Votre question

quel est ce malware?

Tags :
  • Malware
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Janvier 2008 19:14:56

J'ai toujours des boites de dialogues qui s'ouvrent me disant que mon ordi est infecté et qu'il faut que j'installe reparateurdesysteme ou defensedudisque ou antivirusordi enfin pleins de progs qui sont des rogues.
j'ai passé hijack dont le rapport suit mais dès que je "fix" la ligne en gras( qui, pour moi est le pb), ca fonctionne seulement pour 10 à 15 mn seulement après c'est de nouveau pareil j'ai fait des recherches sur le net mais je ne trouve pas quel type de malware c'est. J'ai aussi passé spybot, avg antispyware j'ai avast en antivirus mais rien ne le détecte. Si je pouvais avoir un petit coup de main ca serait bien Je poste aussi le log de navlog .

Merci et voici mon rapport Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 18:48:14, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\nero 6\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Avast4\ashMaiSv.exe
C:\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\programmes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co.mondespersistants.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [20c5e75c] rundll32.exe "C:\WINDOWS\system32\tmgwfhwj.dll",b
O4 - HKCU\..\Run: [NBJ] "C:\nero 6\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Raccourci vers wallpaper change 2.lnk = C:\Wallpaper Changer\bin\wallpaper change 2.10.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHel...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/sw...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\nero 6\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
Configuration: Windows XP
Internet Explorer 6.0


Search Navipromo version 3.4.0 commencé le 15/01/2008 à 19:37:38,39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\paps.PEPS\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\paps.PEPS\MENUDM~1\PROGRA~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\paps.PEPS\local settings\application data" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !


*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\paps.PEPS\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\oqstv.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 15/01/2008 à 20:47:03,48 ***

il me signale que j'ai ptet Vundo mais avg antivirus ou avast sont censés le trouver alors qu'il n'en est rien. Est ce vraiment ce virus?

Autres pages sur : malware

a b 8 Sécurité
16 Janvier 2008 19:17:36

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    16 Janvier 2008 20:25:02

    :??: 

    il y a tjs ces pubs d'ordi infectés prenant la place de toutes les bannieres publicitaires des sites.
    J'ai fait ce que tu m'as dit avec vundo et voici les rapports hijack et vundofix

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 22:57:33 15/01/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\decdyfkg.dll
    C:\WINDOWS\system32\fwaxifid.dll
    C:\WINDOWS\system32\iqgxrngb.dll
    C:\WINDOWS\system32\jffemgpj.ini
    C:\WINDOWS\system32\jpgmeffj.dll
    C:\WINDOWS\system32\mgnvxian.dll
    C:\WINDOWS\system32\scwlfyye.dll
    C:\WINDOWS\system32\sintfybb.dll
    C:\WINDOWS\system32\tmgwfhwj.dll
    C:\WINDOWS\system32\vturqnm.dll
    C:\WINDOWS\system32\xgosgape.dll
    C:\WINDOWS\system32\xjitkwwi.dll
    C:\WINDOWS\system32\xxyayyy.dll

    VundoFix V6.7.7

    Checking Java version...

    Scan started at 19:26:35 16/01/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\decdyfkg.dll
    C:\WINDOWS\system32\efcywwt.dll
    C:\WINDOWS\system32\faswetki.ini
    C:\WINDOWS\system32\fwaxifid.dll
    C:\WINDOWS\system32\iktewsaf.dll
    C:\WINDOWS\system32\iqgxrngb.dll
    C:\WINDOWS\system32\jpgmeffj.dll
    C:\WINDOWS\system32\mgnvxian.dll
    C:\WINDOWS\system32\scwlfyye.dll
    C:\WINDOWS\system32\sintfybb.dll
    C:\WINDOWS\system32\tmgwfhwj.dll
    C:\WINDOWS\system32\vturqnm.dll
    C:\WINDOWS\system32\xgosgape.dll
    C:\WINDOWS\system32\xjitkwwi.dll
    C:\WINDOWS\system32\xxyayyy.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\decdyfkg.dll
    C:\WINDOWS\system32\decdyfkg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efcywwt.dll
    C:\WINDOWS\system32\efcywwt.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\faswetki.ini
    C:\WINDOWS\system32\faswetki.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fwaxifid.dll
    C:\WINDOWS\system32\fwaxifid.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iktewsaf.dll
    C:\WINDOWS\system32\iktewsaf.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\iqgxrngb.dll
    C:\WINDOWS\system32\iqgxrngb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jpgmeffj.dll
    C:\WINDOWS\system32\jpgmeffj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mgnvxian.dll
    C:\WINDOWS\system32\mgnvxian.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\scwlfyye.dll
    C:\WINDOWS\system32\scwlfyye.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sintfybb.dll
    C:\WINDOWS\system32\sintfybb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tmgwfhwj.dll
    C:\WINDOWS\system32\tmgwfhwj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vturqnm.dll
    C:\WINDOWS\system32\vturqnm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xgosgape.dll
    C:\WINDOWS\system32\xgosgape.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjitkwwi.dll
    C:\WINDOWS\system32\xjitkwwi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyayyy.dll
    C:\WINDOWS\system32\xxyayyy.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\efcywwt.dll
    C:\WINDOWS\system32\efcywwt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iktewsaf.dll
    C:\WINDOWS\system32\iktewsaf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!



    ET celui de HIjack



    Logfile of HijackThis v1.99.1
    Scan saved at 20:24:10, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\nero 6\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Avast4\aswUpdSv.exe
    C:\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Avast4\ashMaiSv.exe
    C:\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Prog analyse systeme\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co.mondespersistants.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NBJ] "C:\nero 6\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Raccourci vers wallpaper change 2.lnk = C:\Wallpaper Changer\bin\wallpaper change 2.10.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHel...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/sw...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\nero 6\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)

    Contenus similaires
    a b 8 Sécurité
    16 Janvier 2008 20:28:37

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    16 Janvier 2008 20:50:45

    voila le rapport de combofix

    ComboFix 08-01-09.2 - paps 2008-01-16 20:38:39.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.208 [GMT 1:00]
    Running from: C:\Documents and Settings\paps.PEPS\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Conquer 2.0\c3\0003\611\_desktop.ini
    C:\Program Files\Conquer 2.0\c3\0003\741\_desktop.ini
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\eyyflwcs.ini
    C:\WINDOWS\system32\f1
    C:\WINDOWS\system32\iwwktijx.ini
    C:\WINDOWS\system32\jffemgpj.ini
    C:\WINDOWS\system32\jwhfwgmt.ini
    C:\WINDOWS\system32\naixvngm.ini
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\r3
    C:\WINDOWS\system32\rhdvkosj.dll
    C:\WINDOWS\system32\y2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-16 20:44 . 2008-01-16 20:45 371 --ahs---- C:\WINDOWS\system32\oqstv.ini
    2008-01-16 20:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-16 18:37 . 2008-01-16 18:23 35,066,701 --a------ C:\WINDOWS\LPT$VPN.947
    2008-01-16 18:36 . 2008-01-16 18:36 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-16 18:24 . 2008-01-16 18:24 <REP> d-------- C:\WINDOWS\report
    2008-01-16 18:23 . 2008-01-16 18:36 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-16 18:23 . 2008-01-16 18:23 35,066,701 --a------ C:\WINDOWS\VPTNFILE.947
    2008-01-16 18:23 . 2008-01-16 18:23 1,910,895 --a------ C:\WINDOWS\tsc.ptn
    2008-01-16 18:23 . 2008-01-16 18:36 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-16 18:23 . 2008-01-16 18:23 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-16 18:23 . 2008-01-16 18:36 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-16 18:23 . 2008-01-16 18:23 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-16 18:23 . 2008-01-16 18:37 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-16 18:22 . 2008-01-16 18:22 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-16 18:22 . 2008-01-16 18:22 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-16 18:22 . 2008-01-16 18:22 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-16 18:22 . 2008-01-16 18:22 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-16 18:22 . 2008-01-16 18:36 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-16 07:35 . 2008-01-16 07:35 45,056 --a------ C:\Documents and Settings\paps.PEPS\957123845.exe
    2008-01-16 07:35 . 2008-01-16 07:35 45,056 --a------ C:\Documents and Settings\paps.PEPS\957123844.exe
    2008-01-16 07:35 . 2008-01-16 07:35 45,056 --a------ C:\Documents and Settings\paps.PEPS\82.exe
    2008-01-16 07:35 . 2008-01-16 07:35 9,728 --a------ C:\WINDOWS\system32\MSIEMPlayer.DLL
    2008-01-15 22:57 . 2008-01-16 20:04 <REP> d-------- C:\VundoFix Backups
    2008-01-15 19:36 . 2008-01-15 20:47 <REP> d-------- C:\Program Files\Navilog1
    2008-01-14 19:15 . 2008-01-14 19:15 1,378,533 --a------ C:\upload_moi_PEPS.tar.gz
    2008-01-13 23:03 . 2008-01-13 23:06 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2008-01-13 23:03 . 2008-01-13 23:04 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-01-13 23:03 . 2008-01-13 23:04 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-13 23:03 . 2008-01-13 23:04 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-01-11 18:29 . 2006-09-03 17:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-11 15:58 . 2008-01-11 15:58 0 --a------ C:\LOG236.tmp
    2008-01-11 15:54 . 2008-01-11 15:54 <REP> d-------- C:\Documents and Settings\paps.PEPS\Application Data\U3
    2007-12-31 12:00 . 2007-12-31 12:00 314,752 --a------ C:\WINDOWS\system32\vtsqo.dll
    2007-12-30 02:12 . 2007-12-30 02:12 <REP> d-------- C:\WINDOWS\system32\ardCo01
    2007-12-30 02:12 . 2007-12-30 02:12 <REP> d-------- C:\TEMP\cEeer12
    2007-12-30 02:12 . 2007-12-30 02:12 224,816 --a------ C:\TEMP\iniag2101.exe
    2007-12-17 00:24 . 2007-12-31 11:47 320 --ahs---- C:\WINDOWS\system32\knnmp.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-13 15:05 --------- d-----w C:\Program Files\Conquer 2.0
    2007-12-14 16:38 --------- d-----w C:\Documents and Settings\paps.PEPS\Application Data\Canon
    2007-12-13 18:23 --------- d-----w C:\Program Files\Canon
    2007-12-13 18:18 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
    2007-12-13 18:17 --------- d--h--w C:\Program Files\CanonBJ
    2007-12-12 19:34 --------- d-----w C:\Program Files\D-Link
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-30 17:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-30 17:23 --------- d--h--r C:\Documents and Settings\paps.PEPS\Application Data\SecuROM
    2007-11-24 18:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2007-11-24 17:31 --------- d-----w C:\Program Files\Monte Cristo
    2007-11-23 19:56 --------- d-----w C:\Program Files\Java
    2007-11-23 18:17 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-19 18:53 --------- d-----w C:\Documents and Settings\paps.PEPS\Application Data\Ahead
    2007-08-28 15:42 991,232 ----a-w C:\Program Files\Conquer.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06358080-33BE-452b-9B31-E54E112ADCCA}]
    2008-01-16 07:35 9728 --a------ C:\WINDOWS\system32\MSIEMPlayer.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235A11DF-9EAD-47E0-B916-B262D738E78F}]
    2007-12-31 12:00 314752 --a------ C:\WINDOWS\system32\vtsqo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB22013B-31E5-42BD-B127-214D8E490787}]
    C:\Program Files\Messenger\ryxyC:\WINDOWS\system32\y2\gyreo83122.exe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\nero 6\Nero BackItUp\nbj.exe" [2005-10-11 19:25 1961984]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 21:38 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "POINTER"="point32.exe" []
    "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 20:41 94208]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
    "avast!"="C:\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 14:30 335872]
    "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57 81408]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
    "!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-24 19:19 6731312]
    "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-08-18 17:50 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsqo.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-11-24 19:19 6731312 C:\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    --a------ 2004-12-09 14:56 57344 C:\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-08-18 17:50 98304 C:\WINDOWS\system32\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-18 21:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [2002-03-06 14:20]
    S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys [2005-08-09 16:52]
    S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys [2005-10-18 17:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a2dfe1a-bea1-11dc-a13f-000c6ed5242a}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-16 20:45:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\WINDOWS\system32\vtsqo.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
    -> C:\WINDOWS\system32\vtsqo.dll
    .
    Completion time: 2008-01-16 20:48:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-16 19:48:27
    a b 8 Sécurité
    16 Janvier 2008 21:46:49

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\knnmp.ini
    C:\WINDOWS\system32\MSIEMPlayer.DLL

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06358080-33BE-452b-9B31-E54E112ADCCA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235A11DF-9EAD-47E0-B916-B262D738E78F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB22013B-31E5-42BD-B127-214D8E490787}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    16 Janvier 2008 22:38:51

    voici le rapport de combofix


    ComboFix 08-01-09.2 - paps 2008-01-16 22:30:15.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.344 [GMT 1:00]
    Running from: C:\Documents and Settings\paps.PEPS\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\paps.PEPS\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\knnmp.ini
    C:\WINDOWS\system32\MSIEMPlayer.DLL
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\vtsqo.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\knnmp.ini
    C:\WINDOWS\system32\MSIEMPlayer.DLL
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\vtsqo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-16 20:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-16 18:37 . 2008-01-16 18:23 35,066,701 --a------ C:\WINDOWS\LPT$VPN.947
    2008-01-16 18:36 . 2008-01-16 18:36 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-16 18:24 . 2008-01-16 18:24 <REP> d-------- C:\WINDOWS\report
    2008-01-16 18:23 . 2008-01-16 18:36 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-16 18:23 . 2008-01-16 18:23 35,066,701 --a------ C:\WINDOWS\VPTNFILE.947
    2008-01-16 18:23 . 2008-01-16 18:23 1,910,895 --a------ C:\WINDOWS\tsc.ptn
    2008-01-16 18:23 . 2008-01-16 18:36 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-16 18:23 . 2008-01-16 18:23 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-16 18:23 . 2008-01-16 18:36 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-16 18:23 . 2008-01-16 18:23 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-16 18:23 . 2008-01-16 18:37 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-16 18:22 . 2008-01-16 18:22 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-16 18:22 . 2008-01-16 18:22 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-16 18:22 . 2008-01-16 18:22 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-16 18:22 . 2008-01-16 18:22 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-16 18:22 . 2008-01-16 18:36 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-16 07:35 . 2008-01-16 07:35 45,056 --a------ C:\Documents and Settings\paps.PEPS\957123845.exe
    2008-01-16 07:35 . 2008-01-16 07:35 45,056 --a------ C:\Documents and Settings\paps.PEPS\957123844.exe
    2008-01-16 07:35 . 2008-01-16 07:35 45,056 --a------ C:\Documents and Settings\paps.PEPS\82.exe
    2008-01-15 22:57 . 2008-01-16 20:04 <REP> d-------- C:\VundoFix Backups
    2008-01-15 19:36 . 2008-01-15 20:47 <REP> d-------- C:\Program Files\Navilog1
    2008-01-14 19:15 . 2008-01-14 19:15 1,378,533 --a------ C:\upload_moi_PEPS.tar.gz
    2008-01-13 23:03 . 2008-01-13 23:06 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2008-01-13 23:03 . 2008-01-13 23:04 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-01-13 23:03 . 2008-01-13 23:04 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-13 23:03 . 2008-01-13 23:04 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-01-11 18:29 . 2006-09-03 17:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-11 15:58 . 2008-01-11 15:58 0 --a------ C:\LOG236.tmp
    2008-01-11 15:54 . 2008-01-11 15:54 <REP> d-------- C:\Documents and Settings\paps.PEPS\Application Data\U3
    2007-12-30 02:12 . 2007-12-30 02:12 <REP> d-------- C:\WINDOWS\system32\ardCo01
    2007-12-30 02:12 . 2007-12-30 02:12 <REP> d-------- C:\TEMP\cEeer12
    2007-12-30 02:12 . 2007-12-30 02:12 224,816 --a------ C:\TEMP\iniag2101.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-13 15:05 --------- d-----w C:\Program Files\Conquer 2.0
    2007-12-14 16:38 --------- d-----w C:\Documents and Settings\paps.PEPS\Application Data\Canon
    2007-12-13 18:23 --------- d-----w C:\Program Files\Canon
    2007-12-13 18:18 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
    2007-12-13 18:17 --------- d--h--w C:\Program Files\CanonBJ
    2007-12-12 19:34 --------- d-----w C:\Program Files\D-Link
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-30 17:23 --------- d--h--r C:\Documents and Settings\paps.PEPS\Application Data\SecuROM
    2007-11-24 18:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2007-11-24 17:31 --------- d-----w C:\Program Files\Monte Cristo
    2007-11-23 19:56 --------- d-----w C:\Program Files\Java
    2007-11-23 18:17 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-19 18:53 --------- d-----w C:\Documents and Settings\paps.PEPS\Application Data\Ahead
    2007-08-28 15:42 991,232 ----a-w C:\Program Files\Conquer.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-16_20.48.09.98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-16 19:38:17 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-16 21:30:03 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-16 19:38:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-16 21:30:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-16 19:38:17 8,101,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
    + 2008-01-16 21:30:03 8,101,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
    - 2008-01-16 19:38:17 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-16 21:30:03 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-16 19:38:17 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-16 21:30:03 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-16 19:38:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-16 21:30:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-16 21:34:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\nero 6\Nero BackItUp\nbj.exe" [2005-10-11 19:25 1961984]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 21:38 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "POINTER"="point32.exe" []
    "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 20:41 94208]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
    "avast!"="C:\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 14:30 335872]
    "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57 81408]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
    "!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-24 19:19 6731312]
    "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-08-18 17:50 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsqo.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-11-24 19:19 6731312 C:\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    --a------ 2004-12-09 14:56 57344 C:\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-08-18 17:50 98304 C:\WINDOWS\system32\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-18 21:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [2002-03-06 14:20]
    S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys [2005-08-09 16:52]
    S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys [2005-10-18 17:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a2dfe1a-bea1-11dc-a13f-000c6ed5242a}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-16 22:35:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-16 22:37:21 - machine was rebooted [paps]
    ComboFix-quarantined-files.txt 2008-01-16 21:37:19
    ComboFix2.txt 2008-01-16 19:48:30




    et celui de hijack


    Logfile of HijackThis v1.99.1
    Scan saved at 22:38:46, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\nero 6\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Avast4\aswUpdSv.exe
    C:\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Prog analyse systeme\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co.mondespersistants.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NBJ] "C:\nero 6\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Raccourci vers wallpaper change 2.lnk = C:\Wallpaper Changer\bin\wallpaper change 2.10.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\BitComet\tools\BitCometBHO_1.1.8.30.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHel...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/sw...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\nero 6\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS