Malware chiant [résolu]

[gorby1980]

Bonjour,

 

Hier après-midi, un malware s'est installé sur mon ordinateur. Trois icônes de liens internet s'installent sur mon bureau et dans mes favoris, les trois menant vers trois pages d'un même site d'anti-virus. Je reçois depuis des alertes fréquentes selon lesquelles mon ordinateur est infecté. De plus, une autre page de vente d'anti-virus s'impose comme page de démarrage internet. Ma connexion a également tendance à ralentir.

 

Précisons que j'utilise McAfee comme anti-virus et qu'il ne me détecte rien. J'ai installé ComboFix et il me vire les trois icônes et les trois raccourcis, me donnant une heure ou deux de répit. Mais ces charognes reviennent et ça repart de plus belle.

 

Voici le rapport Combofix:

ComboFix 08-05-21.2 - Florian 2008-05-23 10:03:10.4 - NTFSx86

Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe

* Resident AV is active

 

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Florian\Bureau\Error Cleaner.url

C:\Documents and Settings\Florian\Bureau\Privacy Protector.url

C:\Documents and Settings\Florian\Bureau\Spyware&Malware Protection.url

C:\Documents and Settings\Florian\Favoris\Error Cleaner.url

C:\Documents and Settings\Florian\Favoris\Privacy Protector.url

C:\Documents and Settings\Florian\Favoris\Spyware&Malware Protection.url

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-23 09:46 . 2008-05-23 09:46 <REP> d-------- C:\Program Files\Trend Micro

2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun

2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6

2008-05-22 16:16 . 2008-05-22 16:16 <REP> d-------- C:\Program Files\Java

2008-05-22 16:16 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-05-22 14:42 . 2008-05-23 10:03 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons

2008-05-22 13:35 . 2008-05-21 17:43 331,776 --a------ C:\WINDOWS\pxgdslro.dll

2008-05-22 13:35 . 2008-05-21 17:43 237,568 --a------ C:\WINDOWS\gnowmebk.dll

2008-05-22 13:35 . 2008-05-21 17:43 200,704 --a------ C:\WINDOWS\gktxaspm.dll

2008-05-22 13:35 . 2008-05-21 17:43 159,744 --a------ C:\WINDOWS\elsq.exe

2008-05-22 13:35 . 2008-05-21 17:44 90,112 --a------ C:\WINDOWS\mdtgkswr.exe

2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo!

2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo!

2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack

2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU

2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe

2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 07:20 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent

2008-05-22 17:09 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla

2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent

2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0

2008-05-13 22:27 --------- d-----w C:\Program Files\DivX

2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client

2008-04-18 05:00 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-04-18 05:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe

2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe

2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe

2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe

2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe

2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe

2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe

2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log

2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe

2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe

2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip

2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar

2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe

2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe

2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe

2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat

2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat

2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat

2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying

2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe

2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt

2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-22_16.35.09.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-22 13:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-23 07:08:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-21 17:43 200704]

 

[HKEY_CLASSES_ROOT\clsid\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}]

[HKEY_CLASSES_ROOT\gktxaspm.1]

[HKEY_CLASSES_ROOT\TypeLib\{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}]

[HKEY_CLASSES_ROOT\gktxaspm]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]

"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]

"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"gnowmebk"= {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 237568]

"pxgdslro"= {06B91A23-D280-4D41-B179-4CB92C393665} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 331776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.DivXa32"= DivXa32.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\WINDOWS\\system32\\lxczcoms.exe"=

"C:\\Program Files\\WinMX\\WinMX.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port

"58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port

"58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port

"58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port

"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port

"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

"58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port

"58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 10:04:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-05-23 10:05:38

ComboFix-quarantined-files.txt 2008-05-23 08:05:34

ComboFix2.txt 2008-05-22 22:07:43

ComboFix3.txt 2008-05-22 16:40:02

ComboFix4.txt 2008-05-22 14:35:34

 

Pre-Run: 75,753,906,176 octets libres

Post-Run: 75,762,503,680 octets libres

 

193 --- E O F --- 2008-05-16 14:58:13

 

Voici maintenant le rapport Hijack This :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:19:53, on 23.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\system32\lxczcoms.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com

O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com

O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com

O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com

O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com

O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com

O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com

O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com

O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com

O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com

O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com

O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com

O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com

O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com

O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com

O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com

O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com

O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net

O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net

O1 - Hosts: 82.43.229.238 test2.winmxgroup.net

O1 - Hosts: 205.238.40.1 test3.winmxgroup.net

O1 - Hosts: 205.238.40.2 test4.winmxgroup.net

O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net

O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net

O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net

O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net

O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.link.io

O15 - Trusted Zone: http://www.megaupload.com

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - (no file)

O21 - SSODL: gnowmebk - {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll

O21 - SSODL: pxgdslro - {06B91A23-D280-4D41-B179-4CB92C393665} - C:\WINDOWS\pxgdslro.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

 

--

End of file - 12275 bytes

 

Merci d'avance

Modifié le 26 mai 2008 par gorby1980

[Thanos]

salut et bienvenue

 

Nous allons utiliser le programme suivant pour nettoyer le pc >>

 

Déconnecte ton antivirus le temps de faire les deux étapes qui suivant:

 

1°) Télécharge SmitfraudFix de S!Ri sur ton bureau

• Double clique sur SmitfraudFix.exe
  
• Une fenêtre va s'ouvrir, choisis l'option 1
  
• Copie/colle le contenu du bloc-note qui s'ouvre dans ton prochain post.
  
• Note: si tu as une version de Smitfraudfix, ne l'utilise pas! élimine là et télécharge la dernière version.
  

2°) Double clique sur SmitfraudFix.exe

• Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
  
• A la question: Voulez-vous nettoyer le registre ? répond O (oui) et presse [Entrée] afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.
  
• Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répond O (oui) et presse [Entrée] pour remplacer le fichier corrompu.
  
• Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt
  

Donc, effectue d'abord le scan avec l'option 1 puis viens poster le rapport. Ensuite lance l'option 2 et poste le rapport affiché.

Modifié le 23 mai 2008 par Thanos

[gorby1980]

Voici le premier rapport :

mitFraudFix v2.320

 

Rapport fait à 19:14:42.12, 23.05.2008

Executé à partir de C:\Documents and Settings\Florian\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\system32\lxczcoms.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\Documents and Settings\Florian\Bureau\iexplore.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Florian

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Florian\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Florian\Favoris

 

C:\DOCUME~1\Florian\Favoris\Error Cleaner.url PRESENT !

C:\DOCUME~1\Florian\Favoris\Privacy Protector.url PRESENT !

C:\DOCUME~1\Florian\Favoris\Spyware?Malware Protection.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

C:\DOCUME~1\Florian\Bureau\Error Cleaner.url PRESENT !

C:\DOCUME~1\Florian\Bureau\Privacy Protector.url PRESENT !

C:\DOCUME~1\Florian\Bureau\Spyware?Malware Protection.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

[!] Suspicious: gktxaspm.dll

Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}

TypeLib: {6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}

Interface: {9B19A112-5F7E-4549-BDC1-9462DDC7D0B9}

Classe: gktxaspm.bpew

Classe: gktxaspm.ToolBar.1

 

[!] Suspicious: pxgdslro.dll

SSODL: pxgdslro - {06B91A23-D280-4D41-B179-4CB92C393665}

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

[gorby1980]

Voici le deuxième rapport :

SmitFraudFix v2.320

 

Rapport fait à 19:17:20.20, 23.05.2008

Executé à partir de C:\Documents and Settings\Florian\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

65.75.216.6 www.winmx.com err.winmx.com

205.238.40.54 www.winmx.com err.winmx.com

65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com

65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com

82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com

205.238.40.1 cache3.winmx.com test3204.winmx.com

205.238.40.2 cache4.winmx.com test3205.winmx.com

65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com

65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com

65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com

65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com

65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com

65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com

82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com

82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com

205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com

205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com

65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com

65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com

65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com

65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com

65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com

65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com

82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com

82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com

205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com

205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com

65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com

205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com

65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net

65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net

82.43.229.238 test2.winmxgroup.net

205.238.40.1 test3.winmxgroup.net

205.238.40.2 test4.winmxgroup.net

65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net

65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net

82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net

205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net

205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

C:\WINDOWS\gktxaspm.dll deleted.

C:\WINDOWS\pxgdslro.dll deleted.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\DOCUME~1\Florian\Bureau\Error Cleaner.url supprimé

C:\DOCUME~1\Florian\Bureau\Privacy Protector.url supprimé

C:\DOCUME~1\Florian\Bureau\Spyware?Malware Protection.url supprimé

C:\DOCUME~1\Florian\Favoris\Error Cleaner.url supprimé

C:\DOCUME~1\Florian\Favoris\Privacy Protector.url supprimé

C:\DOCUME~1\Florian\Favoris\Spyware?Malware Protection.url supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{49EB7B78-F65B-408C-A155-A99CE91E8223}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

[Thanos]

salut

 

Ok, SmitfraudFix a éliminé les fichiers incriminés. On va utiliser de nouveau ComboFix afin de supprimer le reste de l'infection >>

 

1) On utilise un script de nouveau >>

 

Rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/76dijx

pour cela, clique sur le lien en bas de page > Download Link: CFScript

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

2) Fais le scan en ligne suivant après ca >>

 

Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien=> Cybersécurité

 

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  
• clique une nouvelle fois sur "Accept"
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Aide en cas de problème :Cybersécurité

 

NOTE: Le scan est à faire avec Internet Explorer.

 

Poste les deux rapports stp

[gorby1980]

Voici le nouveau rapport Combofix :

 

ComboFix 08-05-21.2 - Florian 2008-05-24 9:46:48.5 - NTFSx86

Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Florian\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\elsq.exe

C:\WINDOWS\gnowmebk.dll

C:\WINDOWS\mdtgkswr.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\elsq.exe

C:\WINDOWS\gnowmebk.dll

C:\WINDOWS\mdtgkswr.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-23 19:29 . 2008-05-23 19:29 <REP> d-------- C:\Program Files\Sun

2008-05-23 19:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-23 19:14 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-05-23 19:14 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-23 19:14 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-05-23 19:14 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-23 19:14 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-05-23 19:14 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-23 19:14 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-23 19:14 . 2008-05-23 19:17 3,196 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-23 09:46 . 2008-05-23 09:46 <REP> d-------- C:\Program Files\Trend Micro

2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun

2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6

2008-05-22 16:16 . 2008-05-23 19:28 <REP> d-------- C:\Program Files\Java

2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-05-22 14:42 . 2008-05-23 10:03 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons

2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo!

2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo!

2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack

2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU

2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe

2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 22:16 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent

2008-05-23 12:27 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla

2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent

2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0

2008-05-13 22:27 --------- d-----w C:\Program Files\DivX

2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client

2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe

2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe

2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe

2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe

2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe

2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe

2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe

2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log

2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe

2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe

2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip

2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar

2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe

2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe

2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe

2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat

2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat

2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat

2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying

2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe

2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt

2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-22_16.35.09.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-22 13:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-24 07:49:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2005-04-13 00:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2005-04-13 00:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2005-04-13 01:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-05-24 07:50:15 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]

"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"gnowmebk"= {C871CCC5-0788-43CC-B3E2-BAB552039D7A} - C:\WINDOWS\gnowmebk.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.DivXa32"= DivXa32.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\WINDOWS\\system32\\lxczcoms.exe"=

"C:\\Program Files\\WinMX\\WinMX.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port

"58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port

"58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port

"58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port

"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port

"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

"58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port

"58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]

R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43]

S2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-24 09:49:48

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe

C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe

C:\Program Files\McAfee.com\Agent\Mcdetect.exe

C:\PROGRA~1\McAfee.com\VSO\McShield.exe

C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe

C:\WINDOWS\system32\cscript.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-24 9:53:15 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-24 07:53:10

ComboFix2.txt 2008-05-23 08:05:39

ComboFix3.txt 2008-05-22 22:07:43

ComboFix4.txt 2008-05-22 16:40:02

ComboFix5.txt 2008-05-22 14:35:34

 

Pre-Run: 75,343,835,136 octets libres

Post-Run: 75,499,053,056 octets libres

 

192 --- E O F --- 2008-05-16 14:58:13

[gorby1980]

Et voici le rapport Kaspersky :

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, May 24, 2008 10:55:54 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 24/05/2008

Kaspersky Anti-Virus database records: 799589

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 67648

Number of viruses found: 6

Number of infected objects: 23

Number of suspicious objects: 0

Duration of the scan process: 00:43:00

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\bittorrent.log Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Courtney Cummz - Episode 22.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Devon Michaels - Episode 02.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Huxley - Episode 20.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Lawrence - Episode 17.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Storm - Episode 10.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Mrs. Trina Michaels - Episode 07.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 on 1 - Ms. Haven - Episode 11.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Housewife 1 On 1 - Tory Lane (23).mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 On 1 - Mrs Rayveness.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 on 1 - Mrs. King.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 on 1 - Mrs. L'Amour.mpg Object is locked skipped

C:\Documents and Settings\Florian\Application Data\BitTorrent\incomplete\8b633787-6d16\Naughty America - Housewife 1 on 1 - Mrs. Robbins.mpg Object is locked skipped

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\Florian\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab/veohminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab/askminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opm skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab/jamanminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi/Data1.cab Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\Documents and Settings\Florian\Local Settings\Application Data\{ABDF8991-BBD0-4F99-8783-A4C502A0219C}\Pando.msi Embedded: infected - 4 skipped

C:\Documents and Settings\Florian\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Historique\History.IE5\MSHist012008052420080525\index.dat Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Florian\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Florian\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\elsq.exe.vir Infected: Trojan.Win32.Vapsup.fmv skipped

C:\QooBox\Quarantine\C\WINDOWS\gnowmebk.dll.vir Infected: Trojan.Win32.Vapsup.fmu skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab/veohminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab/askminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opm skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab/jamanminiinst.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi/Data1.cab Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043612.msi Embedded: infected - 4 skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043893.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043894.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043897.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043899.exe Infected: Trojan-Downloader.Win32.Agent.opl skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP266\A0043900.exe Infected: Trojan-Downloader.Win32.Agent.opm skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP276\A0045071.dll Infected: Trojan.Win32.Vapsup.fnc skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP279\A0045123.exe Infected: Trojan.Win32.Vapsup.fmv skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP279\A0045124.dll Infected: Trojan.Win32.Vapsup.fmu skipped

C:\System Volume Information\_restore{BD3D3D32-230D-483A-9626-6C5197E60A2E}\RP279\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{66D46F96-A882-48BC-A4A1-A8D11515306D}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

[Thanos]

salut

 

On va passer ComboFix une dernière fois et c'est bon. De la même manière >>

 

Rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/erzo91

pour cela, clique sur le lien en bas de page > Download Link: CFScript

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

Poste ce dernier rapport stp.

 

Après ca, je te propose d'installer la Console de Récupération: C'est un outil très pratique qui permet dans beaucoup de cas de réparer Windows lorsque c'est nécéssaire. (surtout si tu ne possèdes pas le cd de Windows).

Voici un dossier sur la Console de Récupération et ce qu'elle permet de faire, en espérant que ca ne te serve pas! >>la Console de Récupération<<

Etape non obligatoire, mais je te conseille de l'installer.

 

• Lorsque tu as cliqué sur le lien ci-dessous, tu seras dirigé sur une page: clique sur le bouton Télécharger afin de récupérer le package d'installation.
  Télécharge le fichier sur ton bureau et ne modifie pas le nom du fichier surtout!
   
  Microsoft Windows XP Édition familiale SP2
   
   
  
• Fait un glisser/déposer du fichier winxpsp2_fr (que tu as téléchargé sur le bureau) sur le fichier ComboFix.exe comme sur la capture >
  
  
• Suis les indications à l'écran pour lancer ComboFix et lorsqu'on te le demande, accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.
  
• Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  
• Clique ensuite sur le bouton No pour quitter le programme.
  
• Une autre fenêtre s'ouvre "A log shall be produced..." > clique sur OK > un fichier texte nommé CF_RC.txt va s'ouvrir: poste son contenu.
  

Si tu as aussi fait cette étape, poste les deux rapports (ComboFix.txt et CF_RC.txt)

[gorby1980]

Voici le rapport Combofix :

 

ComboFix 08-05-21.2 - Florian 2008-05-24 23:51:16.6 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 2:00]

Endroit: C:\Documents and Settings\Florian\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Florian\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\TEMP\rtdrvmon.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Florian\Bureau\SmitfraudFix

C:\Documents and Settings\Florian\Bureau\SmitfraudFix.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\404Fix.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\dumphive.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\exit.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\GenericRenosFix.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\HostsChk.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\IEDFix.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\Process.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\Reboot.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\restart.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\SmitfraudFix.cmd

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\SmiUpdate.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\SrchSTS.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\swreg.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\swsc.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\swxcacls.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\UIFix.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\unzip.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\VACFix.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\VCCLSID.exe

C:\Documents and Settings\Florian\Bureau\SmitfraudFix\WS2Fix.exe

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-24 10:02 . 2008-05-24 10:02 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-05-24 10:02 . 2008-05-24 10:02 <REP> d-------- C:\WINDOWS\LastGood.Tmp

2008-05-24 10:02 . 2008-05-24 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-23 19:29 . 2008-05-23 19:29 <REP> d-------- C:\Program Files\Sun

2008-05-23 19:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-23 19:14 . 2008-05-23 19:17 3,196 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-23 09:46 . 2008-05-23 09:46 <REP> d-------- C:\Program Files\Trend Micro

2008-05-22 16:17 . 2008-05-22 16:17 <REP> d-------- C:\WINDOWS\Sun

2008-05-22 16:17 . 2008-05-22 16:22 <REP> d-------- C:\Documents and Settings\Florian\.housecall6.6

2008-05-22 16:16 . 2008-05-23 19:28 <REP> d-------- C:\Program Files\Java

2008-05-22 16:15 . 2008-05-22 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-05-22 14:42 . 2008-05-23 10:03 <REP> d-------- C:\Documents and Settings\Florian\Application Data\TmpRecentIcons

2008-05-14 00:28 . 2008-05-14 00:28 <REP> d-------- C:\Documents and Settings\Florian\Application Data\Yahoo!

2008-05-14 00:27 . 2008-05-14 08:50 <REP> d-------- C:\Program Files\Yahoo!

2008-05-13 18:55 . 2008-05-13 18:55 <REP> d-------- C:\Program Files\Free Audio Pack

2008-05-13 18:54 . 2008-05-13 18:54 6,773,861 --a------ C:\Program Files\Setup_FreeConverter.exe

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\Florian\Application Data\AVS4YOU

2008-05-06 10:54 . 2008-05-06 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-05-06 10:53 . 2008-05-06 10:54 <REP> d-------- C:\Program Files\AVS4YOU

2008-05-06 10:53 . 2008-05-06 10:53 35,745,976 --a------ C:\Program Files\AVSVideoReMaker.exe

2008-05-06 10:53 . 2007-10-25 11:20 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-05-06 10:53 . 2007-10-25 11:20 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-05-06 10:53 . 2007-10-25 11:20 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-24 21:34 --------- d-----w C:\Documents and Settings\Florian\Application Data\BitTorrent

2008-05-23 12:27 --------- d-----w C:\Documents and Settings\Florian\Application Data\FileZilla

2008-05-22 13:41 --------- d-----w C:\Program Files\BitTorrent

2008-05-14 07:51 --------- d-----w C:\Documents and Settings\Florian\Application Data\gtk-2.0

2008-05-13 22:27 --------- d-----w C:\Program Files\DivX

2008-05-06 08:54 --------- d-----w C:\Program Files\FileZilla Client

2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2008-04-18 05:00 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-02-26 12:39 164,993 ----a-w C:\Program Files\mp3DC202.exe

2008-01-18 09:23 412,199 ----a-w C:\Program Files\asftools310.exe

2008-01-01 16:30 39,262,553 ----a-w C:\Program Files\WE55FraTrial.exe

2007-12-28 08:57 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe

2007-12-02 18:02 19,343,592 ----a-w C:\Program Files\internet_video_converter_1.50_en_setup.exe

2007-11-10 08:21 223,388 ----a-w C:\Program Files\MXPie Patch v3.6.exe

2007-10-24 22:46 734,160 ----a-w C:\Program Files\VobSub_2.23.exe

2007-10-02 09:34 1,771 ----a-w C:\Program Files\uninstal.log

2007-10-02 09:26 513,911 ----a-w C:\Program Files\ZyGoVideo2Win.exe

2007-10-02 08:52 13,856,793 ----a-w C:\Program Files\quicktimealt176.exe

2007-08-27 11:55 172,058 ----a-w C:\Program Files\hjsplit.zip

2007-08-26 15:14 1,463,185 ----a-w C:\Program Files\Advanced_RAR_Repair_v1.0.rar

2007-08-14 22:03 2,007,901 ----a-w C:\Program Files\CodecPackPl.exe

2007-08-14 06:59 3,294,480 ----a-w C:\Program Files\DivXCodec.exe

2007-08-13 19:22 823,296 ----a-w C:\Program Files\winmx353.exe

2007-08-13 19:22 2,764 ----a-w C:\Program Files\settings.dat

2007-08-13 19:22 103,384 ----a-w C:\Program Files\lib4.dat

2007-08-13 19:11 9,130 ----a-w C:\Program Files\colors.dat

2006-03-13 22:52 18,321 ----a-w C:\Program Files\copying

2002-09-11 20:54 1,708,852 ----a-w C:\Program Files\FPESETUP_wu.exe

2002-05-21 08:00 1,362 ----a-r C:\Program Files\ReadMe.txt

2000-11-15 08:21 178,688 ----a-w C:\Program Files\hjsplit.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-22_16.35.09.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-22 13:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-24 21:54:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2005-04-13 00:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2005-04-13 00:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2005-04-13 01:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 09:42 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]

"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]

"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]

"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 07:00 185896]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.DivXa32"= DivXa32.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-16 09:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-18 07:00 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\WINDOWS\\system32\\lxczcoms.exe"=

"C:\\Program Files\\WinMX\\WinMX.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58295:TCP"= 58295:TCP:Pando P2P TCP Listening Port

"58295:UDP"= 58295:UDP:Pando P2P UDP Listening Port

"58489:TCP"= 58489:TCP:Pando P2P TCP Listening Port

"58489:UDP"= 58489:UDP:Pando P2P UDP Listening Port

"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port

"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

"58341:TCP"= 58341:TCP:Pando P2P TCP Listening Port

"58341:UDP"= 58341:UDP:Pando P2P UDP Listening Port

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]

R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43]

S2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-24 23:54:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe

C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe

C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe

C:\Program Files\McAfee.com\Agent\Mcdetect.exe

C:\PROGRA~1\McAfee.com\VSO\McShield.exe

C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe

C:\WINDOWS\system32\cscript.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-24 23:57:40 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-24 21:57:36

ComboFix2.txt 2008-05-24 07:53:16

ComboFix3.txt 2008-05-23 08:05:39

ComboFix4.txt 2008-05-22 22:07:43

ComboFix5.txt 2008-05-22 16:40:02

 

Pre-Run: 75,525,308,416 octets libres

Post-Run: 75,694,030,848 octets libres

 

221 --- E O F --- 2008-05-16 14:58:13

[gorby1980]

Voici le dernier rapport :

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP ?dition familiale" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons