gros probleme sur mon pc

[Lucho_gonzales]

ok merci

 

voici le rapport : ComboFix 09-08-19.0C - moi 20/08/2009 17:55.3.1 - NTFSx86 NETWORK

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2253 [GMT 2:00]

Running from: c:\documents and settings\moi\Bureau\65604-CF.exe

AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\agyg._sy

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\arymuj.dat

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\cuhig.bat

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ilecazilu.com

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\okek.scr

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\opajan.db

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\opilijuv.ban

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\tubodixoj.dat

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ureqa.pif

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\vaze.bin

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wiguhozojy._sy

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wymejuqemy._sy

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ybamijisez.reg

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ybihyjod.dll

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ynohyb.db

c:\documents and settings\moi\Application Data\wiaserva.log

c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\program files\PC_Antispyware2010

c:\program files\PC_Antispyware2010\AVEngn.dll

c:\program files\PC_Antispyware2010\data\daily.cvd

c:\program files\PC_Antispyware2010\htmlayout.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg

c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

c:\program files\PC_Antispyware2010\pthreadVC2.dll

c:\program files\PC_Antispyware2010\Uninstall.exe

c:\program files\PC_Antispyware2010\wscui.cpl

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\system32\_scui.cpl

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\dllcache\figaro.sys

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\wisdstr.exe

c:\windows\system32\WS2Fix.exe

 

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected

Restored copy from - c:\i386\BEEP.SYS

 

.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

 

2009-08-16 01:50 . 2005-01-12 08:17 26686 ----a-w- c:\documents and settings\moi\msword98.exe

2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS

2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys

2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM

2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive

2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll

2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV

2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D

2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2

2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 16:08 . 2009-08-20 16:08 190539 ----a-w- c:\windows\system32\wisdstr.exe

2009-08-20 16:08 . 2009-08-20 16:08 11264 ----a-w- c:\windows\system32\braviax.exe

2009-08-20 16:08 . 2005-01-12 08:22 29184 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic

2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule

2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2

2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast

2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real

2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC

2009-08-03 12:36 . 2005-01-12 06:04 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 12:36 . 2005-01-12 06:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression

2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi

2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT

2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft

2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft

2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger

2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker

2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live

2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien

2005-01-12 08:28 . 2005-01-12 08:28 18873 ----a-w- c:\program files\Fichiers communs\ehepexe.dl

2005-01-12 08:28 . 2005-01-12 08:28 13574 ----a-w- c:\program files\Fichiers communs\qyqa._sy

2005-01-12 08:28 . 2005-01-12 08:28 13125 ----a-w- c:\program files\Fichiers communs\xycak.ban

2005-01-12 07:08 . 2005-01-12 07:08 19071 ----a-w- c:\program files\Fichiers communs\xice.dat

2005-01-12 07:08 . 2005-01-12 07:08 18217 ----a-w- c:\program files\Fichiers communs\ijad.pif

2005-01-12 07:08 . 2005-01-12 07:08 17575 ----a-w- c:\program files\Fichiers communs\ecykow.inf

2005-01-12 07:08 . 2005-01-12 07:08 11794 ----a-w- c:\program files\Fichiers communs\yrihak.db

2005-01-11 17:02 . 2005-01-11 17:02 15747 ----a-w- c:\program files\Fichiers communs\ejufijafa._sy

2005-01-11 17:02 . 2005-01-11 17:02 14540 ----a-w- c:\program files\Fichiers communs\loherif._sy

2005-01-11 17:02 . 2005-01-11 17:02 10981 ----a-w- c:\program files\Fichiers communs\cahypihig.exe

2005-01-11 16:41 . 2005-01-11 16:41 13114 ----a-w- c:\program files\Fichiers communs\ihytavo.bat

2005-01-11 16:41 . 2005-01-11 16:41 10572 ----a-w- c:\program files\Fichiers communs\ykilumyc.bat

2005-01-10 16:33 . 2005-01-10 16:33 19327 ----a-w- c:\program files\Fichiers communs\adogiz.db

2005-01-10 16:33 . 2005-01-10 16:33 19049 ----a-w- c:\program files\Fichiers communs\owijer.vbs

2005-01-10 16:33 . 2005-01-10 16:33 19042 ----a-w- c:\program files\Fichiers communs\sygigibihe.bat

2005-01-10 16:33 . 2005-01-10 16:33 18729 ----a-w- c:\program files\Fichiers communs\ynaho.ban

2005-01-10 16:33 . 2005-01-10 16:33 17714 ----a-w- c:\program files\Fichiers communs\venuba.bin

2005-01-10 16:33 . 2005-01-10 16:33 14201 ----a-w- c:\program files\Fichiers communs\okafid._sy

2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys

.

 

------- Sigcheck -------

 

[-] 2009-08-20 16:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys

[-] 2009-08-20 16:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys

[7] 2004-08-19 20:03 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SYSTEM32\DLLCACHE\ntfs.sys

[-] 2005-01-11 16:23 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\SYSTEM32\DRIVERS\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

 

c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

 

c:\documents and settings\moi\Menu D‚marrer\Programmes\D‚marrage\

ikowin32.exe [2004-8-5 24064]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk

backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk

backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk

backup=c:\windows\pss\Sipru.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk

backup=c:\windows\pss\SkyMessager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]

path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe

backup=c:\windows\pss\ikowin32.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]

path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk

backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=

"c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Valve\\Steam\\Steam.exe"=

"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:*:Disabled:Shareaza

"6346:UDP"= 6346:UDP:*:Disabled:Shareaza

"26180:TCP"= 26180:TCP:neuf telecom

"26181:TCP"= 26181:TCP:neuf telecom

"9876:TCP"= 9876:TCP:neuf telecom

"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR

"31336:TCP"= 31336:TCP:*:Disabled:adsl tv

"31336:UDP"= 31336:UDP:*:Disabled:adsl tv

"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA

"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA

"3128:TCP"= 3128:TCP:*:Disabled:ffff

"3128:UDP"= 3128:UDP:*:Disabled:ffff

"7080:TCP"= 7080:TCP:*:Disabled:max tv

"21:UDP"= 21:UDP:*:Disabled:ultras

"3900:TCP"= 3900:TCP:*:Disabled:Sopcast

"3920:TCP"= 3920:TCP:*:Disabled:Sopcast

"28464:TCP"= 28464:TCP:emule tcp

"25140:UDP"= 25140:UDP:emule udp

"16800:TCP"= 16800:TCP:*:Disabled:tvants

"16800:UDP"= 16800:UDP:*:Disabled:tvants

"5739:UDP"= 5739:UDP:pes2009

"5730:UDP"= 5730:UDP:pes2009

"5729:UDP"= 5729:UDP:pes2009

"27588:TCP"= 27588:TCP:BitComet 27588 TCP

"27588:UDP"= 27588:UDP:BitComet 27588 UDP

"20085:TCP"= 20085:TCP:pes2009

"20030:TCP"= 20030:TCP:pes2009

"20020:TCP"= 20020:TCP:pes2009

"20010:TCP"= 20010:TCP:pes2009

"443:TCP"= 443:TCP:pes2009

"8800:TCP"= 8800:TCP:pes2009

"8899:TCP"= 8899:TCP:pes2009

"14020:TCP"= 14020:TCP:pes2009

 

S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]

S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]

S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]

S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]

S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]

S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]

S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]

S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]

S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]

S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]

S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe

HKLM-Run-braviax - (no file)

HKU-Default-Run-braviax - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = local

mSearchAssistant = hxxp://www.google.com

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][by i_love_sexe]\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm

DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 18:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\wisdstr.exe 190539 bytes executable

c:\windows\system32\braviax.exe 11264 bytes executable

 

scan completed successfully

hidden files: 2

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]

"datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,

85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\

"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,

29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,

33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,

fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,

57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,

72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,

3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,

fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,

27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,

4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,

85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,

e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,

ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\braviax.exe

.

**************************************************************************

.

Completion time: 2009-08-20 18:13 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-20 16:13

ComboFix2.txt 2005-01-11 17:01

 

Pre-Run: 38 203 994 112 octets libres

Post-Run: 38 207 787 008 octets libres

 

377 --- E O F --- 2009-07-31 15:31

[Lucho_gonzales]

up svp j'en ai vraiment besoin de vs

[Canon560]

up svp j'en ai vraiment besoin de vs

 

Soit patient l'ami, ne t'inquiètes pas, les gens qui t'aident ne t'abandonnes pas, laisse leur juste le temps de te répondre, ils ne sont pas forcément 24/24H ici =) Passe une bonne soirée =)

[pear]

Bonsoir,

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

File::

c:\windows\system32\wisdstr.exe

c:\windows\system32\braviax.exe

c:\windows\SYSTEM32\D0D0DC084F.sys

c:\windows\pss\ikowin32.exeStartup

c:\program files\Fichiers communs\ehepexe.dl

c:\program files\Fichiers communs\qyqa._sy

c:\program files\Fichiers communs\xycak.ban

c:\program files\Fichiers communs\xice.dat

c:\program files\Fichiers communs\ijad.pif

c:\program files\Fichiers communs\ecykow.inf

c:\program files\Fichiers communs\yrihak.db

c:\program files\Fichiers communs\ejufijafa._sy

c:\program files\Fichiers communs\loherif._sy

c:\program files\Fichiers communs\cahypihig.exe

c:\program files\Fichiers communs\ihytavo.bat

c:\program files\Fichiers communs\ykilumyc.bat

c:\program files\Fichiers communs\adogiz.db

c:\program files\Fichiers communs\owijer.vbs

c:\program files\Fichiers communs\sygigibihe.bat

c:\program files\Fichiers communs\ynaho.ban

c:\program files\Fichiers communs\venuba.bin

c:\program files\Fichiers communs\okafid._sy

c:\documents and settings\moi\Menu D‚marrer\Programmes\D‚marrage\ikowin32.exe

c:\documents and settings\moi\msword98.exe

 

Driver::

c:\windows\SYSTEM32\D0D0DC084F.sys

 

FCopy::

c:\windows\SYSTEM32\DLLCACHE\ntfs.sys | c:\windows\SYSTEM32\DRIVERS\ntfs.sys

 

Registry::

[-HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]

 

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt