analyse avec comboFix

[sooprano]

salut mon pc est infecter par des virus qui bloque certain fonctionnement des programme(msn9, photoshop et d'autre)

 

voila rapport comboFix

 

ComboFix 09-04-04.01 - Touch Advertising 2009-04-08 12:15:34.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.990.642 [GMT 0:00]

Lancé depuis: c:\combofix\ComboFix.exe

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\upw.bat

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\nmdfgds1.dll

c:\windows\system32\olhrwef.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-07 09:21 . 2009-04-07 09:21 109,400 -r-hs---- C:\1ogf.exe

2009-04-06 15:17 . 2009-04-06 15:17 <REP> d-------- c:\program files\Microsoft Office Outlook Connector

2009-04-06 15:15 . 2009-04-06 15:15 <REP> d-------- c:\program files\Windows Live SkyDrive

2009-04-06 15:15 . 2009-04-06 15:15 <REP> d-------- c:\program files\Microsoft

2009-04-03 09:06 . 2009-04-03 09:05 109,512 -r-hs---- C:\cqxj.exe

2009-04-02 09:14 . 2009-04-02 09:14 108,083 -r-hs---- C:\o3n9k.com

2009-04-01 13:14 . 2009-04-01 13:14 <REP> d--hs---- c:\documents and settings\Touch Advertising\PrivacIE

2009-04-01 13:13 . 2009-04-01 13:13 <REP> d--hs---- c:\documents and settings\Touch Advertising\IETldCache

2009-04-01 12:09 . 2009-04-01 12:09 <REP> d--h----- c:\windows\msdownld.tmp

2009-04-01 12:09 . 2009-01-07 18:21 26,144 --a------ c:\windows\system32\spupdsvc.exe

2009-04-01 12:07 . 2009-04-01 12:09 <REP> d--h-c--- c:\windows\ie8

2009-03-30 12:04 . 2009-04-01 08:59 108,693 -r-hs---- C:\0bcobed.exe

2009-03-18 10:23 . 2009-03-18 10:23 <REP> d-------- c:\program files\Microsoft Silverlight

2009-03-16 15:42 . 2008-09-16 11:57 48,941 --a------ c:\windows\hpbj1200.hi2

2009-03-16 15:42 . 2008-09-16 11:58 5,685 --a------ c:\windows\mariner.hi2

2009-03-16 15:42 . 2008-09-16 11:57 4,537 --a------ c:\windows\hpbj1200.bu2

2009-03-16 15:42 . 2008-09-16 11:58 3,571 --a------ c:\windows\mariner.bu2

2009-03-08 14:17 . 2009-03-08 14:17 57,344 --------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:17 . 2009-03-08 14:17 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:16 . 2009-03-08 14:16 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:15 . 2009-03-08 14:15 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-08 11:35 --------- d-----w c:\program files\Windows Live

2009-04-08 11:35 --------- d-----w c:\program files\MSN Messenger

2009-04-08 09:22 --------- d-----w c:\documents and settings\Touch Advertising\Application Data\AVG7

2009-03-26 10:46 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-17 09:01 --------- d-----w c:\program files\Hewlett-Packard

2009-03-08 04:34 914,944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 04:34 43,008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 04:33 420,352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 04:33 18,944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 04:32 72,704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 04:32 71,680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 04:31 48,128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 04:31 45,568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 04:31 34,816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 04:22 156,160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-02-27 16:10 --------- d-----w c:\program files\Messenger Plus! Live

2009-02-26 09:16 103,663 --sh--r C:\wx8o0bt1.com

2009-02-12 14:23 --------- d-----w c:\program files\Fichiers communs\Adobe

2009-02-11 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-02-11 14:27 --------- d-----w c:\program files\Bonjour

2009-02-11 14:06 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared

2009-02-06 18:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2008-01-01 12:05 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-01-01 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

2008-01-01 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008010120080102\index.dat

2008-01-01 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-17_12.41.44,32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-10-14 22:16:53 71,680 -c----w c:\windows\ie8\admparse.dll

+ 2007-12-07 01:42:15 124,928 -c----w c:\windows\ie8\advpack.dll

+ 2007-10-14 22:16:54 17,408 -c----w c:\windows\ie8\corpol.dll

+ 2007-12-19 22:20:28 347,136 -c----w c:\windows\ie8\dxtmsft.dll

+ 2007-12-07 01:42:15 214,528 -c----w c:\windows\ie8\dxtrans.dll

+ 2007-10-14 22:16:56 60,416 -c----w c:\windows\ie8\hmmapi.dll

+ 2007-12-07 01:42:15 63,488 -c----w c:\windows\ie8\icardie.dll

+ 2007-12-06 08:34:28 70,656 -c----w c:\windows\ie8\ie4uinit.exe

+ 2007-12-07 01:42:15 153,088 -c----w c:\windows\ie8\ieakeng.dll

+ 2007-12-07 01:42:16 230,400 -c----w c:\windows\ie8\ieaksie.dll

+ 2007-12-06 05:00:02 161,792 -c----w c:\windows\ie8\ieakui.dll

+ 2007-07-01 03:31:33 2,455,488 -c----w c:\windows\ie8\ieapfltr.dat

+ 2007-12-07 01:42:16 383,488 -c----w c:\windows\ie8\ieapfltr.dll

+ 2007-12-07 01:42:16 388,096 -c----w c:\windows\ie8\iedkcs32.dll

+ 2007-10-14 22:16:59 78,336 -c----w c:\windows\ie8\ieencode.dll

+ 2007-10-14 22:16:59 78,336 -c----w c:\windows\ie8\ieencode.dll.000

+ 2007-12-07 01:42:19 6,067,200 -c----w c:\windows\ie8\ieframe.dll

+ 2007-10-14 22:16:59 191,488 -c----w c:\windows\ie8\iepeers.dll

+ 2006-10-27 13:09:58 287,744 -c----w c:\windows\ie8\ieproxy.dll

+ 2007-12-07 01:42:19 44,544 -c----w c:\windows\ie8\iernonce.dll

+ 2007-12-07 01:42:19 267,776 -c----w c:\windows\ie8\iertutil.dll

+ 2007-10-14 22:16:59 55,296 -c----w c:\windows\ie8\iesetup.dll

+ 2007-10-14 22:17:39 180,736 -c----w c:\windows\ie8\ieui.dll

+ 2007-12-06 08:34:45 625,664 -c----w c:\windows\ie8\iexplore.exe

+ 2007-10-14 22:17:01 36,352 -c----w c:\windows\ie8\imgutil.dll

+ 2007-10-14 22:17:06 92,672 -c----w c:\windows\ie8\inseng.dll

+ 2007-10-14 22:17:06 491,520 -c----w c:\windows\ie8\jscript.dll

+ 2007-12-07 01:42:20 27,648 -c----w c:\windows\ie8\jsproxy.dll

+ 2007-10-14 22:17:07 40,960 -c----w c:\windows\ie8\licmgr10.dll

+ 2007-12-07 01:42:20 459,264 -c----w c:\windows\ie8\msfeeds.dll

+ 2007-12-07 01:42:20 52,224 -c----w c:\windows\ie8\msfeedsbs.dll

+ 2007-03-08 18:33:56 12,288 -c----w c:\windows\ie8\msfeedssync.exe

+ 2007-10-14 22:17:07 45,568 -c----w c:\windows\ie8\mshta.exe

+ 2007-12-07 01:42:21 3,593,216 -c----w c:\windows\ie8\mshtml.dll

+ 2007-12-07 01:42:21 478,208 -c----w c:\windows\ie8\mshtmled.dll

+ 2007-10-14 22:17:16 48,128 -c----w c:\windows\ie8\mshtmler.dll

+ 2007-10-14 22:17:16 156,160 -c----w c:\windows\ie8\msls31.dll

+ 2007-12-07 01:42:21 193,024 -c----w c:\windows\ie8\msrating.dll

+ 2007-12-07 01:42:21 671,232 -c----w c:\windows\ie8\mstime.dll

+ 2007-12-07 01:42:21 102,912 -c----w c:\windows\ie8\occache.dll

+ 2008-01-11 05:54:27 44,544 -c----w c:\windows\ie8\pngfilt.dll

+ 2009-03-08 16:14:22 58,448 -c----w c:\windows\ie8\spuninst\iecustom.dll

+ 2009-01-07 18:21:08 235,040 -c----w c:\windows\ie8\spuninst\spuninst.exe

+ 2009-01-07 18:21:08 406,048 -c----w c:\windows\ie8\spuninst\updspapi.dll

+ 2007-12-07 01:42:21 105,984 -c----w c:\windows\ie8\url.dll

+ 2007-12-07 01:42:22 1,162,752 -c----w c:\windows\ie8\urlmon.dll

+ 2007-10-14 22:17:23 413,696 -c----w c:\windows\ie8\vbscript.dll

+ 2007-10-14 22:17:24 765,952 -c----w c:\windows\ie8\vgx.dll

+ 2007-12-07 01:42:22 233,472 -c----w c:\windows\ie8\webcheck.dll

+ 2006-10-17 11:05:58 206,336 -c----w c:\windows\ie8\winfxdocobj.exe

+ 2007-12-07 01:42:22 825,344 -c----w c:\windows\ie8\wininet.dll

+ 2009-04-08 11:35:29 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe

+ 2009-04-08 11:34:58 62,304 ----a-r c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe

+ 2009-01-19 15:53:41 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2009-04-06 15:17:17 29,316 ----a-r c:\windows\Installer\{95120000-0120-040C-0000-0000000FF1CE}\olc_setup.exe

- 2007-12-07 01:42:15 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2009-03-08 04:32:48 128,512 ----a-w c:\windows\system32\advpack.dll

- 2007-10-14 22:16:53 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll

+ 2009-03-08 04:32:56 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll

- 2007-12-07 01:42:15 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2009-03-08 04:32:48 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll

- 2007-10-14 22:16:54 17,408 -c--a-w c:\windows\system32\dllcache\corpol.dll

+ 2009-03-08 04:33:40 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll

- 2007-12-19 22:20:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2009-03-08 04:31:44 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2007-12-07 01:42:15 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2009-03-08 04:31:38 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2007-10-14 22:16:56 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll

+ 2009-03-08 04:24:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll

- 2007-12-07 01:42:15 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2009-03-08 04:31:52 59,904 -c--a-w c:\windows\system32\dllcache\icardie.dll

- 2007-12-06 08:34:28 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-03-08 04:32:54 173,056 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2007-12-07 01:42:15 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2009-03-08 04:33:02 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2007-12-07 01:42:16 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2009-03-08 04:33:08 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2007-12-06 05:00:02 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2009-03-08 04:32:52 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2007-07-01 03:31:33 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat

+ 2009-02-06 21:07:58 3,698,584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat

- 2007-12-07 01:42:16 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2009-03-08 04:11:12 445,952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll

- 2007-12-07 01:42:16 388,096 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 14:09:26 391,536 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2007-12-07 01:42:19 6,067,200 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2009-03-08 04:39:48 11,063,808 -c--a-w c:\windows\system32\dllcache\ieframe.dll

- 2007-10-14 22:16:59 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll

+ 2009-03-08 04:31:56 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll

- 2007-12-07 01:42:19 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2009-03-08 04:32:50 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2007-12-07 01:42:19 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2009-03-08 04:32:22 1,985,024 -c--a-w c:\windows\system32\dllcache\iertutil.dll

- 2007-10-14 22:16:59 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll

+ 2009-03-08 04:32:50 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll

- 2007-12-06 08:34:45 625,664 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2009-03-08 14:09:26 638,816 -c--a-w c:\windows\system32\dllcache\iexplore.exe

- 2007-10-14 22:17:01 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll

+ 2009-03-08 04:31:38 34,816 -c--a-w c:\windows\system32\dllcache\imgutil.dll

- 2007-10-14 22:17:06 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll

+ 2009-03-08 04:32:46 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll

- 2007-10-14 22:17:06 491,520 -c--a-w c:\windows\system32\dllcache\jscript.dll

+ 2009-03-08 04:33:16 726,528 -c--a-w c:\windows\system32\dllcache\jscript.dll

- 2007-12-07 01:42:20 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2009-03-08 04:33:26 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2007-10-14 22:17:07 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 04:34:30 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll

- 2007-12-07 01:42:20 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2009-03-08 04:32:26 594,432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll

- 2007-12-07 01:42:20 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-03-08 04:31:52 55,296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-10-14 22:17:07 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe

+ 2009-03-08 04:31:02 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe

- 2007-12-07 01:42:21 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2009-03-08 04:41:16 5,937,152 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2007-12-07 01:42:21 478,208 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2009-03-08 04:31:26 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2007-10-14 22:17:16 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll

+ 2009-03-08 04:31:18 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll

- 2007-10-14 22:17:16 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

+ 2009-03-08 04:22:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

- 2007-12-07 01:42:21 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2009-03-08 04:34:18 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2007-12-07 01:42:21 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2009-03-08 04:32:04 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2007-12-07 01:42:21 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 04:34:18 109,568 -c--a-w c:\windows\system32\dllcache\occache.dll

- 2008-01-11 05:54:27 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2009-03-08 04:31:36 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2009-01-07 18:20:54 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll

- 2007-12-07 01:42:21 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2009-03-08 04:34:28 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2007-12-07 01:42:22 1,162,752 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2009-03-08 04:34:56 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-03 22:58:46 15,104 -c--a-w c:\windows\system32\dllcache\usbscan.sys

- 2007-10-14 22:17:23 413,696 -c--a-w c:\windows\system32\dllcache\vbscript.dll

+ 2009-03-08 04:33:06 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll

- 2007-10-14 22:17:24 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll

+ 2009-03-08 04:33:48 759,296 -c--a-w c:\windows\system32\dllcache\VGX.dll

- 2007-12-07 01:42:22 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2009-03-08 04:34:48 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll

- 2007-12-07 01:42:22 825,344 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2009-03-08 04:34:58 914,944 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2006-02-28 12:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe

+ 2006-02-28 12:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll

+ 2009-01-17 12:46:53 821,856 ----a-w c:\windows\system32\drivers\avg7core.sys

+ 2009-01-17 12:46:58 4,224 ----a-w c:\windows\system32\drivers\avg7rsw.sys

+ 2009-01-17 12:46:58 27,776 ----a-w c:\windows\system32\drivers\avg7rsxp.sys

+ 2009-01-17 12:53:01 10,760 ----a-w c:\windows\system32\drivers\avgclean.sys

+ 2009-01-17 12:52:59 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-01-17 12:47:04 4,960 ----a-w c:\windows\system32\drivers\avgtdi.sys

+ 2004-08-03 22:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys

- 2007-12-19 22:20:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2009-03-08 04:31:44 348,160 ----a-w c:\windows\system32\dxtmsft.dll

- 2007-12-07 01:42:15 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2009-03-08 04:31:38 216,064 ----a-w c:\windows\system32\dxtrans.dll

- 2009-01-15 08:52:38 331,480 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-02-13 08:52:38 1,611,024 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2007-12-07 01:42:15 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2009-03-08 04:31:52 59,904 ----a-w c:\windows\system32\icardie.dll

- 2007-10-14 22:17:27 26,112 ----a-w c:\windows\system32\idndl.dll

+ 2009-01-07 18:20:36 26,112 ----a-w c:\windows\system32\idndl.dll

- 2007-12-06 08:34:28 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2009-03-08 04:32:54 173,056 ----a-w c:\windows\system32\ie4uinit.exe

- 2007-12-07 01:42:15 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2009-03-08 04:33:02 125,952 ----a-w c:\windows\system32\ieakeng.dll

- 2007-12-07 01:42:16 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2009-03-08 04:33:08 229,376 ----a-w c:\windows\system32\ieaksie.dll

- 2007-12-06 05:00:02 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2009-03-08 04:32:52 163,840 ----a-w c:\windows\system32\ieakui.dll

- 2007-10-14 22:17:29 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat

+ 2009-02-06 21:07:58 3,698,584 ----a-w c:\windows\system32\ieapfltr.dat

- 2007-12-07 01:42:16 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2009-03-08 04:11:12 445,952 ----a-w c:\windows\system32\ieapfltr.dll

- 2007-12-07 01:42:16 388,096 ----a-w c:\windows\system32\iedkcs32.dll

+ 2009-03-08 14:09:26 391,536 ----a-w c:\windows\system32\iedkcs32.dll

- 2007-12-07 01:42:19 6,067,200 ----a-w c:\windows\system32\ieframe.dll

+ 2009-03-08 04:39:48 11,063,808 ----a-w c:\windows\system32\ieframe.dll

- 2007-10-14 22:16:59 191,488 ----a-w c:\windows\system32\iepeers.dll

+ 2009-03-08 04:31:56 183,808 ----a-w c:\windows\system32\iepeers.dll

- 2007-12-07 01:42:19 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2009-03-08 04:32:50 55,808 ----a-w c:\windows\system32\iernonce.dll

- 2007-12-07 01:42:19 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2009-03-08 04:32:22 1,985,024 ----a-w c:\windows\system32\iertutil.dll

- 2007-12-06 08:34:29 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2009-03-08 04:32:52 36,864 ----a-w c:\windows\system32\ieudinit.exe

- 2007-10-14 22:17:39 180,736 ----a-w c:\windows\system32\ieui.dll

+ 2009-03-08 04:22:46 164,352 ----a-w c:\windows\system32\ieui.dll

- 2007-10-14 22:17:06 92,672 ----a-w c:\windows\system32\inseng.dll

+ 2009-03-08 04:32:46 94,720 ----a-w c:\windows\system32\inseng.dll

- 2007-10-14 22:17:06 491,520 ----a-w c:\windows\system32\jscript.dll

+ 2009-03-08 04:33:16 726,528 ----a-w c:\windows\system32\jscript.dll

- 2007-12-07 01:42:20 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2009-03-08 04:33:26 25,600 ----a-w c:\windows\system32\jsproxy.dll

+ 2009-01-07 18:20:18 265,720 ----a-w c:\windows\system32\msdbg2.dll

- 2007-12-07 01:42:20 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2009-03-08 04:32:26 594,432 ----a-w c:\windows\system32\msfeeds.dll

- 2007-12-07 01:42:20 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2009-03-08 04:31:52 55,296 ----a-w c:\windows\system32\msfeedsbs.dll

- 2007-03-08 18:33:56 12,288 ----a-w c:\windows\system32\msfeedssync.exe

+ 2009-03-08 04:31:54 13,312 ----a-w c:\windows\system32\msfeedssync.exe

- 2007-12-07 01:42:21 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2009-03-08 04:41:16 5,937,152 ----a-w c:\windows\system32\mshtml.dll

- 2007-12-07 01:42:21 478,208 ----a-w c:\windows\system32\mshtmled.dll

+ 2009-03-08 04:31:26 66,560 ----a-w c:\windows\system32\mshtmled.dll

- 2007-12-07 01:42:21 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2009-03-08 04:34:18 193,536 ----a-w c:\windows\system32\msrating.dll

- 2007-12-07 01:42:21 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2009-03-08 04:32:04 611,840 ----a-w c:\windows\system32\mstime.dll

- 2007-10-14 22:17:40 24,576 ----a-w c:\windows\system32\nlsdl.dll

+ 2009-01-07 18:20:38 24,576 ----a-w c:\windows\system32\nlsdl.dll

- 2007-10-14 22:17:40 23,552 ----a-w c:\windows\system32\normaliz.dll

+ 2009-01-07 18:20:36 23,552 ----a-w c:\windows\system32\normaliz.dll

- 2007-12-07 01:42:21 102,912 ----a-w c:\windows\system32\occache.dll

+ 2009-03-08 04:34:18 109,568 ----a-w c:\windows\system32\occache.dll

- 2008-01-11 05:54:27 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2009-03-08 04:31:36 46,592 ----a-w c:\windows\system32\pngfilt.dll

+ 2001-08-23 17:47:16 5,632 ----a-w c:\windows\system32\ptpusb.dll

+ 2004-08-19 16:09:40 159,232 ----a-w c:\windows\system32\ptpusd.dll

- 2007-03-06 01:34:33 15,072 ------w c:\windows\system32\spmsg.dll

+ 2009-01-07 18:21:08 17,952 ------w c:\windows\system32\spmsg.dll

+ 2005-06-25 13:16:50 138,240 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL

+ 2005-06-25 13:16:52 480,256 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL

+ 2007-03-21 20:54:16 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL

+ 2007-03-21 20:54:16 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE

+ 2007-03-21 20:54:16 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE

- 2007-12-07 01:42:21 105,984 ----a-w c:\windows\system32\url.dll

+ 2009-03-08 04:34:28 105,984 ----a-w c:\windows\system32\url.dll

- 2007-12-07 01:42:22 1,162,752 ----a-w c:\windows\system32\urlmon.dll

+ 2009-03-08 04:34:56 1,206,784 ----a-w c:\windows\system32\urlmon.dll

- 2007-12-07 01:42:22 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2009-03-08 04:34:48 236,544 ----a-w c:\windows\system32\webcheck.dll

- 2006-10-17 11:05:58 206,336 ----a-w c:\windows\system32\winfxdocobj.exe

+ 2009-03-08 04:34:48 208,384 ----a-w c:\windows\system32\WinFXDocObj.exe

- 2007-10-14 22:17:43 121,856 ----a-w c:\windows\system32\xmllite.dll

+ 2009-01-07 18:21:04 121,856 ----a-w c:\windows\system32\xmllite.dll

- 2006-10-26 13:40:36 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2005-09-22 22:48:08 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

- 2006-10-26 13:40:36 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-22 22:48:08 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

- 2006-10-26 13:40:36 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2005-09-22 22:48:06 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2007-11-06 20:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-07 01:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 01:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-25 590848]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-01-17 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Touch Advertising^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

path=c:\documents and settings\Touch Advertising\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]

--------- 2004-05-17 05:34 360448 c:\windows\Samsung\ComSMMgr\SSMMgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

-ra------ 2005-05-26 03:01 49152 c:\windows\system32\SiSPower.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\aMSN\\bin\\wish.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

S3 SM_ml1600_FUService;ML-1610 Status Monitor Service;"c:\program files\Samsung ML-1610 Series\CommonSM\ssmsrvc /Service --> c:\program files\Samsung ML-1610 Series\CommonSM\ssmsrvc [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b65650-1cde-11dd-8e8b-00805a4fb57f}]

\Shell\AutoRun\command - E:\xlu8a8sy.exe

\Shell\explore\Command - E:\xlu8a8sy.exe

\Shell\open\Command - E:\xlu8a8sy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc5832a-1d0e-11de-8f8f-00805a4fb57f}]

\Shell\AutoRun\command - E:\0bcobed.exe

\Shell\open\Command - E:\0bcobed.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13e3691-c908-11dc-8e24-00805a4fb57f}]

\Shell\Auto\command - auto.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca0b10b8-74ea-11dd-8eda-00805a4fb57f}]

\Shell\AutoRun\command - lsass.exe

\Shell\open\Command - lsass.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d57e1dd4-e3b9-11dd-8f50-00805a4fb57f}]

\Shell\AutoRun\command - E:\2u.com

\Shell\explore\Command - E:\2u.com

\Shell\open\Command - E:\2u.com

.

Contenu du dossier 'Tâches planifiées'

 

2008-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-ares - c:\program files\Ares\Ares.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {75619C52-4189-4DA5-89A6-98507BA30F4C} = 212.217.0.1,212.217.0.12

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-08 12:17:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_ml1600_FUService]

"ImagePath"="\"c:\program files\Samsung ML-1610 Series\CommonSM\ssmsrvc /Service"

.

Heure de fin: 2009-04-08 12:18:51

ComboFix-quarantined-files.txt 2009-04-08 12:18:38

ComboFix2.txt 2009-03-06 15:59:35

ComboFix3.txt 2009-01-17 12:42:33

 

Avant-CF: 65 561 280 512 octets libres

Après-CF: 65,698,553,856 octets libres

 

422 --- E O F --- 2008-04-23 18:30:48

[pear]

Bonjour,

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

 

File::

C:\1ogf.exe

C:\cqxj.exe

C:\o3n9k.com

C:\0bcobed.exe

c:\windows\hpbj1200.hi2

C:\wx8o0bt1.com

c:\windows\system32\olhrwef.exe

E:\xlu8a8sy.exe

E:\0bcobed.exe

E:\2u.com

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdoosoft"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b65650-1cde-11dd-8e8b-00805a4fb57f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc5832a-1d0e-11de-8f8f-00805a4fb57f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d57e1dd4-e3b9-11dd-8f50-00805a4fb57f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13e3691-c908-11dc-8e24-00805a4fb57f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca0b10b8-74ea-11dd-8eda-00805a4fb57f}]

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite:

 

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

 

Téléchargez Hijackthis de TrendMicro.

 

* Décompressez le dans un dossier à la racine du disque dur

Mais jamais dans un dossier temporaire

 

Sous Vista,,il faut faire clic-droit >> "Exécuter en tant qu'Administrateur" sur Hijackthis.exe sinon HJT tourne mais ne fixe rien.

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Poster le rapport dans un nouveau message