviax.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: Synchronisation Wanadoo.lnk = C:\Program Files\Wanadoo\Synchronisation Wanadoo\Voxsync.exe O4 - Global Startup: WiFi Station pour Livebox.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Hebdoo - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file) O9 - Extra 'Tools' menuitem: Hebdoo - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://F:\components\hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://F:\components\A9.ocx O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: cru629.dat O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service Google Update (gupdate1c9945f4b5f3db3) (gupdate1c9945f4b5f3db3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 8059 bytes Est ce que quelqu'un pourrait m'aider? Merci
-
Bonjour L"application combofix ne se lance pas. Ni en session utilisateur ni en administrateur. Ni en session normale ni en mode sans échec Que faire?
-
Bonjour voila le résultat du scan en ligne kaspersky KASPERSKY ONLINE SCANNER 7.0: scan reportKASPERSKY ONLINE SCANNER 7.0: scan report Saturday, August 29, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, August 29, 2009 10:37:35 Records in database: 2701319 Scan settings scan using the following databaseextended Scan archivesyes Scan e-mail databasesyes Scan areaMy Computer A:\ C:\ D:\ E:\ F:\ Scan statistics Objects scanned88384 Threats found11 Infected objects found71 Suspicious objects found0 Scan duration03:25:51 File nameThreatThreats count C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\AntiVirus Plus.70134.exe.bac_a01280Infected: not-a-virus:FraudTool.Win32.AntivirusPlus.mk1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\beep.sys.bac_a01280Infected: Backdoor.Win32.UltimateDefender.igv1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN1B.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN1C.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN1E.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN1F.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN20.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN21.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN22.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN23.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN24.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN25.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN26.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN27.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN28.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN29.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN2A.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN2B.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN2C.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN2D.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN2E.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN2F.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN30.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN31.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN32.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN33.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN34.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN35.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN36.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN37.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN38.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN39.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN3A.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN3B.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN3C.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN3D.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN3E.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN3F.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN40.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN41.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN42.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN43.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN44.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN45.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN46.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN47.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN48.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN4D8.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN5.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BN6.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\BNA.tmp.bac_a01280Infected: Packed.Win32.Krap.t1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\ld12.exe.vir.bac_a01280Infected: Net-Worm.Win32.Koobface.bjo1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\msupd_2.exe.bac_a01280Infected: Trojan-Downloader.Win32.FraudLoad.fhe1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\PC_Antispyware2010.exe.bac_a01280Infected: Trojan.Win32.FraudPack.qys1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\TMP0000004CC483D5BDEE42D2E2.bac_a01280Infected: Trojan-Downloader.Win32.FraudLoad.fft1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\wisdstr.exe.bac_a01280Infected: Trojan-Downloader.Win32.FraudLoad.fhe1 C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\~TM47D.tmp.bac_a01280Infected: Backdoor.Win32.Bredolab.ho1 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47A6M29G\Install[1].exeInfected: Trojan.Win32.FraudPack.rcj1 C:\Program Files\Hebdoo\install.dllInfected: not-a-virus:AdWare.Win32.Mostofate.e1 C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exeInfected: Trojan.Win32.FraudPack.qys1 C:\Program Files\PC_Antispyware2010\Uninstall.exeInfected: Trojan.Win32.FraudPack.rcj1 C:\Program Files\PC_Antispyware2010\wscui.cplInfected: Trojan.Win32.FraudPack.qys1 C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.virInfected: Trojan.Win32.FraudPack.qys1 C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\Uninstall.exe.virInfected: Trojan.Win32.FraudPack.rcj1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.virInfected: Trojan.Win32.FraudPack.rcj1 C:\WINDOWS\cru629.datInfected: Backdoor.Win32.Small.ejx1 C:\WINDOWS\system32\cru629.datInfected: Backdoor.Win32.Small.ejx1 C:\WINDOWS\system32\dllcache\beep.sysInfected: Backdoor.Win32.UltimateDefender.igv1 C:\WINDOWS\system32\drivers\beep.sysInfected: Backdoor.Win32.UltimateDefender.igv1 C:\WINDOWS\system32\wisdstr.exeInfected: Trojan.Win32.FraudPack.rcj1 C:\WINDOWS\system32\_scui.cplInfected: Trojan.Win32.FraudPack.qys1 Selected area has been scanned. Que preconisez vous?
-
Le script a pu etre lancé a partir de la console de récuperation. Le fichier ntfs.sys a été copié. que puis je faire maintenant?
-
les fichiers ne se copient pas meme en mode sans echec sous session administrator un message apparit expliquant que les fichiers sont lockés par un autre process
-
Tous les fichiers ont été analysés sur virustotal.com. Le résultat est a chaque fois de 0% 0/41
-
je ne peux pas faire analyser les fichiers Des que j'ouvre la page totalvirus, mon ordinateur redémarre.
-
Bonjour, en effet j'ai lancé le fichier repar.bat en mode sans échec. Mais les fichiers n'ont pas été copiés car ils sont utilisés par un autre process. Je suis en train de vérifier les fichiers cités sur virustotal.
-
Bonjour, Merci pour votre réponse. Malgré la désactivation de mcafee il reste vu comme actif par combofix. Les actions ont quand meme été effectuées. Ci dessous le fichier log. Meme en mode sans échec les fichiers du repar.bat ne peuvent etre copiés car ils sont utilisés par un autre process. ComboFix 09-08-25.05 - Propriétaire 28/08/2009 10:59.2.1 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.594 [GMT 1:00] Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe Command switches used :: G:\cfscript.txt AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FILE :: "c:\documents and settings\All Users\Application Data\cewilav.dat" "c:\documents and settings\All Users\Application Data\musosewyx.scr" "c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin" "c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin" "c:\program files\Fichiers communs\avah.vbs" "c:\program files\Fichiers communs\elutytysy.db" "c:\program files\Fichiers communs\ivyzoraza.dll" "c:\program files\Fichiers communs\kypubuz.lib" "c:\program files\Fichiers communs\nawu.db" "c:\program files\Fichiers communs\odetur._sy" "c:\program files\Fichiers communs\welazilaga.sys" "c:\program files\zoqcr.txt" "c:\windows\buna.sys" "c:\windows\system32\asyga.pif" "c:\windows\system32\iqumocexoz.bat" "c:\windows\system32\orysofa.bin" "c:\windows\ylifufudyh.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\cewilav.dat c:\documents and settings\All Users\Application Data\musosewyx.scr c:\documents and settings\All Users\Documents\ekab.ban c:\documents and settings\All Users\Documents\geref.pif c:\documents and settings\All Users\Documents\isudelus.sys c:\documents and settings\All Users\Documents\uliq.vbs c:\documents and settings\LocalService\Application Data\exax.vbs c:\documents and settings\LocalService\Application Data\fylyhi.inf c:\documents and settings\LocalService\Application Data\otopyl.ban c:\documents and settings\LocalService\Application Data\ynahy.ban c:\documents and settings\LocalService\Cookies\ajocyb.pif c:\documents and settings\LocalService\Cookies\egutexoxo.exe c:\documents and settings\LocalService\Local Settings\Application Data\gikobav.ban c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\donadu.dll c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\duzo.pif c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\jamajek._sy c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\omyfode.dll c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\Propri‚taire\Application Data\cikog.vbs c:\documents and settings\Propri‚taire\Application Data\colivo.vbs c:\documents and settings\Propri‚taire\Application Data\ecoviwefiz.vbs c:\documents and settings\Propri‚taire\Application Data\ewiku.bat c:\documents and settings\Propri‚taire\Application Data\ihazusel.reg c:\documents and settings\Propri‚taire\Application Data\jefon.inf c:\documents and settings\Propri‚taire\Local Settings\Application Data\canaxi.bat c:\documents and settings\Propri‚taire\Local Settings\Application Data\fyhohypyri.inf c:\documents and settings\Propri‚taire\Local Settings\Application Data\hokujohex.inf c:\documents and settings\Propri‚taire\Local Settings\Application Data\isapoga.reg c:\documents and settings\Propri‚taire\Local Settings\Application Data\obataf.bat c:\documents and settings\Propri‚taire\Local Settings\Application Data\ohuz.reg c:\documents and settings\Propri‚taire\Local Settings\Application Data\syfecuq.inf c:\program files\Fichiers communs\anunozebex.dll c:\program files\Fichiers communs\avah.vbs c:\program files\Fichiers communs\elutytysy.db c:\program files\Fichiers communs\ivyzoraza.dll c:\program files\Fichiers communs\kypubuz.lib c:\program files\Fichiers communs\nawu.db c:\program files\Fichiers communs\odetur._sy c:\program files\Fichiers communs\welazilaga.sys c:\program files\PC_Antispyware2010 c:\program files\PC_Antispyware2010\AVEngn.dll c:\program files\PC_Antispyware2010\data\daily.cvd c:\program files\PC_Antispyware2010\htmlayout.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe c:\program files\PC_Antispyware2010\pthreadVC2.dll c:\program files\PC_Antispyware2010\Uninstall.exe c:\program files\zoqcr.txt c:\windows\buna.sys c:\windows\ejewumu.pif c:\windows\hijedym.reg c:\windows\iqowyh.sys c:\windows\pawybo.scr c:\windows\system32\asyga.pif c:\windows\system32\braviax.exe c:\windows\system32\Drivers\hsvk.sys c:\windows\system32\iqumocexoz.bat c:\windows\system32\kemimac.dll c:\windows\system32\lubajux.dl c:\windows\system32\orysofa.bin c:\windows\system32\sdra64.exe c:\windows\system32\wisdstr.exe c:\windows\ylifufudyh.sys c:\windows\ynomiten.sys . ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))))) . 2009-08-26 13:51 . 2009-08-26 13:51 16002 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\afag.dat 2009-08-26 11:26 . 2003-09-20 18:06 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-26 11:26 . 2003-09-20 18:06 4224 ------w- c:\windows\system32\drivers\beep.sys 2009-08-26 09:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-26 09:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 08:42 . 2009-08-28 08:25 94016 -c--a-w- c:\windows\system32\dllcache\agp440.sys 2009-08-25 19:26 . 2009-08-25 20:34 -------- d-----w- c:\windows\BDOSCAN8 2009-08-24 13:18 . 2009-08-24 13:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-08-24 13:17 . 2007-02-15 09:36 432128 ----a-w- c:\windows\system32\drivers\rt73u98.sys 2009-08-24 13:17 . 2005-11-30 09:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin 2009-08-24 13:17 . 2007-07-28 13:21 451456 ----a-w- c:\windows\system32\drivers\rt73.sys 2009-08-24 13:17 . 2007-02-15 09:36 242816 ----a-w- c:\windows\system32\drivers\rt25u98.sys 2009-08-24 13:17 . 2006-11-08 13:45 240384 ----a-w- c:\windows\system32\drivers\rt2500usb.sys 2009-08-24 13:17 . 2009-08-24 13:17 -------- d-----w- c:\program files\Hercules 2009-08-24 12:46 . 2001-08-23 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-24 12:46 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-24 12:45 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-24 12:45 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-22 14:34 . 2009-08-22 14:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-22 14:30 . 2009-08-22 14:35 -------- d-----w- c:\documents and settings\Administrateur\.housecall6.6 2009-08-22 14:26 . 2009-08-22 14:26 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2009-08-22 11:23 . 2009-08-22 11:23 17105 ----a-w- c:\windows\qelym.dat 2009-08-22 11:23 . 2009-08-22 11:23 13731 ----a-w- c:\windows\pegari.com 2009-08-22 10:02 . 2009-08-22 10:02 -------- d-----w- c:\program files\Microsoft Windows OneCare Live 2009-08-22 09:57 . 2009-08-22 11:12 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-21 08:53 . 2009-08-21 08:53 16001 ----a-w- c:\windows\system32\pibenon.dat 2009-08-19 07:59 . 2009-08-19 07:59 13479 ----a-w- c:\windows\system32\urypow.dat 2009-08-19 07:59 . 2009-08-19 07:59 10000 ----a-w- c:\windows\system32\qumejeryre.scr 2009-08-18 17:51 . 2009-08-18 17:51 1 ---h--w- c:\windows\ex23567.dat 2009-08-18 08:12 . 2009-08-18 08:12 -------- d-----w- c:\windows\system32\%LOCALAPPDATA% 2009-08-17 18:22 . 2009-08-17 18:22 14516 ----a-w- c:\windows\ymoh.com 2009-08-17 18:22 . 2009-08-17 18:22 10070 ----a-w- c:\windows\pufunu.dat 2009-08-17 10:16 . 2009-08-18 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-17 05:41 . 2009-08-17 05:41 10708 ----a-w- c:\windows\uxiro.com 2009-08-16 19:33 . 2009-08-16 19:33 19104 ----a-w- c:\windows\emuxihi.dat 2009-08-16 19:33 . 2009-08-16 19:33 11271 ----a-w- c:\windows\amedujisim.dat 2009-08-16 14:53 . 2009-08-16 14:53 11761 ----a-w- c:\windows\system32\tydyw.dat 2009-08-16 14:45 . 2009-08-16 14:45 13523 ----a-w- c:\program files\Fichiers communs\visib.dat 2009-08-12 08:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-28 10:11 . 2009-05-15 16:27 -------- d-----w- c:\program files\SPAMfighter 2009-08-28 10:10 . 2004-06-10 19:05 -------- d-----w- c:\program files\Wanadoo 2009-08-28 08:25 . 2004-01-01 07:12 94016 ----a-w- c:\windows\system32\drivers\agp440.sys 2009-08-26 15:38 . 2004-01-01 15:44 446566 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-26 15:38 . 2004-01-01 15:44 64484 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-26 13:51 . 2009-08-26 13:51 17456 ----a-w- c:\program files\Fichiers communs\letoper.lib 2009-08-24 13:17 . 2004-01-01 10:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-24 13:02 . 2004-01-01 10:26 -------- d-----w- c:\program files\Easy Internet signup 2009-08-22 14:40 . 2004-06-20 11:42 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-08-22 14:40 . 2006-04-29 17:45 -------- d-----w- c:\program files\Astraware 2009-08-20 17:35 . 2004-01-01 15:43 630432 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-05 09:00 . 2002-12-12 06:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2004-01-03 03:27 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-01-01 08:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-23 18:35 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:26 . 2004-01-03 03:35 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-01-03 03:34 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-01-03 03:34 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-01-03 03:33 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-01-03 03:33 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-01-03 03:32 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-01-01 15:43 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 17:52 . 2009-06-22 17:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-16 14:40 . 2004-01-03 03:35 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2004-01-03 03:32 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2004-01-01 15:43 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2004-01-03 03:27 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-01-03 03:33 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-01-01 15:44 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 09:42 . 2009-06-22 18:12 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 09:42 . 2007-12-03 19:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-03 19:10 . 2003-05-30 15:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-11-01 15:40 . 2006-11-01 15:40 0 -csha-w- c:\windows\SMINST\HPCD.sys . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2003-09-23 11:01 561920 E3AE9C79498210A5F39FE5A9AD62BC55 c:\windows\I386\NTFS.SYS [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-20 17:35 630432 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-26_15.18.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-28 10:10 . 2009-08-28 10:10 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2004-01-01 15:43 . 2009-08-26 15:38 53436 c:\windows\system32\perfc009.dat - 2004-01-01 15:43 . 2009-04-15 11:13 53436 c:\windows\system32\perfc009.dat + 2004-01-01 15:43 . 2009-08-26 15:38 381692 c:\windows\system32\perfh009.dat - 2004-01-01 15:43 . 2009-04-15 11:13 381692 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-08-06 2502656] "Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 159744] "WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-11 32768] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-05 753664] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-6-10 954475] EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-11-19 121856] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2004-2-28 83360] NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2004-6-19 241664] Synchronisation Wanadoo.lnk - c:\program files\Wanadoo\Synchronisation Wanadoo\Voxsync.exe [2004-11-9 622592] WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2009-8-24 722432] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 09:44 184968] S1 820b9cd7;820b9cd7;c:\windows\system32\drivers\820b9cd7.sys --> c:\windows\system32\drivers\820b9cd7.sys [?] S1 836b6abf;836b6abf;c:\windows\system32\drivers\836b6abf.sys --> c:\windows\system32\drivers\836b6abf.sys [?] S2 gupdate1c9945f4b5f3db3;Service Google Update (gupdate1c9945f4b5f3db3);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 21:02 133104] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34] 2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02] 2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02] 2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{81F9939B-A69F-487E-A952-D34712163A73}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . - - - - ORPHANS REMOVED - - - - HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-28 11:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\DeviceAppInstall\oemDevice3] "Name"="oemDevice3" "DisplayName"="Modem sans fil" "Param1"="oem\\APPS\\Drivers\\GSM USB Modem\\USBModem_Dialer.exe" "Param2"="" "Type"="createprocess" "Order"=dword:00000000 "State"=dword:0000001b . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(7068) c:\windows\system32\nView.dll c:\windows\system32\NVWRSFR.DLL c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe c:\windows\system32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\nvsvc32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\progra~1\Wanadoo\TaskBarIcon.exe c:\windows\system32\rundll32.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\windows\system32\msiexec.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Logitech\Video\FxSvr2.exe c:\progra~1\MICROS~3\rapimgr.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2009-08-28 11:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-28 10:18 ComboFix2.txt 2009-08-26 15:27 Pre-Run: 82 450 538 496 octets libres Post-Run: 81 604 775 936 octets libres Current=5 Default=5 Failed=1 LastKnownGood=2 Sets=,1,2,3,4,5 391 --- E O F --- 2009-08-26 15:31 Reste t'il des choses a faire? Cordialement,
-
Bonjour, J'ai une machine infectée par wisdstr.exe et autres. Mcafee Viruscan Entreprise les reconnais mais n'arrive pas a les supprimer. J'ai passé MBAM a plusieurs reprises dont une fois en mode sans échec en ayant désactivé la restauration système. Cepndant les virus réapparaissent au reboot. Je viens de passer combofix dont le rapport est ci dessous. ComboFix 09-08-25.05 - Propriétaire 26/08/2009 17:04.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.412 [GMT 2:00] Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\akucu.vbs c:\documents and settings\All Users\Application Data\cezen.bin c:\documents and settings\All Users\Application Data\cutytepyl.scr c:\documents and settings\All Users\Application Data\dimoxajiwu.reg c:\documents and settings\All Users\Application Data\egek._sy c:\documents and settings\All Users\Application Data\ficuzygik.sys c:\documents and settings\All Users\Application Data\fipolanudi.reg c:\documents and settings\All Users\Application Data\fukoniga.com c:\documents and settings\All Users\Application Data\gitoqy.inf c:\documents and settings\All Users\Application Data\ibezup.vbs c:\documents and settings\All Users\Application Data\ikeges._dl c:\documents and settings\All Users\Application Data\ilyxofu._dl c:\documents and settings\All Users\Application Data\jakesyha.scr c:\documents and settings\All Users\Application Data\mivaqaca.bin c:\documents and settings\All Users\Application Data\nodus.ban c:\documents and settings\All Users\Application Data\obem.vbs c:\documents and settings\All Users\Application Data\ohigo.lib c:\documents and settings\All Users\Application Data\sevarem.pif c:\documents and settings\All Users\Application Data\xiqaxyjan.com c:\documents and settings\All Users\Application Data\ybum.exe c:\documents and settings\All Users\Application Data\yjor.sys c:\documents and settings\All Users\Application Data\zivebo.reg c:\documents and settings\All Users\Documents\agizoqefi.dl c:\documents and settings\All Users\Documents\alotipeti.dl c:\documents and settings\All Users\Documents\bitarygude.bat c:\documents and settings\All Users\Documents\bozuweco.com c:\documents and settings\All Users\Documents\cabagumyne.com c:\documents and settings\All Users\Documents\cepufi.com c:\documents and settings\All Users\Documents\exotubij.scr c:\documents and settings\All Users\Documents\fagujityha.reg c:\documents and settings\All Users\Documents\fuqami.com c:\documents and settings\All Users\Documents\gynyci.reg c:\documents and settings\All Users\Documents\kadym.vbs c:\documents and settings\All Users\Documents\kybinesuj.pif c:\documents and settings\All Users\Documents\kygozuzyt.reg c:\documents and settings\All Users\Documents\otodonyp.exe c:\documents and settings\All Users\Documents\pedyhimymi.bat c:\documents and settings\All Users\Documents\penudyz.vbs c:\documents and settings\All Users\Documents\puhu.inf c:\documents and settings\All Users\Documents\qufo.reg c:\documents and settings\All Users\Documents\reki.bat c:\documents and settings\All Users\Documents\xygeboteta.com c:\documents and settings\All Users\Documents\ydysejyjy.pif c:\documents and settings\All Users\Documents\ykyly.dll c:\documents and settings\All Users\Documents\ylatyc.exe c:\documents and settings\All Users\Documents\ymiseqab._dl c:\documents and settings\All Users\Documents\yqyvyxej.bin c:\documents and settings\All Users\Documents\yvida.inf c:\documents and settings\All Users\Documents\zumydad.sys c:\documents and settings\LocalService\Application Data\efavely.com c:\documents and settings\LocalService\Application Data\esadyr.scr c:\documents and settings\LocalService\Application Data\zamoryveca.reg c:\documents and settings\LocalService\Cookies\ryzaj.dll c:\documents and settings\LocalService\Local Settings\Application Data\loga.dl c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\homyqen.pif c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zima.pif c:\documents and settings\Propri‚taire\Application Data\cikog.vbs c:\documents and settings\Propri‚taire\Application Data\colivo.vbs c:\documents and settings\Propri‚taire\Application Data\ecoviwefiz.vbs c:\documents and settings\Propri‚taire\Application Data\ewiku.bat c:\documents and settings\Propri‚taire\Application Data\ihazusel.reg c:\documents and settings\Propri‚taire\Application Data\jefon.inf c:\documents and settings\Propri‚taire\Local Settings\Application Data\canaxi.bat c:\documents and settings\Propri‚taire\Local Settings\Application Data\fyhohypyri.inf c:\documents and settings\Propri‚taire\Local Settings\Application Data\hokujohex.inf c:\documents and settings\Propri‚taire\Local Settings\Application Data\isapoga.reg c:\documents and settings\Propri‚taire\Local Settings\Application Data\obataf.bat c:\documents and settings\Propri‚taire\Local Settings\Application Data\ohuz.reg c:\documents and settings\Propri‚taire\Local Settings\Application Data\syfecuq.inf c:\program files\Fichiers communs\ahasof.ban c:\program files\Fichiers communs\alulu.bin c:\program files\Fichiers communs\axiwoqezy.exe c:\program files\Fichiers communs\cago.bin c:\program files\Fichiers communs\cesidi.scr c:\program files\Fichiers communs\dykecuwaku.dl c:\program files\Fichiers communs\helafibaso.bin c:\program files\Fichiers communs\isojoja.sys c:\program files\Fichiers communs\ixah.exe c:\program files\Fichiers communs\jahu.pif c:\program files\Fichiers communs\lixocavyk.com c:\program files\Fichiers communs\lucirakas.sys c:\program files\Fichiers communs\nubobetit.ban c:\program files\Fichiers communs\ofopodano.exe c:\program files\Fichiers communs\reramedaqa.dl c:\program files\Fichiers communs\tyny.com c:\program files\Fichiers communs\wojazywuga.sys c:\program files\Fichiers communs\ygacygug.ban c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\windows\ahuwe.inf c:\windows\atypavad._dl c:\windows\bakaly.bat c:\windows\etefututov.exe c:\windows\ezodi.ban c:\windows\fisyhyzup.sys c:\windows\fowihyge.dll c:\windows\hatositiv.dll c:\windows\hiporo.bin c:\windows\huxymo.bin c:\windows\Installer\13109.msi c:\windows\janyqo.dll c:\windows\jefazurax.sys c:\windows\jisigokoc.bin c:\windows\owilykeha.exe c:\windows\pira.bin c:\windows\rotocevami.vbs c:\windows\soqywefy.ban c:\windows\system32\anulolagi.ban c:\windows\system32\cijiva._dl c:\windows\system32\Drivers\asyiy.sys c:\windows\system32\Drivers\dhsbt.sys c:\windows\system32\Drivers\lbwgv.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\ekasareta.pif c:\windows\system32\eqevihuce.bin c:\windows\system32\fenemob.pif c:\windows\system32\hitafy.scr c:\windows\system32\ilidadetuh.dll c:\windows\system32\mawewumat.reg c:\windows\system32\Packet.dll c:\windows\system32\pehixa.exe c:\windows\system32\pthreadVC.dll c:\windows\system32\rnaph.dll c:\windows\system32\sytazofuli.dl c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\system32\xafivej.dll c:\windows\system32\yfej.dl c:\windows\system32\yparokeq.bin c:\windows\system32\yweka._dl c:\windows\system32\zyhupazoco.vbs c:\windows\ufuc._dl c:\windows\ujiduhup.dl c:\windows\ujul.dl c:\windows\ukebyhosaz.pif c:\windows\wymavowa.reg c:\windows\xihycem.sys c:\windows\xoty.inf c:\windows\yfacojax.ban c:\windows\ylizihazi.dll c:\windows\zize.ban c:\windows\zuby.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 ))))))))))))))))))))))))))))))) . 2009-08-26 15:18 . 2009-08-26 15:19 190993 ----a-w- c:\windows\system32\wisdstr.exe 2009-08-26 15:17 . 2009-08-26 15:17 11264 ----a-w- c:\windows\system32\braviax.exe 2009-08-26 13:51 . 2009-08-26 13:51 16002 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\afag.dat 2009-08-26 11:26 . 2003-09-20 18:06 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-26 11:26 . 2003-09-20 18:06 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-26 09:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-26 09:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-26 09:00 . 2009-08-26 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 08:42 . 2009-08-26 15:17 94016 -c--a-w- c:\windows\system32\dllcache\agp440.sys 2009-08-25 19:26 . 2009-08-25 20:34 -------- d-----w- c:\windows\BDOSCAN8 2009-08-24 13:18 . 2009-08-24 13:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-08-24 13:17 . 2007-02-15 09:36 432128 ----a-w- c:\windows\system32\drivers\rt73u98.sys 2009-08-24 13:17 . 2005-11-30 09:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin 2009-08-24 13:17 . 2007-07-28 13:21 451456 ----a-w- c:\windows\system32\drivers\rt73.sys 2009-08-24 13:17 . 2007-02-15 09:36 242816 ----a-w- c:\windows\system32\drivers\rt25u98.sys 2009-08-24 13:17 . 2006-11-08 13:45 240384 ----a-w- c:\windows\system32\drivers\rt2500usb.sys 2009-08-24 13:17 . 2009-08-24 13:17 -------- d-----w- c:\program files\Hercules 2009-08-24 12:46 . 2001-08-23 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-24 12:46 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-24 12:45 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-24 12:45 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-22 14:34 . 2009-08-22 14:31 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-22 14:30 . 2009-08-22 14:35 -------- d-----w- c:\documents and settings\Administrateur\.housecall6.6 2009-08-22 14:26 . 2009-08-22 14:26 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2009-08-22 14:24 . 2009-08-22 14:24 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2009-08-22 11:23 . 2009-08-22 11:23 17105 ----a-w- c:\windows\qelym.dat 2009-08-22 11:23 . 2009-08-22 11:23 13731 ----a-w- c:\windows\pegari.com 2009-08-22 10:02 . 2009-08-22 10:02 -------- d-----w- c:\program files\Microsoft Windows OneCare Live 2009-08-22 09:57 . 2009-08-22 11:12 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-21 08:53 . 2009-08-21 08:53 16001 ----a-w- c:\windows\system32\pibenon.dat 2009-08-19 07:59 . 2009-08-19 07:59 13479 ----a-w- c:\windows\system32\urypow.dat 2009-08-19 07:59 . 2009-08-19 07:59 10000 ----a-w- c:\windows\system32\qumejeryre.scr 2009-08-18 17:51 . 2009-08-18 17:51 1 ---h--w- c:\windows\ex23567.dat 2009-08-18 08:12 . 2009-08-18 08:12 -------- d-----w- c:\windows\system32\%LOCALAPPDATA% 2009-08-17 18:22 . 2009-08-17 18:22 14516 ----a-w- c:\windows\ymoh.com 2009-08-17 18:22 . 2009-08-17 18:22 10070 ----a-w- c:\windows\pufunu.dat 2009-08-17 10:16 . 2009-08-18 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-17 05:41 . 2009-08-17 05:41 10708 ----a-w- c:\windows\uxiro.com 2009-08-16 19:33 . 2009-08-16 19:33 19104 ----a-w- c:\windows\emuxihi.dat 2009-08-16 19:33 . 2009-08-16 19:33 11271 ----a-w- c:\windows\amedujisim.dat 2009-08-16 14:53 . 2009-08-16 14:53 11761 ----a-w- c:\windows\system32\tydyw.dat 2009-08-16 14:45 . 2009-08-16 14:45 13523 ----a-w- c:\program files\Fichiers communs\visib.dat 2009-08-12 08:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 15:24 . 2009-08-26 15:24 17378 ----a-w- c:\documents and settings\All Users\Application Data\musosewyx.scr 2009-08-26 15:24 . 2009-08-26 15:24 17378 ----a-w- c:\documents and settings\All Users\Application Data\musosewyx.scr 2009-08-26 15:24 . 2009-08-26 15:24 17253 ----a-w- c:\windows\ylifufudyh.sys 2009-08-26 15:24 . 2009-08-26 15:24 17014 ----a-w- c:\windows\system32\iqumocexoz.bat 2009-08-26 15:24 . 2009-08-26 15:24 13876 ----a-w- c:\windows\buna.sys 2009-08-26 15:24 . 2009-08-26 15:24 13522 ----a-w- c:\program files\Fichiers communs\avah.vbs 2009-08-26 15:24 . 2009-08-26 15:24 12274 ----a-w- c:\windows\system32\orysofa.bin 2009-08-26 15:24 . 2009-08-26 15:24 12068 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ujotip.bin 2009-08-26 15:24 . 2009-08-26 15:24 11645 ----a-w- c:\program files\Fichiers communs\welazilaga.sys 2009-08-26 15:24 . 2009-08-26 15:24 10975 ----a-w- c:\windows\system32\asyga.pif 2009-08-26 15:24 . 2009-08-26 15:24 11019 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ipucucoxuq.bin 2009-08-26 15:24 . 2009-08-26 15:24 11895 ----a-w- c:\program files\Fichiers communs\ivyzoraza.dll 2009-08-26 15:23 . 2009-08-26 15:23 -------- d-----w- c:\program files\PC_Antispyware2010 2009-08-26 15:18 . 2009-05-15 16:27 -------- d-----w- c:\program files\SPAMfighter 2009-08-26 15:17 . 2004-01-01 07:12 94016 ----a-w- c:\windows\system32\drivers\agp440.sys 2009-08-26 15:17 . 2004-06-10 19:05 -------- d-----w- c:\program files\Wanadoo 2009-08-26 13:51 . 2009-08-26 13:51 17456 ----a-w- c:\program files\Fichiers communs\letoper.lib 2009-08-26 13:51 . 2009-08-26 13:51 12150 ----a-w- c:\program files\Fichiers communs\odetur._sy 2009-08-26 13:51 . 2009-08-26 13:51 19253 ----a-w- c:\program files\Fichiers communs\elutytysy.db 2009-08-26 11:19 . 2009-08-26 11:19 1184 ----a-w- c:\program files\zoqcr.txt 2009-08-24 13:17 . 2004-01-01 10:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-24 13:02 . 2004-01-01 10:26 -------- d-----w- c:\program files\Easy Internet signup 2009-08-22 14:40 . 2004-06-20 11:42 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-08-22 14:40 . 2006-04-29 17:45 -------- d-----w- c:\program files\Astraware 2009-08-20 17:35 . 2004-01-01 15:43 630432 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-16 19:33 . 2009-08-16 19:33 17621 ----a-w- c:\documents and settings\All Users\Application Data\cewilav.dat 2009-08-16 19:33 . 2009-08-16 19:33 17426 ----a-w- c:\program files\Fichiers communs\nawu.db 2009-08-16 14:53 . 2009-08-16 14:53 15000 ----a-w- c:\program files\Fichiers communs\kypubuz.lib 2009-08-05 09:00 . 2002-12-12 06:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2004-01-03 03:27 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-01-01 08:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-23 18:35 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:26 . 2004-01-03 03:35 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-01-03 03:34 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-01-03 03:34 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-01-03 03:33 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-01-03 03:33 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-01-03 03:32 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-01-01 15:43 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 17:52 . 2009-06-22 17:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-16 14:40 . 2004-01-03 03:35 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2004-01-03 03:32 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2004-01-01 15:43 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2004-01-03 03:27 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-01-03 03:33 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-01-01 15:44 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 09:42 . 2009-06-22 18:12 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 09:42 . 2007-12-03 19:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-03 19:10 . 2003-05-30 15:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-11-01 15:40 . 2006-11-01 15:40 0 -csha-w- c:\windows\SMINST\HPCD.sys . ------- Sigcheck ------- [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2003-09-23 11:01 561920 E3AE9C79498210A5F39FE5A9AD62BC55 c:\windows\I386\NTFS.SYS [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-20 17:35 630432 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2004-08-06 2502656] "Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 159744] "WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-23 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-11 32768] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-26 595065] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-05 753664] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2003-04-03 50176] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-6-10 954475] EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-11-19 121856] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2004-2-28 83360] NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2004-6-19 241664] Synchronisation Wanadoo.lnk - c:\program files\Wanadoo\Synchronisation Wanadoo\Voxsync.exe [2004-11-9 622592] WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2009-8-24 722432] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968] S1 820b9cd7;820b9cd7;c:\windows\system32\drivers\820b9cd7.sys --> c:\windows\system32\drivers\820b9cd7.sys [?] S1 836b6abf;836b6abf;c:\windows\system32\drivers\836b6abf.sys --> c:\windows\system32\drivers\836b6abf.sys [?] S2 gupdate1c9945f4b5f3db3;Service Google Update (gupdate1c9945f4b5f3db3);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 22:02 133104] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34] 2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02] 2009-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:02] 2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{81F9939B-A69F-487E-A952-D34712163A73}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . - - - - ORPHANS REMOVED - - - - HKCU-Run-RecordNow! - (no file) HKLM-Run-PS2 - c:\windows\system32\ps2.exe HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 17:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_USERS\S-1-5-21-2203956830-3961793352-2022211046-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\DeviceAppInstall\oemDevice3] "Name"="oemDevice3" "DisplayName"="Modem sans fil" "Param1"="oem\\APPS\\Drivers\\GSM USB Modem\\USBModem_Dialer.exe" "Param2"="" "Type"="createprocess" "Order"=dword:00000000 "State"=dword:0000001b . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(7896) c:\windows\system32\nView.dll c:\windows\system32\NVWRSFR.DLL c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\nvwddi.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe c:\windows\system32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\nvsvc32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\rundll32.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\progra~1\Wanadoo\TaskBarIcon.exe c:\program files\Logitech\Video\FxSvr2.exe c:\progra~1\MICROS~3\rapimgr.exe c:\windows\system32\braviax.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe c:\windows\system32\msiexec.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-26 17:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-26 15:26 Pre-Run: 81 513 541 632 octets libres Post-Run: 81 623 109 632 octets libres Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=,1,2,3,4,5 465 --- E O F --- 2009-08-16 19:29 Pouvez vous me dire que faire désormais? Merci d'avance