Mon PC est infesté de vermine

[generaloberst]

Etant au travail, je n'ai pas mon PC sous la main mais je vous remercie encore pour l'aide précieuse.

Je m'attaque à la suite des opérations dès ce soir !

Bonne journée

[generaloberst]

Bonjour,

J'essaye d'appliquer les correctifs de Kaspersky mais les derniers morpions ne veulent pas lâcher prise

 

Rapport Kaspersky

 

Analyse complète: terminée le 14.07.2009 23:41:58 (événements : 6, objets : 129424, durée : 00:48:55)

14.07.2009 23:41:48 Détectés: http://www.viruslist.com/fr/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll

14.07.2009 23:41:48 Détectés: http://www.viruslist.com/fr/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll

14.07.2009 23:19:18 Détectés: http://www.viruslist.com/fr/advisories/32270 C:\I386\Flash.ocx

14.07.2009 23:30:26 Détectés: http://www.viruslist.com/fr/advisories/32991 C:\Program Files\VaudTax2008\jre\bin\eula.dll

14.07.2009 23:41:58 Fin de la tâche

14.07.2009 22:53:03 Lancement de la tâche

 

J'ai effectué le Combofix, voici le rapport

 

ComboFix 09-07-13.01 - ALEXIS 14.07.2009 22:21.2.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.642 [GMT 2:00]

Running from: c:\documents and settings\ALEXIS\Bureau\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Comodo Personal Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

 

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))

.

 

2009-07-14 17:32 . 2009-07-14 17:32 -------- d-----w- c:\program files\Java

2009-07-13 20:15 . 2009-07-13 20:15 -------- d-----w- c:\documents and settings\ALEXIS\Application Data\MSNInstaller

2009-07-13 07:40 . 2009-07-13 20:10 -------- d-----w- c:\documents and settings\ALEXIS\Local Settings\Application Data\Google

2009-07-13 07:30 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-07-12 19:54 . 2009-07-14 17:31 152576 ----a-w- c:\documents and settings\ALEXIS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-12 19:14 . 2009-07-14 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-07-12 19:14 . 2009-07-14 19:34 -------- d-----w- c:\program files\NOS

2009-07-12 17:45 . 2009-07-12 17:45 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-12 17:45 . 2009-07-12 17:45 -------- d-----w- c:\program files\MSBuild

2009-07-12 17:45 . 2009-07-12 17:45 -------- d-----w- c:\program files\Reference Assemblies

2009-07-12 17:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-07-12 17:45 . 2009-07-12 17:45 -------- dc----w- C:\d658d8b01071847aa6d60cccd0c61a

2009-07-12 17:45 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-07-12 17:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-07-12 17:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-07-12 17:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-07-12 17:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-07-12 17:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-07-12 17:04 . 2009-07-12 17:04 -------- dcsh--w- c:\documents and settings\ALEXIS\IECompatCache

2009-07-12 17:04 . 2009-07-12 17:04 -------- dcsh--w- c:\documents and settings\ALEXIS\PrivacIE

2009-07-12 16:59 . 2009-07-12 16:59 -------- dcsh--w- c:\documents and settings\ALEXIS\IETldCache

2009-07-12 16:53 . 2009-07-12 16:53 -------- d--h--w- c:\windows\msdownld.tmp

2009-07-12 16:53 . 2009-07-12 16:53 -------- d-----w- c:\windows\ie8updates

2009-07-12 16:51 . 2009-07-12 16:52 -------- dc-h--w- c:\windows\ie8

2009-07-12 16:41 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-07-12 16:41 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-07-12 16:41 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\program files\Bonjour

2009-07-12 15:51 . 2009-07-12 15:51 -------- d-----w- c:\program files\Apple Software Update

2009-07-11 09:52 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys

2009-07-11 09:35 . 2009-07-11 09:35 -------- d-----w- c:\documents and settings\ALEXIS\Application Data\Malwarebytes

2009-07-11 09:35 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-11 09:35 . 2009-07-11 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-11 09:34 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-11 09:34 . 2009-07-11 09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-10 21:36 . 2009-07-10 21:36 812344 ----a-w- c:\program files\HJTInstall.exe

2009-07-10 21:34 . 2009-07-10 21:34 -------- d-----w- c:\program files\Trend Micro

2009-07-10 20:46 . 2009-07-13 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-07 20:02 . 2009-07-07 20:08 126318 ----a-w- c:\windows\hpqins00.dat

2009-07-04 14:51 . 2009-07-04 14:52 -------- d-----w- c:\documents and settings\ALEXIS\Application Data\Nero

2009-07-04 08:12 . 2009-07-05 20:24 -------- d-----w- c:\program files\Nero

2009-07-04 08:11 . 2009-07-05 20:48 -------- d-----w- c:\program files\Fichiers communs\Nero

2009-07-04 08:11 . 2009-07-05 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-06-16 14:40 . 2009-06-16 14:40 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2009-06-16 14:40 . 2009-06-16 14:40 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-14 20:14 . 2007-10-16 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-07-14 20:11 . 2007-10-16 17:54 95084 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-14 20:11 . 2007-10-16 17:54 252524 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-14 20:11 . 2007-10-16 17:54 18774816 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-14 20:11 . 2007-10-16 17:54 1002784 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-14 20:11 . 2005-01-21 09:13 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.dat

2009-07-14 20:11 . 2005-01-21 09:13 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.dat

2009-07-14 17:32 . 2008-12-26 07:26 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-13 20:53 . 2009-07-13 20:53 0 ----a-w- c:\windows\system32\RENAE.tmp

2009-07-13 20:53 . 2009-07-13 20:53 0 ----a-w- c:\windows\system32\RENAD.tmp

2009-07-13 20:45 . 2005-01-28 15:03 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-07-13 20:30 . 2005-01-28 09:04 58392 ----a-w- c:\documents and settings\ALEXIS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-13 20:24 . 2007-11-23 18:16 36864 -c--a-w- c:\documents and settings\ALEXIS\timeseal.exe

2009-07-13 20:22 . 2005-01-29 23:06 -------- d-----w- c:\documents and settings\ALEXIS\Application Data\Lavasoft

2009-07-13 20:13 . 2005-01-29 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-13 20:08 . 2005-01-21 09:04 80948 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-13 20:08 . 2005-01-21 09:04 502484 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-12 17:08 . 2007-09-24 12:54 -------- d-----w- c:\documents and settings\ALEXIS\Application Data\HPAppData

2009-07-12 17:08 . 2007-09-24 12:49 -------- d-----w- c:\program files\HP

2009-07-12 14:43 . 2005-01-28 10:12 -------- d-----w- c:\program files\Downloads

2009-07-05 20:32 . 2005-01-28 15:56 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2009-07-05 20:25 . 2005-01-21 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-11 18:26 . 2009-06-11 18:26 -------- dc----w- c:\documents and settings\al\Application Data\HPAppData

2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll

2009-05-20 19:51 . 2007-10-16 17:54 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-20 19:51 . 2007-10-16 17:54 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-18 04:27 . 2009-05-18 04:27 -------- dc----w- c:\documents and settings\EMA\Application Data\HPAppData

2009-05-13 05:04 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll

2009-04-27 14:49 . 2009-05-17 21:06 4969808 ----a-w- c:\documents and settings\ALEXIS\Application Data\TomTom\HOME\Profiles\npp7zrsv.default\extensions\Navcore.8.350.9980@tomtom.com\8-350-9980-1.dll

2009-04-19 19:50 . 2004-08-05 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2005-11-13 10:50 . 2005-11-13 10:50 56 --sh--r- c:\windows\SYSTEM32\D525BC1756.sys

2005-11-13 10:50 . 2005-11-13 10:50 1682 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-14_19.46.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 20:13 . 2009-07-14 20:13 16384 c:\windows\Temp\Perflib_Perfdata_300.dat

+ 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-06 206088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]

"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2004-03-11 28672]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Bluewin(Router)\\Wizard\\NetAgentBW.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\klbg.sys [29.01.2008 18:29 33808]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [30.04.2008 18:06 24592]

S3 jgameenp;jgameenp;\??\c:\docume~1\ALEXIS\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\ALEXIS\LOCALS~1\Temp\jgameenp.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.lematin.ch/

uInternet Connection Wizard,ShellNext = hxxp://fr.mcafee.com/apps/vso/fr/vso9/default.asp?affid=105-31&dtag=cjdmg1j

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-14 22:26

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3304)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-07-14 22:29

ComboFix-quarantined-files.txt 2009-07-14 20:29

ComboFix2.txt 2009-07-14 19:51

 

Pre-Run: 197'870'284'800 octets libres

Post-Run: 197'849'190'400 octets libres

 

188 --- E O F --- 2009-07-14 18:06

 

 

Merci d'avance !!!

[pear]

Bonjour,

 

Je ne crois pas que ce soit grave.

Une prochaine mise à jour de Windows où un passage par Windows Update pour installer les correctifs manquant devrait régler le problème.

 

Pour supprimer Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur

OK.

Supprimez C:\qoobox si vous le trouvez

 

Vous avez Mbam, largement supérieur à Spybot.

Je vous conseille de vous débarrasser de Spybot: le teatimer et la vaccination ne servant qu'à ralentir la machine et ne protègent guère.

J'ai la même proposition pour Spyware Doctor.

Il n'est pas bien d'avoir plusieurs parapluies:un bon suffit.

Modifié le 15 juillet 2009 par pear

[generaloberst]

Bonsoir,

En tout cas merci pour tous les précieux conseils.

Je ne suis pas encore tiré d'affaire car malgré un download massif de mise à jour d'éléments de sécurité, je n'arrive toujours pas à me débarasser des 3 dernières bêbêtes qui incrustent mon PC

Je vais persévérer ces prochains jours et je vous tiendrai au courant du résultat.

Merci encore