Résolu - virus pc antispyware

[cocof]

voila le rapport,

je l'ai p'tre aps encore dit, merci Falkra. (meme si c'est p'tre pas encore fini!)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:07:24, on 15/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\System Control Manager\edd.exe

C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\system32\V0230Mon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\braviax.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Hamon\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wscntfy.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe

O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.de/ips-opdat...ects/jordan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{271FC085-DC3E-4EF0-A05D-8E9FD2356848}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: cru629.dat

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8174 bytes

[cocof]

il s fait tard, j'espère avoir le suite demain !

bonne nuit Falra !

[cocof]

bonjour,

me revoila, il semble tjs y avoir le meme pb

j'attend de vos nouvelles,

ce matin je n'arive pas a exécuter HijackThis !

[cocof]

je continu sur mon topic (sorry appolo)

je reprend donc, j'ai réussi a avoir un scan et un rapport avec Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:03:15, on 15/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\System Control Manager\edd.exe

C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\system32\V0230Mon.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\braviax.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\o2flash.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Hamon\Bureau\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe

O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide

O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.de/ips-opdat...ects/jordan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{271FC085-DC3E-4EF0-A05D-8E9FD2356848}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: cru629.dat

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8034 bytes

[Falkra]

Ce n'est pas fini.

On va être plus agressifs.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Renomme en svchost.exe
  
• Double-clique svchost.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[cocof]

bonjour Falkra

svchost ne ma pas demandé d'installer la console de récupération, et a scanné desuite mon pc,

voici son rapport :

ComboFix 09-08-10.06 - Hamon 15/08/2009 14:18.4.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.959.335 [GMT 2:00]

Running from: c:\documents and settings\Hamon\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Hamon\Local Settings\Temporary Internet Files\jaquromuqu.scr

c:\documents and settings\Hamon\Local Settings\Temporary Internet Files\mosopulu.com

c:\documents and settings\Hamon\Local Settings\Temporary Internet Files\yrydikeby.dll

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\efyvymit._sy

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ilihowu.db

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\jijary.dat

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\kujytob.com

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\nycuqupax.ban

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ozysi.bin

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\sunexexun.dat

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\braviax.exe

c:\windows\system32\braviax.exe

 

.

((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))

.

 

2009-08-15 08:41 . 2009-08-15 08:42 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe

2009-08-15 08:28 . 2009-08-15 08:28 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache

2009-08-14 22:07 . 2009-08-14 22:07 19402 ----a-w- c:\documents and settings\All Users\Application Data\vurubod.bat

2009-08-14 22:07 . 2009-08-14 22:07 17443 ----a-w- c:\windows\edyhedubyr.dat

2009-08-14 22:07 . 2009-08-14 22:07 19176 ----a-w- c:\windows\tywa.reg

2009-08-14 22:07 . 2009-08-14 22:07 19119 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\dyti.bat

2009-08-14 22:07 . 2009-08-14 22:07 18790 ----a-w- c:\windows\lahymyb.com

2009-08-14 22:07 . 2009-08-14 22:07 18019 ----a-w- c:\windows\fylis.com

2009-08-14 22:07 . 2009-08-14 22:07 14712 ----a-w- c:\documents and settings\All Users\Application Data\lovoqujid.bat

2009-08-14 22:07 . 2009-08-14 22:07 14227 ----a-w- c:\windows\aruxok.sys

2009-08-14 22:07 . 2009-08-14 22:07 12896 ----a-w- c:\windows\uzivafiki.pif

2009-08-14 22:07 . 2009-08-14 22:07 12259 ----a-w- c:\program files\Fichiers communs\pebusyq.reg

2009-08-14 22:07 . 2009-08-14 22:07 11520 ----a-w- c:\documents and settings\All Users\Application Data\lamolidi.pif

2009-08-14 22:07 . 2009-08-14 22:07 11088 ----a-w- c:\documents and settings\All Users\Application Data\olupixaxa.bat

2009-08-14 20:45 . 2009-08-14 20:45 15395 ----a-w- c:\windows\rivyjybov.pif

2009-08-14 20:45 . 2009-08-14 20:45 10119 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\ebutyd.bin

2009-08-14 20:45 . 2009-08-14 20:45 10451 ----a-w- c:\windows\oramoxunak.pif

2009-08-14 20:45 . 2009-08-14 20:45 17878 ----a-w- c:\windows\karabo.dll

2009-08-14 20:45 . 2009-08-14 20:45 11676 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\laqy.dat

2009-08-14 20:45 . 2009-08-14 20:45 10089 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\pekobo.com

2009-08-14 20:45 . 2009-08-14 20:45 16580 ----a-w- c:\windows\sasaqejivo.pif

2009-08-14 20:45 . 2009-08-14 20:45 13905 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\uxihufo.scr

2009-08-14 20:45 . 2009-08-14 20:45 13866 ----a-w- c:\windows\yzat.dat

2009-08-14 20:45 . 2009-08-14 20:45 13190 ----a-w- c:\documents and settings\All Users\Application Data\oduty.sys

2009-08-14 20:45 . 2009-08-14 20:45 12334 ----a-w- c:\windows\system32\udubakameb.reg

2009-08-14 20:45 . 2009-08-14 20:45 11279 ----a-w- c:\documents and settings\Hamon\Application Data\sojymyl.exe

2009-08-14 20:45 . 2009-08-14 20:45 10227 ----a-w- c:\documents and settings\Hamon\Application Data\anis.pif

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\Hamon\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 19:02 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 20:03 . 2009-08-12 20:03 17435 ----a-w- c:\program files\Fichiers communs\faqavy.pif

2009-08-12 20:03 . 2009-08-12 20:03 13346 ----a-w- c:\windows\system32\wohupofute.com

2009-08-12 20:03 . 2009-08-12 20:03 13342 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\gucaguw.dat

2009-08-12 20:03 . 2009-08-12 20:03 12402 ----a-w- c:\windows\kohurolafu.sys

2009-08-12 20:03 . 2009-08-12 20:03 18608 ----a-w- c:\windows\system32\ejoz.bat

2009-08-12 20:03 . 2009-08-12 20:03 18458 ----a-w- c:\program files\Fichiers communs\helajo.dat

2009-08-12 20:03 . 2009-08-12 20:03 18179 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\afewuzyky.bin

2009-08-12 20:03 . 2009-08-12 20:03 17020 ----a-w- c:\windows\system32\gusebery.scr

2009-08-12 20:03 . 2009-08-12 20:03 15723 ----a-w- c:\windows\utuzyxoha.sys

2009-08-12 20:03 . 2009-08-12 20:03 15282 ----a-w- c:\windows\system32\umiju.exe

2009-08-12 20:03 . 2009-08-12 20:03 13140 ----a-w- c:\documents and settings\All Users\Application Data\jogebokuda.pif

2009-08-12 20:03 . 2009-08-12 20:03 11478 ----a-w- c:\documents and settings\All Users\Application Data\jakedema.com

2009-08-12 19:43 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-12 19:43 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-12 19:43 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-12 19:43 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\program files\Avira

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\program files\MSBuild

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- c:\program files\Reference Assemblies

2009-08-12 19:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-12 19:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- C:\533ba9ab9ad8c060f04dd61c

2009-08-12 19:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-12 19:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-12 19:31 . 2009-08-12 19:56 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-12 19:18 . 2009-08-12 19:18 18901 ----a-w- c:\documents and settings\Hamon\Application Data\uvat.scr

2009-08-12 19:18 . 2009-08-12 19:18 16412 ----a-w- c:\windows\esudywi.scr

2009-08-12 19:18 . 2009-08-12 19:18 15973 ----a-w- c:\documents and settings\Hamon\Application Data\xumeqe.scr

2009-08-12 19:18 . 2009-08-12 19:18 15534 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\dosupegu.pif

2009-08-12 19:18 . 2009-08-12 19:18 14145 ----a-w- c:\windows\duqot.scr

2009-08-12 19:18 . 2009-08-12 19:18 13247 ----a-w- c:\documents and settings\Hamon\Application Data\tenoqipul.sys

2009-08-12 19:18 . 2009-08-12 19:18 11387 ----a-w- c:\documents and settings\Hamon\Local Settings\Application Data\ulej.bin

2009-08-12 19:18 . 2009-08-12 19:18 10426 ----a-w- c:\windows\ywececyr.pif

2009-08-12 18:50 . 2009-08-12 18:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-12 18:31 . 2009-08-12 18:31 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys

2009-08-12 18:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 17:23 . 2009-08-05 17:23 152576 ----a-w- c:\documents and settings\Hamon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 12:17 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\DNA

2009-08-15 12:15 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\BitTorrent

2009-08-15 09:57 . 2008-07-06 20:39 -------- d-----w- c:\program files\DNA

2009-08-14 22:07 . 2009-08-14 22:07 18107 ----a-w- c:\documents and settings\LocalService\Application Data\zidi.reg

2009-08-14 22:07 . 2009-08-14 22:07 15067 ----a-w- c:\documents and settings\LocalService\Application Data\ypupu.reg

2009-08-14 20:45 . 2009-08-14 20:45 10974 ----a-w- c:\documents and settings\All Users\Application Data\awuzuk.dat

2009-08-14 20:45 . 2009-08-14 20:45 18172 ----a-w- c:\documents and settings\All Users\Application Data\acameqyv.vbs

2009-08-14 20:45 . 2009-08-14 20:45 15624 ----a-w- c:\documents and settings\Hamon\Application Data\ulibil.bin

2009-08-14 20:45 . 2009-08-14 20:45 15190 ----a-w- c:\program files\Fichiers communs\redub.db

2009-08-14 20:41 . 2006-09-26 11:43 95792 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 19:07 . 2008-07-06 21:06 -------- d-----w- c:\program files\iWizz

2009-08-12 20:03 . 2009-08-12 20:03 11579 ----a-w- c:\documents and settings\Hamon\Application Data\voxyreguhu.dat

2009-08-12 20:03 . 2009-08-12 20:03 17064 ----a-w- c:\documents and settings\Hamon\Application Data\iroryz.bin

2009-08-12 20:03 . 2009-08-12 20:03 15646 ----a-w- c:\program files\Fichiers communs\yxosogyge.db

2009-08-12 20:03 . 2009-08-12 20:03 13697 ----a-w- c:\documents and settings\Hamon\Application Data\meqaty.reg

2009-08-12 20:03 . 2009-08-12 20:03 11117 ----a-w- c:\documents and settings\Hamon\Application Data\aqyzigamow.reg

2009-08-12 19:37 . 2006-09-26 11:18 85842 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-12 19:37 . 2006-09-26 11:18 513736 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-12 19:18 . 2009-08-12 19:18 16469 ----a-w- c:\documents and settings\Hamon\Application Data\ukuxywewym.dat

2009-08-12 19:18 . 2009-08-12 19:18 15461 ----a-w- c:\documents and settings\All Users\Application Data\inekadyci.bin

2009-08-12 19:18 . 2009-08-12 19:18 12558 ----a-w- c:\documents and settings\All Users\Application Data\yvaweh.vbs

2009-08-12 19:18 . 2009-08-12 19:18 11838 ----a-w- c:\documents and settings\Hamon\Application Data\asyruf.reg

2009-08-12 19:18 . 2009-08-12 19:18 11166 ----a-w- c:\documents and settings\Hamon\Application Data\iquwami.reg

2009-08-12 18:31 . 2006-09-26 11:17 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-05 17:24 . 2007-11-25 11:02 -------- d-----w- c:\program files\Java

2009-08-05 09:00 . 2006-09-26 11:17 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2008-12-07 13:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2009-07-17 19:03 58880 ----a-w- c:\windows\system32\SET1C.tmp

2009-07-17 19:03 . 2006-09-26 11:17 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2006-09-26 11:18 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-07 09:52 . 2009-07-07 09:50 -------- d-----w- c:\program files\Photocopier

2009-07-03 16:57 . 2006-09-26 11:18 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:26 . 2006-09-26 11:18 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2006-09-26 11:18 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2006-09-26 11:18 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2006-09-26 11:17 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2006-09-26 11:17 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2006-09-26 11:17 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2006-09-26 11:17 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2006-09-26 11:18 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2006-09-26 11:17 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2006-09-26 11:18 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2006-09-26 11:18 82944 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2006-09-26 11:17 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2006-09-26 09:30 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2006-09-26 11:18 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2006-09-26 11:18 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

------- Sigcheck -------

 

[7] 2004-08-10 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-10 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-10 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-12 18:31 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-12 18:31 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

 

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-11-29 2052189]

"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-05-11 173056]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 1126400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]

"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-09-09 88203]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-13 110592]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk

backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

"c:\\Program Files\\UUSee\\UUSeePlayer.exe"=

"c:\\Program Files\\TVAnts\\Tvants.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 09:00 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 10:01 29056]

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [10/11/2004 11:30 138801]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [10/11/2004 11:49 46800]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 21:43 108289]

R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [26/09/2006 12:55 40960]

R3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [26/09/2005 06:38 14080]

R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [26/09/2006 12:55 20128]

S1 EPPSCSIx;EPPSCSIx;c:\windows\system32\drivers\Eppscsi.sys [07/07/2009 11:40 47148]

S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.9.19.0;c:\windows\system32\drivers\BDA_Loader_220.sys [26/09/2005 06:38 15616]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [29/02/2008 17:12 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [29/02/2008 17:12 498464]

S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

Trusted Zone: neuf.fr\vod

TCP: {271FC085-DC3E-4EF0-A05D-8E9FD2356848} = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\Hamon\Application Data\Mozilla\Firefox\Profiles\qybfn4p9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Neuf\TV_PC\VLC\npvlc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 14:23

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c6,16,8b,1c,36,

2e,ae,8d,e2,63,26,f1,3f,c8,ff,68,ee,df,29,2d,0b,3d,04,4e,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8e,2b,d6,e7,98,

66,f3,8f,6a,9c,d6,61,af,45,84,18,5d,b8,d1,ea,aa,2d,8a,88,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,88,dc,49,61,0c,

63,43,d8,ff,7c,85,e0,43,d4,0e,fe,98,9e,d3,4f,20,5d,96,c7,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,8c,40,bc,a6,a3,

28,dc,49,86,8c,21,01,be,91,eb,e7,60,3c,fc,a6,44,02,45,90,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c6,54,f3,3e,77,

d7,0c,ac,f5,1d,4d,73,a8,13,5c,05,97,c6,33,93,fc,ae,e5,92,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,17,f2,44,46,d5,

80,bb,21,df,20,58,62,78,6b,cf,c8,74,12,13,42,c1,c6,7d,17,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,61,41,cd,1b,65,

ac,11,bc,fb,a7,78,e6,12,2f,9a,ea,95,9e,29,16,21,e5,ae,ac,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,1a,82,bd,3c,09,

ec,9e,22,01,3a,48,fc,e8,04,4a,f1,cc,33,bb,5e,54,a7,b5,96,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,87,e4,68,c9,8e,

b4,ed,d9,f6,0f,4e,58,98,5b,89,c9,2e,5b,79,cf,de,ef,42,49,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,02,96,9c,d6,a7,

d8,dd,ab,3d,ce,ea,26,2d,45,aa,78,54,9e,99,45,f7,af,5c,f9,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,f7,f5,8b,45,64,

94,70,4a,2a,b7,cc,b5,b9,7f,41,e7,8e,cc,d8,1c,44,68,03,37,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2e,d5,f1,53,db,

41,09,53,6c,43,2d,1e,aa,22,2f,9c,10,ce,34,07,90,28,4c,b5,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Completion time: 2009-08-15 14:25

ComboFix-quarantined-files.txt 2009-08-15 12:25

ComboFix2.txt 2009-08-14 20:39

 

Pre-Run: 13 021 429 760 octets libres

Post-Run: 12 972 576 768 octets libres

 

335 --- E O F --- 2009-08-15 07:11

[Falkra]

Il y a une grosse bête, mais elle va en prendre plein les dents.

 

C'est la mouise, fichiers système patchés, etc... mais ça se règle, j'en ai déjà eu quelques uns comme ça.

 

Suis bien les instructions ci dessous, dans l'ordre et tout et tout. Important : manips risquées.

 

1) Télécharge le fichier repar.zip ici :

http://senduit.com/d8ebbe

 

Télécharge le fichier CFscript.txt ici :

http://senduit.com/6488cc

 

2) Dézippe le fichier repar.zip (de préférence dans un dossier) il contient deux fichiers système à réparer et un fichier repar.bat.

Double clique sur le fichier repar.bat : il doit t'afficher deux copies de fichiers, et ensuite demander d'appuyer sur une touche. Ca doit marquer deux fois "1 fichier(s) copié(s)"

 

3) Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

• 
  
• Place-le fichier CFscript sur le bureau, près de l'icône de combofix (svchost).
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier svchost.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

@ toute

[cocof]

merci, voici le rapport :

ComboFix 09-08-10.06 - Hamon 15/08/2009 15:04.5.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.959.407 [GMT 2:00]

Running from: c:\documents and settings\Hamon\Bureau\ComboFix.exe

Command switches used :: c:\documents and settings\Hamon\Bureau\CFscript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\documents and settings\All Users\Application Data\acameqyv.vbs"

"c:\documents and settings\All Users\Application Data\awuzuk.dat"

"c:\documents and settings\All Users\Application Data\inekadyci.bin"

"c:\documents and settings\All Users\Application Data\jakedema.com"

"c:\documents and settings\All Users\Application Data\jogebokuda.pif"

"c:\documents and settings\All Users\Application Data\lamolidi.pif"

"c:\documents and settings\All Users\Application Data\lovoqujid.bat"

"c:\documents and settings\All Users\Application Data\oduty.sys"

"c:\documents and settings\All Users\Application Data\olupixaxa.bat"

"c:\documents and settings\All Users\Application Data\vurubod.bat"

"c:\documents and settings\All Users\Application Data\yvaweh.vbs"

"c:\documents and settings\Hamon\Application Data\anis.pif"

"c:\documents and settings\Hamon\Application Data\aqyzigamow.reg"

"c:\documents and settings\Hamon\Application Data\asyruf.reg"

"c:\documents and settings\Hamon\Application Data\iquwami.reg"

"c:\documents and settings\Hamon\Application Data\iroryz.bin"

"c:\documents and settings\Hamon\Application Data\meqaty.reg"

"c:\documents and settings\Hamon\Application Data\sojymyl.exe"

"c:\documents and settings\Hamon\Application Data\tenoqipul.sys"

"c:\documents and settings\Hamon\Application Data\ukuxywewym.dat"

"c:\documents and settings\Hamon\Application Data\uvat.scr"

"c:\documents and settings\Hamon\Application Data\voxyreguhu.dat"

"c:\documents and settings\Hamon\Application Data\xumeqe.scr"

"c:\documents and settings\Hamon\Local Settings\Application Data\afewuzyky.bin"

"c:\documents and settings\Hamon\Local Settings\Application Data\dosupegu.pif"

"c:\documents and settings\Hamon\Local Settings\Application Data\ebutyd.bin"

"c:\documents and settings\Hamon\Local Settings\Application Data\gucaguw.dat"

"c:\documents and settings\Hamon\Local Settings\Application Data\laqy.dat"

"c:\documents and settings\Hamon\Local Settings\Application Data\pekobo.com"

"c:\documents and settings\Hamon\Local Settings\Application Data\ulej.bin"

"c:\documents and settings\Hamon\Local Settings\Application Data\uxihufo.scr"

"c:\documents and settings\LocalService\Application Data\ypupu.reg"

"c:\documents and settings\LocalService\Application Data\zidi.reg"

"c:\documents and settings\LocalService\Local Settings\Application Data\dyti.bat"

"c:\program files\Fichiers communs\faqavy.pif"

"c:\program files\Fichiers communs\helajo.dat"

"c:\program files\Fichiers communs\pebusyq.reg"

"c:\program files\Fichiers communs\yxosogyge.db"

"c:\windows\aruxok.sys"

"c:\windows\duqot.scr"

"c:\windows\edyhedubyr.dat"

"c:\windows\esudywi.scr"

"c:\windows\fylis.com"

"c:\windows\karabo.dll"

"c:\windows\kohurolafu.sys"

"c:\windows\lahymyb.com"

"c:\windows\oramoxunak.pif"

"c:\windows\rivyjybov.pif"

"c:\windows\sasaqejivo.pif"

"c:\windows\system32\ejoz.bat"

"c:\windows\system32\gusebery.scr"

"c:\windows\system32\SET1C.tmp"

"c:\windows\system32\udubakameb.reg"

"c:\windows\system32\umiju.exe"

"c:\windows\system32\wohupofute.com"

"c:\windows\tywa.reg"

"c:\windows\utuzyxoha.sys"

"c:\windows\uzivafiki.pif"

"c:\windows\ywececyr.pif"

"c:\windows\yzat.dat"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\acameqyv.vbs

c:\documents and settings\All Users\Application Data\awuzuk.dat

c:\documents and settings\All Users\Application Data\inekadyci.bin

c:\documents and settings\All Users\Application Data\jakedema.com

c:\documents and settings\All Users\Application Data\jogebokuda.pif

c:\documents and settings\All Users\Application Data\lamolidi.pif

c:\documents and settings\All Users\Application Data\lovoqujid.bat

c:\documents and settings\All Users\Application Data\oduty.sys

c:\documents and settings\All Users\Application Data\olupixaxa.bat

c:\documents and settings\All Users\Application Data\vurubod.bat

c:\documents and settings\All Users\Application Data\yvaweh.vbs

c:\documents and settings\Hamon\Application Data\anis.pif

c:\documents and settings\Hamon\Application Data\aqyzigamow.reg

c:\documents and settings\Hamon\Application Data\asyruf.reg

c:\documents and settings\Hamon\Application Data\iquwami.reg

c:\documents and settings\Hamon\Application Data\iroryz.bin

c:\documents and settings\Hamon\Application Data\meqaty.reg

c:\documents and settings\Hamon\Application Data\sojymyl.exe

c:\documents and settings\Hamon\Application Data\tenoqipul.sys

c:\documents and settings\Hamon\Application Data\ukuxywewym.dat

c:\documents and settings\Hamon\Application Data\uvat.scr

c:\documents and settings\Hamon\Application Data\voxyreguhu.dat

c:\documents and settings\Hamon\Application Data\xumeqe.scr

c:\documents and settings\Hamon\Local Settings\Application Data\afewuzyky.bin

c:\documents and settings\Hamon\Local Settings\Application Data\dosupegu.pif

c:\documents and settings\Hamon\Local Settings\Application Data\ebutyd.bin

c:\documents and settings\Hamon\Local Settings\Application Data\gucaguw.dat

c:\documents and settings\Hamon\Local Settings\Application Data\laqy.dat

c:\documents and settings\Hamon\Local Settings\Application Data\pekobo.com

c:\documents and settings\Hamon\Local Settings\Application Data\ulej.bin

c:\documents and settings\Hamon\Local Settings\Application Data\uxihufo.scr

c:\documents and settings\LocalService\Application Data\ypupu.reg

c:\documents and settings\LocalService\Application Data\zidi.reg

c:\documents and settings\LocalService\Local Settings\Application Data\dyti.bat

c:\program files\Fichiers communs\faqavy.pif

c:\program files\Fichiers communs\helajo.dat

c:\program files\Fichiers communs\pebusyq.reg

c:\program files\Fichiers communs\yxosogyge.db

c:\windows\aruxok.sys

c:\windows\duqot.scr

c:\windows\edyhedubyr.dat

c:\windows\esudywi.scr

c:\windows\fylis.com

c:\windows\karabo.dll

c:\windows\kohurolafu.sys

c:\windows\lahymyb.com

c:\windows\oramoxunak.pif

c:\windows\rivyjybov.pif

c:\windows\sasaqejivo.pif

c:\windows\system32\ejoz.bat

c:\windows\system32\gusebery.scr

c:\windows\system32\SET1C.tmp

c:\windows\system32\udubakameb.reg

c:\windows\system32\umiju.exe

c:\windows\system32\wohupofute.com

c:\windows\tywa.reg

c:\windows\utuzyxoha.sys

c:\windows\uzivafiki.pif

c:\windows\ywececyr.pif

c:\windows\yzat.dat

 

.

((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))

.

 

2009-08-15 13:02 . 2001-08-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 13:02 . 2001-08-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-15 08:41 . 2009-08-15 08:42 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe

2009-08-15 08:28 . 2009-08-15 08:28 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache

2009-08-14 20:42 . 2009-08-14 20:42 19961 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\uzymedare.scr

2009-08-14 20:42 . 2009-08-14 20:42 18699 ----a-w- c:\documents and settings\All Users\Application Data\pysyle.pif

2009-08-14 20:42 . 2009-08-14 20:42 18142 ----a-w- c:\windows\sarola.dll

2009-08-14 20:42 . 2009-08-14 20:42 17633 ----a-w- c:\windows\sibyduvatu.com

2009-08-14 20:42 . 2009-08-14 20:42 16538 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\yjoronude.dll

2009-08-14 20:42 . 2009-08-14 20:42 15974 ----a-w- c:\documents and settings\LocalService\Application Data\biqycu.pif

2009-08-14 20:42 . 2009-08-14 20:42 15928 ----a-w- c:\program files\Fichiers communs\axus.vbs

2009-08-14 20:42 . 2009-08-14 20:42 15366 ----a-w- c:\program files\Fichiers communs\yhase.scr

2009-08-14 20:42 . 2009-08-14 20:42 15293 ----a-w- c:\windows\lanopok.com

2009-08-14 20:42 . 2009-08-14 20:42 12902 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\cowoxym.reg

2009-08-14 20:42 . 2009-08-14 20:42 11993 ----a-w- c:\windows\system32\garuqypy.vbs

2009-08-14 20:42 . 2009-08-14 20:42 10617 ----a-w- c:\documents and settings\All Users\Application Data\adezepad.exe

2009-08-14 20:42 . 2009-08-14 20:42 -------- d-----w- C:\PC_Antispyware2010

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\Hamon\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 19:02 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 19:43 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-12 19:43 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-12 19:43 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-12 19:43 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\program files\Avira

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\program files\MSBuild

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- c:\program files\Reference Assemblies

2009-08-12 19:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-12 19:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- C:\533ba9ab9ad8c060f04dd61c

2009-08-12 19:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-12 19:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-12 19:31 . 2009-08-12 19:56 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-12 18:50 . 2009-08-12 18:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-12 18:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 17:23 . 2009-08-05 17:23 152576 ----a-w- c:\documents and settings\Hamon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 13:10 . 2008-07-06 20:39 -------- d-----w- c:\program files\DNA

2009-08-15 13:10 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\DNA

2009-08-15 12:15 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\BitTorrent

2009-08-14 20:45 . 2009-08-14 20:45 15624 ----a-w- c:\documents and settings\Hamon\Application Data\ulibil.bin

2009-08-14 20:45 . 2009-08-14 20:45 15190 ----a-w- c:\program files\Fichiers communs\redub.db

2009-08-14 20:41 . 2006-09-26 11:43 95792 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 19:07 . 2008-07-06 21:06 -------- d-----w- c:\program files\iWizz

2009-08-12 19:37 . 2006-09-26 11:18 85842 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-12 19:37 . 2006-09-26 11:18 513736 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-05 17:24 . 2007-11-25 11:02 -------- d-----w- c:\program files\Java

2009-08-05 09:00 . 2006-09-26 11:17 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2008-12-07 13:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2006-09-26 11:17 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2006-09-26 11:18 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-07 09:52 . 2009-07-07 09:50 -------- d-----w- c:\program files\Photocopier

2009-07-03 16:57 . 2006-09-26 11:18 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:26 . 2006-09-26 11:18 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2006-09-26 11:18 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2006-09-26 11:18 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2006-09-26 11:17 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2006-09-26 11:17 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2006-09-26 11:17 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2006-09-26 11:17 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2006-09-26 11:18 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2006-09-26 11:17 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2006-09-26 11:18 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2006-09-26 11:18 82944 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2006-09-26 11:17 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2006-09-26 09:30 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2006-09-26 11:18 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2006-09-26 11:18 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-15_12.23.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll

+ 2006-09-26 11:17 . 2008-04-13 11:15 574976 c:\windows\system32\drivers\ntfs.sys

+ 2006-09-26 11:17 . 2008-04-13 11:15 574976 c:\windows\system32\dllcache\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-11-29 2052189]

"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-05-11 173056]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 1126400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]

"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-09-09 88203]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-13 110592]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk

backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

"c:\\Program Files\\UUSee\\UUSeePlayer.exe"=

"c:\\Program Files\\TVAnts\\Tvants.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 09:00 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 10:01 29056]

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [10/11/2004 11:30 138801]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [10/11/2004 11:49 46800]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 21:43 108289]

R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [26/09/2006 12:55 40960]

R3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [26/09/2005 06:38 14080]

R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [26/09/2006 12:55 20128]

S1 EPPSCSIx;EPPSCSIx;c:\windows\system32\drivers\Eppscsi.sys [07/07/2009 11:40 47148]

S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.9.19.0;c:\windows\system32\drivers\BDA_Loader_220.sys [26/09/2005 06:38 15616]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [29/02/2008 17:12 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [29/02/2008 17:12 498464]

S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

Trusted Zone: neuf.fr\vod

TCP: {271FC085-DC3E-4EF0-A05D-8E9FD2356848} = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\Hamon\Application Data\Mozilla\Firefox\Profiles\qybfn4p9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Neuf\TV_PC\VLC\npvlc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 15:10

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c6,16,8b,1c,36,

2e,ae,8d,e2,63,26,f1,3f,c8,ff,68,ee,df,29,2d,0b,3d,04,4e,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8e,2b,d6,e7,98,

66,f3,8f,6a,9c,d6,61,af,45,84,18,5d,b8,d1,ea,aa,2d,8a,88,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,88,dc,49,61,0c,

63,43,d8,ff,7c,85,e0,43,d4,0e,fe,98,9e,d3,4f,20,5d,96,c7,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,8c,40,bc,a6,a3,

28,dc,49,86,8c,21,01,be,91,eb,e7,60,3c,fc,a6,44,02,45,90,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c6,54,f3,3e,77,

d7,0c,ac,f5,1d,4d,73,a8,13,5c,05,97,c6,33,93,fc,ae,e5,92,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,17,f2,44,46,d5,

80,bb,21,df,20,58,62,78,6b,cf,c8,74,12,13,42,c1,c6,7d,17,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,61,41,cd,1b,65,

ac,11,bc,fb,a7,78,e6,12,2f,9a,ea,95,9e,29,16,21,e5,ae,ac,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,1a,82,bd,3c,09,

ec,9e,22,01,3a,48,fc,e8,04,4a,f1,cc,33,bb,5e,54,a7,b5,96,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,87,e4,68,c9,8e,

b4,ed,d9,f6,0f,4e,58,98,5b,89,c9,2e,5b,79,cf,de,ef,42,49,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,02,96,9c,d6,a7,

d8,dd,ab,3d,ce,ea,26,2d,45,aa,78,54,9e,99,45,f7,af,5c,f9,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,f7,f5,8b,45,64,

94,70,4a,2a,b7,cc,b5,b9,7f,41,e7,8e,cc,d8,1c,44,68,03,37,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2e,d5,f1,53,db,

41,09,53,6c,43,2d,1e,aa,22,2f,9c,10,ce,34,07,90,28,4c,b5,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(1116)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\BRSVC01A.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\BRSS01A.EXE

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\windows\system32\CTSVCCDA.EXE

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\windows\system32\gearsec.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\o2flash.exe

c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe

c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wscntfy.exe

c:\program files\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Completion time: 2009-08-15 15:15 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-15 13:15

ComboFix2.txt 2009-08-15 12:25

ComboFix3.txt 2009-08-14 20:39

 

Pre-Run: 12 999 708 672 octets libres

Post-Run: 12 951 654 400 octets libres

 

424 --- E O F --- 2009-08-15 07:11

[Falkra]

C'est mieux, un gros boulot a été fait côté fichiers de windows (ouf). Tu as bien fait les manips, on a passé la phase difficile et risquée.

 

Mets à jour MalwareBytes, refais un scan, et nettoie avec, poste le rapport.

 

Juste après, sans redémarrer si MBAM te le demande, voici un nouveau script pour combofix (svchost) :

http://senduit.com/d7e72b

(CFscript2)

 

Même procédure.

 

@ toute, ça va mieux déjà, ne t'en fais pas.

[cocof]

voici le rapport de MBAM, je lance le 2eme script sur combofix

a toute !

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2630

Windows 5.1.2600 Service Pack 3

 

15/08/2009 15:30:27

mbam-log-2009-08-15 (15-30-27).txt

 

Type de recherche: Examen rapide

Eléments examinés: 99072

Temps écoulé: 6 minute(s), 34 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 4

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\Hamon\Bureau\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.