Résolu - virus pc antispyware

[Falkra]

Il va falloir restaurer combofix depuis l'onglet Quarantaine de MBAM :

C:\Documents and Settings\Hamon\Bureau\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[cocof]

voici le rapport de combofix (je l'avais retelechargé)

 

 

ComboFix 09-08-10.06 - Hamon 15/08/2009 15:34.6.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.959.463 [GMT 2:00]

Running from: c:\documents and settings\Hamon\Bureau\ComboFix.exe

Command switches used :: c:\documents and settings\Hamon\Bureau\CFscript2.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\documents and settings\All Users\Application Data\adezepad.exe"

"c:\documents and settings\All Users\Application Data\pysyle.pif"

"c:\documents and settings\LocalService\Application Data\biqycu.pif"

"c:\documents and settings\LocalService\Local Settings\Application Data\cowoxym.reg"

"c:\documents and settings\LocalService\Local Settings\Application Data\uzymedare.scr"

"c:\documents and settings\LocalService\Local Settings\Application Data\yjoronude.dll"

"c:\program files\Fichiers communs\axus.vbs"

"c:\program files\Fichiers communs\yhase.scr"

"c:\windows\lanopok.com"

"c:\windows\sarola.dll"

"c:\windows\sibyduvatu.com"

"c:\windows\system32\garuqypy.vbs"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\adezepad.exe

c:\documents and settings\All Users\Application Data\pysyle.pif

c:\documents and settings\LocalService\Application Data\biqycu.pif

c:\documents and settings\LocalService\Local Settings\Application Data\cowoxym.reg

c:\documents and settings\LocalService\Local Settings\Application Data\uzymedare.scr

c:\documents and settings\LocalService\Local Settings\Application Data\yjoronude.dll

C:\PC_Antispyware2010

c:\pc_antispyware2010\PC_Antispyware2010.lnk

c:\pc_antispyware2010\Uninstall.lnk

c:\program files\Fichiers communs\axus.vbs

c:\program files\Fichiers communs\yhase.scr

c:\windows\lanopok.com

c:\windows\sarola.dll

c:\windows\sibyduvatu.com

c:\windows\system32\Drivers\enlw.sys

c:\windows\system32\garuqypy.vbs

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_qlaxqr

 

 

((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))

.

 

2009-08-15 13:02 . 2001-08-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 13:02 . 2001-08-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-15 08:41 . 2009-08-15 08:42 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe

2009-08-15 08:28 . 2009-08-15 08:28 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\Hamon\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 19:02 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 19:43 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-12 19:43 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-12 19:43 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-12 19:43 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\program files\Avira

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\program files\MSBuild

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- c:\program files\Reference Assemblies

2009-08-12 19:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-12 19:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- C:\533ba9ab9ad8c060f04dd61c

2009-08-12 19:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-12 19:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-12 19:31 . 2009-08-12 19:56 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-12 18:50 . 2009-08-12 18:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-12 18:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 17:23 . 2009-08-05 17:23 152576 ----a-w- c:\documents and settings\Hamon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 13:41 . 2008-07-06 20:39 -------- d-----w- c:\program files\DNA

2009-08-15 13:41 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\DNA

2009-08-15 12:15 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\BitTorrent

2009-08-14 20:45 . 2009-08-14 20:45 15624 ----a-w- c:\documents and settings\Hamon\Application Data\ulibil.bin

2009-08-14 20:45 . 2009-08-14 20:45 15190 ----a-w- c:\program files\Fichiers communs\redub.db

2009-08-14 20:41 . 2006-09-26 11:43 95792 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 19:07 . 2008-07-06 21:06 -------- d-----w- c:\program files\iWizz

2009-08-12 19:37 . 2006-09-26 11:18 85842 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-12 19:37 . 2006-09-26 11:18 513736 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-05 17:24 . 2007-11-25 11:02 -------- d-----w- c:\program files\Java

2009-08-05 09:00 . 2006-09-26 11:17 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2008-12-07 13:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2006-09-26 11:17 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2006-09-26 11:18 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-07 09:52 . 2009-07-07 09:50 -------- d-----w- c:\program files\Photocopier

2009-07-03 16:57 . 2006-09-26 11:18 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:26 . 2006-09-26 11:18 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2006-09-26 11:18 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2006-09-26 11:18 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2006-09-26 11:17 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2006-09-26 11:17 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2006-09-26 11:17 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2006-09-26 11:17 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2006-09-26 11:18 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2006-09-26 11:17 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2006-09-26 11:18 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2006-09-26 11:18 82944 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2006-09-26 11:17 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2006-09-26 09:30 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2006-09-26 11:18 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2006-09-26 11:18 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-15_12.23.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll

+ 2009-08-15 13:38 . 2009-08-15 13:38 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

+ 2009-08-15 13:38 . 2009-08-15 13:38 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2006-09-26 11:17 . 2008-04-13 11:15 574976 c:\windows\system32\drivers\ntfs.sys

+ 2006-09-26 11:17 . 2008-04-13 11:15 574976 c:\windows\system32\dllcache\ntfs.sys

+ 2009-08-15 13:38 . 2009-08-15 13:38 249856 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-15 13:38 . 2009-08-15 13:38 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

+ 2009-08-15 13:38 . 2009-08-15 13:38 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

+ 2009-08-15 13:38 . 2009-08-15 13:38 5619712 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-11-29 2052189]

"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-05-11 173056]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 1126400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]

"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-09-09 88203]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-13 110592]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk

backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

"c:\\Program Files\\UUSee\\UUSeePlayer.exe"=

"c:\\Program Files\\TVAnts\\Tvants.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 09:00 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 10:01 29056]

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [10/11/2004 11:30 138801]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [10/11/2004 11:49 46800]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 21:43 108289]

R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [26/09/2006 12:55 40960]

R3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [26/09/2005 06:38 14080]

R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [26/09/2006 12:55 20128]

S1 EPPSCSIx;EPPSCSIx;c:\windows\system32\drivers\Eppscsi.sys [07/07/2009 11:40 47148]

S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.9.19.0;c:\windows\system32\drivers\BDA_Loader_220.sys [26/09/2005 06:38 15616]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [29/02/2008 17:12 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [29/02/2008 17:12 498464]

S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

Trusted Zone: neuf.fr\vod

TCP: {271FC085-DC3E-4EF0-A05D-8E9FD2356848} = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\Hamon\Application Data\Mozilla\Firefox\Profiles\qybfn4p9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Neuf\TV_PC\VLC\npvlc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 15:41

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c6,16,8b,1c,36,

2e,ae,8d,e2,63,26,f1,3f,c8,ff,68,ee,df,29,2d,0b,3d,04,4e,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8e,2b,d6,e7,98,

66,f3,8f,6a,9c,d6,61,af,45,84,18,5d,b8,d1,ea,aa,2d,8a,88,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,88,dc,49,61,0c,

63,43,d8,ff,7c,85,e0,43,d4,0e,fe,98,9e,d3,4f,20,5d,96,c7,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,8c,40,bc,a6,a3,

28,dc,49,86,8c,21,01,be,91,eb,e7,60,3c,fc,a6,44,02,45,90,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c6,54,f3,3e,77,

d7,0c,ac,f5,1d,4d,73,a8,13,5c,05,97,c6,33,93,fc,ae,e5,92,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,17,f2,44,46,d5,

80,bb,21,df,20,58,62,78,6b,cf,c8,74,12,13,42,c1,c6,7d,17,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,61,41,cd,1b,65,

ac,11,bc,fb,a7,78,e6,12,2f,9a,ea,95,9e,29,16,21,e5,ae,ac,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,1a,82,bd,3c,09,

ec,9e,22,01,3a,48,fc,e8,04,4a,f1,cc,33,bb,5e,54,a7,b5,96,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,87,e4,68,c9,8e,

b4,ed,d9,f6,0f,4e,58,98,5b,89,c9,2e,5b,79,cf,de,ef,42,49,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,02,96,9c,d6,a7,

d8,dd,ab,3d,ce,ea,26,2d,45,aa,78,54,9e,99,45,f7,af,5c,f9,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,f7,f5,8b,45,64,

94,70,4a,2a,b7,cc,b5,b9,7f,41,e7,8e,cc,d8,1c,44,68,03,37,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2e,d5,f1,53,db,

41,09,53,6c,43,2d,1e,aa,22,2f,9c,10,ce,34,07,90,28,4c,b5,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3604)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\BRSVC01A.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\windows\system32\BRSS01A.EXE

c:\windows\system32\CTSVCCDA.EXE

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\windows\system32\gearsec.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\o2flash.exe

c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe

c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-08-15 15:45 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-15 13:45

ComboFix2.txt 2009-08-15 12:25

ComboFix3.txt 2009-08-14 20:39

 

Pre-Run: 12 974 993 408 octets libres

Post-Run: 12 820 414 464 octets libres

 

324 --- E O F --- 2009-08-15 07:11

 

 

 

y a du mieux ?

[Falkra]

Ok, bon réflexe pour le coup.

Du mieux ? Ha oui, c'est beaucoup mieux, et ça ne semble plus en mettre partout en se propageant. Ca j'aime mieux, et toi aussi.

 

Ta bestiole, est très certainement choppée via p2p, via BitTorrent, pour info, déguisée en faux antivirus/antimachin. A méditer.

 

On n'a pas fini.

Est-ce que ça tourne correctement là ?

[cocof]

oui, mais je dois partir dans 10 min, tu sera la apres 21h ce soir ?

[Falkra]

Je serai probablement là, pas de souci, même si je ne suis pas là, on continue quand tu peux.

Eloigne la famille du p2p pendant ton absence, histoire de ne pas réinfecter le truc avec la même bestiole.

[cocof]

j'etteint le pc et ne touche plus a rien

merci encore

bonne apres midi

[cocof]

je suis de retour pour j'espère l'éradication finael,

Falkra, tu préconise quoi maintenant ?

[Falkra]

Refais une passe combofix stp (sans CFscript), s'il demande à se mettre à jour, dis oui.

[cocof]

voici la rapport de combofix

 

ComboFix 09-08-10.06 - Hamon 15/08/2009 20:29.7.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.959.509 [GMT 2:00]

Running from: c:\documents and settings\Hamon\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))

.

 

2009-08-15 13:02 . 2001-08-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 13:02 . 2001-08-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-15 08:41 . 2009-08-15 08:42 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe

2009-08-15 08:28 . 2009-08-15 08:28 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\Hamon\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-14 19:02 . 2009-08-14 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 19:02 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 19:43 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-12 19:43 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-12 19:43 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-12 19:43 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\program files\Avira

2009-08-12 19:43 . 2009-08-12 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-12 19:33 . 2009-08-12 19:33 -------- d-----w- c:\program files\MSBuild

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- c:\program files\Reference Assemblies

2009-08-12 19:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-12 19:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-12 19:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-12 19:32 . 2009-08-12 19:32 -------- d-----w- C:\533ba9ab9ad8c060f04dd61c

2009-08-12 19:32 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-12 19:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-12 19:31 . 2009-08-12 19:56 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-12 18:50 . 2009-08-12 18:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-12 18:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 17:23 . 2009-08-05 17:23 152576 ----a-w- c:\documents and settings\Hamon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 18:26 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\DNA

2009-08-15 13:41 . 2008-07-06 20:39 -------- d-----w- c:\program files\DNA

2009-08-15 12:15 . 2008-07-06 20:39 -------- d-----w- c:\documents and settings\Hamon\Application Data\BitTorrent

2009-08-14 20:45 . 2009-08-14 20:45 15624 ----a-w- c:\documents and settings\Hamon\Application Data\ulibil.bin

2009-08-14 20:45 . 2009-08-14 20:45 15190 ----a-w- c:\program files\Fichiers communs\redub.db

2009-08-14 20:41 . 2006-09-26 11:43 95792 -c--a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 19:07 . 2008-07-06 21:06 -------- d-----w- c:\program files\iWizz

2009-08-12 19:37 . 2006-09-26 11:18 85842 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-12 19:37 . 2006-09-26 11:18 513736 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-05 17:24 . 2007-11-25 11:02 -------- d-----w- c:\program files\Java

2009-08-05 09:00 . 2006-09-26 11:17 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2008-12-07 13:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2006-09-26 11:17 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2006-09-26 11:18 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-07 09:52 . 2009-07-07 09:50 -------- d-----w- c:\program files\Photocopier

2009-07-03 16:57 . 2006-09-26 11:18 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:26 . 2006-09-26 11:18 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2006-09-26 11:18 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2006-09-26 11:18 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2006-09-26 11:17 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2006-09-26 11:17 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2006-09-26 11:17 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2006-09-26 11:17 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2006-09-26 11:18 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2006-09-26 11:17 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2006-09-26 11:18 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2006-09-26 11:18 82944 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2006-09-26 11:17 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2006-09-26 09:30 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2006-09-26 11:18 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2006-09-26 11:18 1297408 ----a-w- c:\windows\system32\quartz.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-15_12.23.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-15 13:40 . 2009-08-15 13:40 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat

+ 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll

+ 2009-08-15 13:38 . 2009-08-15 13:38 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

+ 2009-08-15 13:38 . 2009-08-15 13:38 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2006-09-26 11:17 . 2008-04-13 11:15 574976 c:\windows\system32\drivers\ntfs.sys

+ 2006-09-26 11:17 . 2008-04-13 11:15 574976 c:\windows\system32\dllcache\ntfs.sys

+ 2009-08-15 13:38 . 2009-08-15 13:38 249856 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-15 13:38 . 2009-08-15 13:38 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

+ 2009-08-15 13:38 . 2009-08-15 13:38 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

+ 2009-08-15 13:38 . 2009-08-15 13:38 5619712 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-11-29 2052189]

"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-05-11 173056]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 1126400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]

"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]

"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-09-09 88203]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-13 110592]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk

backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

"c:\\Program Files\\UUSee\\UUSeePlayer.exe"=

"c:\\Program Files\\TVAnts\\Tvants.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 09:00 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 10:01 29056]

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [10/11/2004 11:30 138801]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [10/11/2004 11:49 46800]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 21:43 108289]

R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [26/09/2006 12:55 40960]

R3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [26/09/2005 06:38 14080]

R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [26/09/2006 12:55 20128]

S1 EPPSCSIx;EPPSCSIx;c:\windows\system32\drivers\Eppscsi.sys [07/07/2009 11:40 47148]

S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.9.19.0;c:\windows\system32\drivers\BDA_Loader_220.sys [26/09/2005 06:38 15616]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [29/02/2008 17:12 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [29/02/2008 17:12 498464]

S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

Trusted Zone: neuf.fr\vod

TCP: {271FC085-DC3E-4EF0-A05D-8E9FD2356848} = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\Hamon\Application Data\Mozilla\Firefox\Profiles\qybfn4p9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Neuf\TV_PC\VLC\npvlc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, );user_pref(yahoo.homepage.dontask, true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 20:32

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c6,16,8b,1c,36,

2e,ae,8d,e2,63,26,f1,3f,c8,ff,68,ee,df,29,2d,0b,3d,04,4e,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8e,2b,d6,e7,98,

66,f3,8f,6a,9c,d6,61,af,45,84,18,5d,b8,d1,ea,aa,2d,8a,88,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,88,dc,49,61,0c,

63,43,d8,ff,7c,85,e0,43,d4,0e,fe,98,9e,d3,4f,20,5d,96,c7,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,8c,40,bc,a6,a3,

28,dc,49,86,8c,21,01,be,91,eb,e7,60,3c,fc,a6,44,02,45,90,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c6,54,f3,3e,77,

d7,0c,ac,f5,1d,4d,73,a8,13,5c,05,97,c6,33,93,fc,ae,e5,92,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,17,f2,44,46,d5,

80,bb,21,df,20,58,62,78,6b,cf,c8,74,12,13,42,c1,c6,7d,17,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,61,41,cd,1b,65,

ac,11,bc,fb,a7,78,e6,12,2f,9a,ea,95,9e,29,16,21,e5,ae,ac,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,1a,82,bd,3c,09,

ec,9e,22,01,3a,48,fc,e8,04,4a,f1,cc,33,bb,5e,54,a7,b5,96,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,87,e4,68,c9,8e,

b4,ed,d9,f6,0f,4e,58,98,5b,89,c9,2e,5b,79,cf,de,ef,42,49,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,02,96,9c,d6,a7,

d8,dd,ab,3d,ce,ea,26,2d,45,aa,78,54,9e,99,45,f7,af,5c,f9,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,f7,f5,8b,45,64,

94,70,4a,2a,b7,cc,b5,b9,7f,41,e7,8e,cc,d8,1c,44,68,03,37,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2e,d5,f1,53,db,

41,09,53,6c,43,2d,1e,aa,22,2f,9c,10,ce,34,07,90,28,4c,b5,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(1564)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

Completion time: 2009-08-15 20:35

ComboFix-quarantined-files.txt 2009-08-15 18:35

ComboFix2.txt 2009-08-15 13:45

ComboFix3.txt 2009-08-15 12:25

ComboFix4.txt 2009-08-14 20:39

 

Pre-Run: 12 903 616 512 octets libres

Post-Run: 12 892 905 472 octets libres

 

265 --- E O F --- 2009-08-15 07:11

[Falkra]

Ca a une bonne tête.

 

Ca tourne bien ?

(on n'a pas fini)

 

POste un nouveau rapport HijackThis stp.