[Résolu] Un virus?

[lenab01]

aucun résultat dans les deux répertoires

 

j'ai recherché spyl.sys, fichiers correspondant aux lignes restaurées

[Falkra]

Fais une recherche globale avec l'outil de recherche windows, sur C:\

 

Menu démarrer, rechercher, fichiers ou dossiers.

Entre spyl.sys comme nom et dis C:\ comme emplacement à rechercher.

[lenab01]

avec sous répertoires ?

on aura le résultat demain, vue l'allure de la bête!

[Falkra]

En attendant, un truc rapide.

 

Toujours une fois les ligns SSDT restaurées, (et uniquement après qu'elles le soient) refais un rapport RSIT stp.

Il n'en fera qu'un (un seul fichier), c'est normal.

[lenab01]

rapport RSIT

après je lance la recherche

je suis hs, je ferai la suite demain

A+

 

Logfile of random's system information tool 1.02 (written by random/random)

Run by Maison at 2008-10-01 23:09:35

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 43 GB (56%) free of 76 GB

Total RAM: 511 MB (42% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:10:32, on 01/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\PerSono\perstray.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Maison\Bureau\RSIT.exe

C:\Download\Maison.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Perstray.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8082 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-21 308856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-09 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0BF43445-2F28-4351-9252-17FE6E806AA0}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-09 2436160]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-21 185896]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Perstray.lnk - C:\Program Files\PerSono\perstray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"c:\efes.exe"="c:\efes.exe:*:Enabled:Server"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2008-09-30 23:11:59 ----D---- C:\Program Files\Fichiers communs\McAfee

2008-09-30 23:11:38 ----D---- C:\Program Files\McAfee.com

2008-09-30 23:10:37 ----D---- C:\Program Files\McAfee

2008-09-30 12:52:50 ----D---- C:\WINDOWS\temp

2008-09-30 12:52:31 ----A---- C:\ComboFix.txt

2008-09-29 22:38:40 ----A---- C:\Boot.bak

2008-09-29 22:38:25 ----D---- C:\cmdcons

2008-09-28 23:40:58 ----D---- C:\WINDOWS\erdnt

2008-09-28 23:21:54 ----D---- C:\QooBox

2008-09-28 23:21:44 ----A---- C:\WINDOWS\zip.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\VFind.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\swxcacls.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\SWSC.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\swreg.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\sed.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\Nircmd.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\grep.exe

2008-09-28 23:21:44 ----A---- C:\WINDOWS\fdsv.exe

2008-09-28 18:23:46 ----A---- C:\WINDOWS\gmer.ini

2008-09-28 18:23:27 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-09-28 18:23:27 ----A---- C:\WINDOWS\gmer.dll

2008-09-28 18:23:26 ----A---- C:\WINDOWS\gmer.exe

2008-09-28 11:21:49 ----D---- C:\WINDOWS\BDOSCAN8

2008-09-27 17:04:55 ----D---- C:\rsit

2008-09-27 11:52:24 ----A---- C:\WINDOWS\system32\muweb.dll

2008-09-27 11:52:23 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2008-09-27 11:52:22 ----A---- C:\WINDOWS\system32\mucltui.dll

2008-09-26 21:31:24 ----D---- C:\Utilitaires

2008-09-26 19:02:05 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-09-26 19:01:17 ----D---- C:\Program Files\Windows Live

2008-09-26 18:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-09-21 08:45:57 ----A---- C:\WINDOWS\system32\javaws.exe

2008-09-21 08:45:57 ----A---- C:\WINDOWS\system32\javaw.exe

2008-09-21 08:45:57 ----A---- C:\WINDOWS\system32\java.exe

2008-09-20 08:45:51 ----D---- C:\Program Files\iPod

2008-09-20 08:45:38 ----D---- C:\Program Files\iTunes

2008-09-20 08:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-20 08:43:24 ----D---- C:\Program Files\Bonjour

2008-09-20 08:41:14 ----D---- C:\Program Files\QuickTime

2008-09-11 15:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-09-11 15:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

 

======List of files/folders modified in the last 1 months======

 

2008-10-01 23:10:03 ----D---- C:\Download

2008-10-01 05:46:41 ----D---- C:\WINDOWS

2008-09-30 23:31:46 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-09-30 23:30:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2008-09-30 23:29:41 ----D---- C:\WINDOWS\system32

2008-09-30 23:27:54 ----HD---- C:\WINDOWS\inf

2008-09-30 23:19:51 ----D---- C:\WINDOWS\system32\drivers

2008-09-30 23:14:07 ----SD---- C:\WINDOWS\Tasks

2008-09-30 23:11:59 ----D---- C:\Program Files\Fichiers communs

2008-09-30 23:11:38 ----RD---- C:\Program Files

2008-09-30 23:05:14 ----D---- C:\WINDOWS\system32\CatRoot2

2008-09-30 12:45:16 ----A---- C:\WINDOWS\system.ini

2008-09-30 12:44:02 ----D---- C:\WINDOWS\system32\config

2008-09-30 12:43:33 ----D---- C:\WINDOWS\AppPatch

2008-09-29 22:39:56 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-09-29 22:38:41 ----RASH---- C:\boot.ini

2008-09-28 07:34:38 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-09-27 18:03:38 ----D---- C:\Program Files\SlySoft

2008-09-27 17:05:23 ----D---- C:\WINDOWS\Prefetch

2008-09-26 19:13:56 ----SHD---- C:\WINDOWS\Installer

2008-09-26 19:12:37 ----RSD---- C:\WINDOWS\Fonts

2008-09-26 19:05:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-09-26 19:05:27 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2008-09-26 08:20:19 ----D---- C:\Documents and Settings\Maison\Application Data\OpenOffice.org2

2008-09-24 20:14:11 ----D---- C:\WINDOWS\network diagnostic

2008-09-23 08:05:32 ----A---- C:\WINDOWS\NeroDigital.ini

2008-09-23 07:53:16 ----D---- C:\Films

2008-09-21 08:45:56 ----D---- C:\Program Files\Java

2008-09-20 08:46:24 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-09-20 08:41:24 ----D---- C:\Program Files\Fichiers communs\Apple

2008-09-20 08:26:26 ----D---- C:\Program Files\Adobe

2008-09-11 15:01:53 ----D---- C:\WINDOWS\WinSxS

2008-09-11 15:01:09 ----HD---- C:\WINDOWS\$hf_mig$

2008-09-11 15:00:49 ----A---- C:\WINDOWS\imsins.BAK

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-20 40320]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]

R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver; C:\WINDOWS\system32\DRIVERS\uacflt.sys [2002-05-03 21276]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-09-25 531584]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-28 85969]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-17 9600]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 ar2kspxj;ar2kspxj; C:\WINDOWS\system32\drivers\ar2kspxj.sys []

S3 ATICDSDr;ATICDSDr; \??\C:\Dell\Drivers\R50874\bin\atiicdxx.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-09-25 147456]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-09 138168]

S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-05-15 79400]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336]

 

-----------------EOF-----------------

[lenab01]

bonjour

le fichier spyl.sys est introuvable

 

a+

[Falkra]

Est-ce que tu constates encore des symptômes anormaux ?

Ce fichier n'est pas nécessairement nocif, mais j'aimerais le vérifier.

[lenab01]

oui je crois,

1/ 100% CPU en permanence

2/ impossible d'ouvrir la messagerie

3/ mystérieux programme O que je dois arrêter manuellement à l'arrêt de la machine

 

ça m'inquiète qu'on ne trouve rien

[Falkra]

Réutilise Combofix (il te demandera de mettre à jour, dis lui oui). Après l'affichage du rapport (à poster), regarde si tu as encore 100% de CPU.

Tu as une bestiole qui régénère, le reste est planqué mais ne s'affiche pas normalement.

 

Je ne veux pas te faire prendre de risque en shootant un truc de trop et planter ta machine.

[lenab01]

tu penses qu'il faudrait formater ?