Votre question

WINNT\SUSTEM32 manquant

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Novembre 2007 08:25:54

bonjour a tous,

J ai un souics certainement du a des virus, car mon antivirus Kaspersky m'informe qu'un cheval de troie existe dans le répertoire c://winnt/system32/. Or quand j explore le répertoire c://winnt, je ne toruve pas de dossier system32, meme en vérifiant que l'affichage affiche les objet masque.

Quelqu'un pourrait il m'aider.

Cordialement,

Autres pages sur : winnt sustem32 manquant

23 Novembre 2007 18:33:00

Logfile of HijackThis v1.99.1
Scan saved at 18:28:14, on 23/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\cba\xfr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DYNALOG\Multi Devis 2000\Mda.exe
C:\Documents and Settings\SFRITZ\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-digital-media.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [eca0f721] rundll32.exe "C:\WINNT\system32\aouebgcq.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Démarrage d'Office.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Recherche accélérée.lnk.disabled
O4 - Global Startup: Service Manager.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: A3Cab1 - http://www.globalcashsolutions.com/kithtml/A3Cab1.CAB
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: SpyBrowserDisabled -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D7659A1-5876-4651-A952-69460E95A062}: NameServer = 192.168.20.100,192.168.20.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D7659A1-5876-4651-A952-69460E95A062}: NameServer = 192.168.20.100,192.168.20.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D7659A1-5876-4651-A952-69460E95A062}: NameServer = 192.168.20.100,192.168.20.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.5.0.464.dll
O20 - AppInit_DLLs: C:\WINNT\system32\__c00F51C5.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EasyPHP\Apache\apache.exe" --ntservice (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EasyPHP\MySql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Voila c est tout;;;;
Contenus similaires
23 Novembre 2007 21:58:10

Re


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
24 Novembre 2007 13:05:55

Hijackthis me donne cela mnt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05, on 2007-11-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\cba\xfr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\msiexec.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {5cb337b7-c8a7-d50b-6964-3d4a2d805532} - {235508d2-a4d3-4696-b05d-7a8c7b733bc5} - C:\WINNT\system32\ioekbowe.dll
O2 - BHO: (no name) - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Recherche accélérée.lnk.disabled
O4 - Global Startup: Service Manager.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: SpyBrowserDisabled -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D7659A1-5876-4651-A952-69460E95A062}: NameServer = 192.168.20.100,192.168.20.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D7659A1-5876-4651-A952-69460E95A062}: NameServer = 192.168.20.100,192.168.20.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D7659A1-5876-4651-A952-69460E95A062}: NameServer = 192.168.20.100,192.168.20.1
O20 - Winlogon Notify: udwfxfpa - udwfxfpa.dll (file missing)
O20 - Winlogon Notify: wrgodhkx - wrgodhkx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EasyPHP\Apache\apache.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EasyPHP\MySql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8472 bytes
24 Novembre 2007 13:06:53

Quant à Combofix, le rapport est le suivant

ComboFix 07-11-19.3 - SFRITZ 24/11/2007 12:22:10.1 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.119 [GMT 1:00]
Running from: C:\Documents and Settings\SFRITZ\Bureau\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\SFRITZ\Bureau\Live Safety Center.lnk
C:\Documents and Settings\SFRITZ\Bureau\Online Security Guide.lnk
C:\Documents and Settings\SFRITZ\Favoris\Online Security Guide.lnk
C:\Program Files\BestsellerAntivirus
C:\Program Files\BestsellerAntivirus\Activate.exe
C:\Program Files\BestsellerAntivirus\Config\pgs.xml
C:\Program Files\BestsellerAntivirus\Dat\Activate.dat
C:\Program Files\BestsellerAntivirus\Dat\BkSites.dat
C:\Program Files\BestsellerAntivirus\Dat\bnlink.dat
C:\Program Files\BestsellerAntivirus\Dat\incmp.dat
C:\Program Files\BestsellerAntivirus\Dat\index.dat
C:\Program Files\BestsellerAntivirus\Dat\pv.dat
C:\Program Files\BestsellerAntivirus\Engines\AWBase\database\enemies.dat
C:\Program Files\BestsellerAntivirus\Engines\AWBase\vbpv.dat
C:\Program Files\BestsellerAntivirus\Engines\PGBase\vbpv.dat
C:\Program Files\BestsellerAntivirus\Engines\plugins\BORLNDMM.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANADWR.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANBCDR.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANDLDR.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANDOS1.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANEMUL.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANFUNC.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANKRNL.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANMCR1.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANOTHR.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANSCR.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANTOOL.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANTROJ.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\SCANWIN1.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNACPU.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNADBX.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\unamscan.dll
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNMIME.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNPACK.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNPACKS.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNPACKS2.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UNPEPACK.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UpDate\UA27601.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UpDate\UA27602.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UpDate\UA27603.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UpDate\UA27604.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\UpDate\UADAILY.DLL
C:\Program Files\BestsellerAntivirus\Engines\plugins\vbpv.dat
C:\Program Files\BestsellerAntivirus\FMTR.sys
C:\Program Files\BestsellerAntivirus\fopnl.dll
C:\Program Files\BestsellerAntivirus\FWSettings.bin
C:\Program Files\BestsellerAntivirus\Graphics\cross.gif
C:\Program Files\BestsellerAntivirus\Graphics\ga6p.gif
C:\Program Files\BestsellerAntivirus\Graphics\kb.url
C:\Program Files\BestsellerAntivirus\Graphics\main.ico
C:\Program Files\BestsellerAntivirus\Graphics\mini.ico
C:\Program Files\BestsellerAntivirus\Graphics\Online.url
C:\Program Files\BestsellerAntivirus\Graphics\rm.url
C:\Program Files\BestsellerAntivirus\Graphics\support.ico
C:\Program Files\BestsellerAntivirus\Graphics\Support.url
C:\Program Files\BestsellerAntivirus\Graphics\uninstall.ico
C:\Program Files\BestsellerAntivirus\history.db
C:\Program Files\BestsellerAntivirus\LA\lapv.dat
C:\Program Files\BestsellerAntivirus\LA\License.rtf
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\Program Files\BestsellerAntivirus\ResErrors.log
C:\Program Files\BestsellerAntivirus\Restart.exe
C:\Program Files\BestsellerAntivirus\rpt.dll
C:\Program Files\BestsellerAntivirus\RTasks.exe
C:\Program Files\BestsellerAntivirus\scnkrnl.dll
C:\Program Files\BestsellerAntivirus\settings.ini
C:\Program Files\BestsellerAntivirus\sqlite3.dll
C:\Program Files\BestsellerAntivirus\sr.log
C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll
C:\Program Files\BestsellerAntivirus\Tools\pg.dll
C:\Program Files\BestsellerAntivirus\unins000.dat
C:\Program Files\BestsellerAntivirus\unins000.exe
C:\Program Files\BestsellerAntivirus\Up\ASupdater.dat
C:\Program Files\BestsellerAntivirus\Up\gup.exe
C:\Program Files\BestsellerAntivirus\Up\PGupdater.dat
C:\Program Files\BestsellerAntivirus\Up\UBupdater.dat
C:\Program Files\BestsellerAntivirus\Up\up.dat
C:\Program Files\BestsellerAntivirus\Up\updater.dat
C:\Program Files\Fichiers communs\BestsellerAntivirus
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\ugcw.exe
C:\Program Files\outlook
C:\UGA6P
C:\WINNT\system32\__c00970EC.dat
C:\WINNT\system32\__c00AD15A.dat
C:\WINNT\system32\__c00F51C5.dat
C:\WINNT\system32\aklolpji.dll
C:\WINNT\system32\app.exe
C:\WINNT\system32\ariihheu.exe
C:\WINNT\system32\arnivlxm.dll
C:\WINNT\system32\awtqn.dll
C:\WINNT\system32\bszip.dll
C:\WINNT\system32\Cache
C:\WINNT\system32\config\SAM.SAV
C:\WINNT\system32\dajkmnne.dll
C:\WINNT\system32\drivers\fmtr.sys
C:\WINNT\system32\eucfmxpe.dll
C:\WINNT\system32\ftkjdpww.ini
C:\WINNT\system32\hemufqtm.exe
C:\WINNT\system32\iifgdbb.dll
C:\WINNT\system32\ijplolka.ini
C:\WINNT\system32\kqpuypav.dll
C:\WINNT\system32\ldnpeuqbj.dat
C:\WINNT\system32\ldnpeuqbj_nav.dat
C:\WINNT\system32\ldnpeuqbj_navps.dat
C:\WINNT\system32\ltwjyri.dat
C:\WINNT\system32\ltwjyri.exe
C:\WINNT\system32\ltwjyri_nav.dat
C:\WINNT\system32\ltwjyri_navps.dat
C:\WINNT\system32\necttmlt.dll
C:\WINNT\system32\nhqisecn.exe
C:\WINNT\system32\nqtwa.bak1
C:\WINNT\system32\nqtwa.bak2
C:\WINNT\system32\nqtwa.ini
C:\WINNT\system32\nqtwa.ini2
C:\WINNT\system32\nqtwa.tmp
C:\WINNT\system32\qgisadh_nav.dat
C:\WINNT\system32\qgisadh_navps.dat
C:\WINNT\system32\qizjwym_nav.dat
C:\WINNT\system32\qizjwym_navps.dat
C:\WINNT\system32\qqwakuyg.dll
C:\WINNT\system32\qwbelnbd.exe
C:\WINNT\system32\udwfxfpa.dllbox
C:\WINNT\system32\vMW07a
C:\WINNT\system32\W007T32W.DLL
C:\WINNT\system32\wgcnvemj.dll
C:\WINNT\system32\wrgodhkx.dllbox
C:\WINNT\system32\wwpdjktf.dll
C:\WINNT\system32\ziqlvdsfk_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\fmtr
-------\Iprip


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
.

2007-11-24 12:29 <DIR> d-------- C:\Documents and Settings\SFRITZ\Application Data\BestsellerAntivirus
2007-11-24 12:20 145,984 --a------ C:\WINNT\system32\jhqlpthk.dll
2007-11-24 12:20 81,472 --a------ C:\WINNT\system32\ioekbowe.dll
2007-11-23 18:33 396,288 --a--c--- C:\HijackThis.exe
2007-11-23 18:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-23 15:29 773,857 ---hs---- C:\WINNT\system32\kdbespnn.ini
2007-11-23 13:45 71,232 --a------ C:\WINNT\system32\gyowqaya.exe
2007-11-23 12:54 772,245 ---hs---- C:\WINNT\system32\lmpwcblu.ini
2007-11-23 12:49 71,232 --a------ C:\WINNT\system32\tjlptrwe.exe
2007-11-22 18:34 738,600 ---hs---- C:\WINNT\system32\nyrlsrnq.ini
2007-11-22 18:31 10,864 --a------ C:\WINNT\system32\__c009331E.vir
2007-11-22 17:58 <DIR> d-------- C:\WINNT\ERUNT
2007-11-22 10:05 414 ---hs---- C:\WINNT\system32\yhtkajrc.ini
2007-11-21 07:48 82,061 --a------ C:\WINNT\system32\drivers\klick.dat
2007-11-21 07:48 81,549 --a------ C:\WINNT\system32\drivers\klin.dat
2007-11-21 07:44 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-21 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 07:44 5,202,208 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-11-21 07:44 71,744 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2007-11-21 07:44 34,336 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-11-21 07:44 5,288 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2007-11-21 07:43 <DIR> d----c--- C:\kav
2007-11-20 18:15 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2007-11-19 16:20 594 ---hs---- C:\WINNT\system32\ibdwjijs.ini
2007-11-19 14:17 414 ---hs---- C:\WINNT\system32\rdcxskca.ini
2007-11-14 15:42 534 ---hs---- C:\WINNT\system32\eqpryaiy.ini
2007-11-13 15:32 474 ---hs---- C:\WINNT\system32\jexmmhlj.ini
2007-11-13 09:30 1,854 ---hs---- C:\WINNT\system32\olliledr.ini
2007-11-12 18:45 <DIR> d-------- C:\Program Files\laughnetwork
2007-11-09 18:53 1,674 ---hs---- C:\WINNT\system32\gwcvahag.ini
2007-11-09 18:41 1,374 ---hs---- C:\WINNT\system32\amxtrwhv.ini
2007-11-08 18:41 1,314 ---hs---- C:\WINNT\system32\wybfjnsj.ini
2007-11-08 12:11 1,074 ---hs---- C:\WINNT\system32\nkxsmnnu.ini
2007-11-07 18:38 1,254 ---hs---- C:\WINNT\system32\wamxgbyb.ini
2007-11-07 18:38 294 ---hs---- C:\WINNT\system32\svjhxevf.ini
2007-11-07 18:20 <DIR> d-------- C:\Documents and Settings\administrateur.LOCAL\TOSHIBA
2007-11-07 18:12 <DIR> d-------- C:\Documents and Settings\administrateur.LOCAL\Application Data\Grisoft
2007-11-07 12:13 1,014 ---hs---- C:\WINNT\system32\hqumfwdi.ini
2007-11-06 18:11 71,232 --a------ C:\WINNT\system32\fdufgqpm.exe
2007-11-06 08:30 1,794 ---hs---- C:\WINNT\system32\egrfqtyf.ini
2007-11-05 14:32 354 ---hs---- C:\WINNT\system32\sbnryldd.ini
2007-11-05 12:29 294 ---hs---- C:\WINNT\system32\ytionefr.ini
2007-11-05 09:41 354 ---hs---- C:\WINNT\system32\dnnqckvf.ini
2007-10-31 07:02 294 ---hsc--- C:\WINNT\system32\gqdgctys.ini
2007-10-31 03:04 <DIR> d----c--- C:\FILES
2007-10-30 17:43 294 ---hs---- C:\WINNT\system32\rdclasir.ini
2007-10-30 08:15 41,744 --a--c--- C:\WINNT\system32\dllcache\grpconv.exe
2007-10-30 08:15 35,088 -----c--- C:\WINNT\system32\dllcache\ntlanman.dll
2007-10-30 08:12 974,608 --a------ C:\WINNT\system32\sfcfiles.dll
2007-10-30 08:12 547,088 --a------ C:\WINNT\system32\CRYPT32.DLL
2007-10-30 08:12 519,440 -----c--- C:\WINNT\system32\dllcache\ntdll.dll
2007-10-30 08:12 444,176 --a------ C:\WINNT\system32\ipnathlp.dll
2007-10-30 08:12 390,928 --a------ C:\WINNT\system32\USERENV.DLL
2007-10-30 08:12 311,296 -----c--- C:\WINNT\system32\dllcache\winhttp.dll
2007-10-30 08:12 263,440 --a------ C:\WINNT\system32\scesrv.dll
2007-10-30 08:12 255,760 -----c--- C:\WINNT\system32\dllcache\h323.tsp
2007-10-30 08:12 249,616 -----c--- C:\WINNT\system32\dllcache\mst120.dll
2007-10-30 08:12 167,184 -----c--- C:\WINNT\system32\dllcache\wintrust.dll
2007-10-30 08:12 118,032 --a------ C:\WINNT\system32\PSBASE.DLL
2007-10-30 08:12 118,032 -----c--- C:\WINNT\system32\dllcache\PSBASE.DLL
2007-10-30 08:12 115,984 --a------ C:\WINNT\system32\scecli.dll
2007-10-30 08:12 76,048 --a------ C:\WINNT\system32\cryptsvc.dll
2007-10-30 08:12 62,224 -----c--- C:\WINNT\system32\dllcache\nmcom.dll
2007-10-30 08:12 61,200 --a------ C:\WINNT\system32\CRYPTNET.DLL
2007-10-30 08:12 53,520 -----c--- C:\WINNT\system32\dllcache\msasn1.dll
2007-10-30 08:08 831,760 -----c--- C:\WINNT\system32\dllcache\mswdat10.dll
2007-10-30 08:08 614,429 --a------ C:\WINNT\system32\mswstr10.dll
2007-10-30 08:08 614,429 -----c--- C:\WINNT\system32\dllcache\mswstr10.dll
2007-10-30 08:08 561,424 -----c--- C:\WINNT\system32\dllcache\dao360.dll
2007-10-30 08:08 553,232 --a------ C:\WINNT\system32\msrepl40.dll
2007-10-30 08:08 553,232 -----c--- C:\WINNT\system32\dllcache\msrepl40.dll
2007-10-30 08:08 512,272 -----c--- C:\WINNT\system32\dllcache\msexch40.dll
2007-10-30 08:08 422,160 --a------ C:\WINNT\system32\msrd2x40.dll
2007-10-30 08:08 422,160 -----c--- C:\WINNT\system32\dllcache\msrd2x40.dll
2007-10-30 08:08 380,957 -----c--- C:\WINNT\system32\dllcache\expsrv.dll
2007-10-30 08:08 348,432 -----c--- C:\WINNT\system32\dllcache\mspbde40.dll
2007-10-30 08:08 315,664 --a------ C:\WINNT\system32\msrd3x40.dll
2007-10-30 08:08 315,664 -----c--- C:\WINNT\system32\dllcache\msrd3x40.dll
2007-10-30 08:08 258,320 -----c--- C:\WINNT\system32\dllcache\mstext40.dll
2007-10-30 08:08 30,749 --a------ C:\WINNT\system32\vbajet32.dll
2007-10-30 08:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-30 08:03 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-FRA$
2007-10-30 07:40 171,280 --a------ C:\WINNT\system32\jit.dll
2007-10-30 07:40 46,352 --a------ C:\WINNT\setdebug.exe
2007-10-30 07:40 6,550 --a------ C:\WINNT\jautoexp.dat
2007-10-30 07:39 947,472 --a------ C:\WINNT\system32\msjava.dll
2007-10-30 07:39 172,304 --a------ C:\WINNT\system32\jview.exe
2007-10-30 07:39 171,792 --a------ C:\WINNT\system32\wjview.exe
2007-10-30 07:39 154,384 --a------ C:\WINNT\system32\msawt.dll
2007-10-30 07:39 49,424 --a------ C:\WINNT\system32\clspack.exe
2007-10-30 07:39 21,264 --a------ C:\WINNT\system32\msjdbc10.dll
2007-10-30 07:39 113 --a------ C:\WINNT\system32\zonedon.reg
2007-10-30 07:39 113 --a------ C:\WINNT\system32\zonedoff.reg
2007-10-30 07:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-30 04:01 220,432 --a------ C:\WINNT\system32\DPLAYX.DLL
2007-10-30 04:01 220,432 --a--c--- C:\WINNT\system32\dllcache\dplayx.dll
2007-10-30 04:01 44,304 --a------ C:\WINNT\system32\DPWSOCKX.DLL
2007-10-30 04:01 44,304 --a--c--- C:\WINNT\system32\dllcache\dpwsockx.dll
2007-10-30 03:58 83,728 -----c--- C:\WINNT\system32\dllcache\srvsvc.dll
2007-10-30 03:56 55,568 -----c--- C:\WINNT\system32\dllcache\authz.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 17:42 --------- d---a-w C:\Program Files\Diagnostic Tool for the Microsoft VM
2007-11-07 17:24 --------- d---a-w C:\Program Files\microsoft frontpage
2007-11-07 17:20 --------- d---a-w C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-29 17:48 --------- d---a-w C:\Program Files\Microsoft.NET
2007-10-29 11:45 271 -c-h--w C:\Program Files\desktop.ini
2007-10-29 11:45 22,115 -c-h--w C:\Program Files\folder.htt
2007-10-29 11:34 --------- d---a-w C:\Program Files\Accessoires
2007-10-25 17:04 --------- d---a-w C:\Program Files\Yahoo!
2007-10-25 16:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-25 16:09 --------- d--ha-w C:\Program Files\InstallShield Installation Information
2007-10-25 16:09 --------- d---a-w C:\Program Files\HT AVI TO DVD Shareware
2007-10-22 09:00 76,488 -c--a-w C:\Documents and Settings\SFRITZ\Application Data\GDIPFONTCACHEV1.DAT
2007-10-19 10:42 --------- d---a-w C:\Program Files\AxBx
2007-10-19 06:11 --------- d---a-w C:\Program Files\McAfee
2007-10-15 05:15 --------- d---a-w C:\Program Files\Google
2007-10-11 11:54 --------- d---a-w C:\Program Files\WinPcap
2007-10-09 06:45 --------- d---a-w C:\Program Files\Nsasoft
2007-10-09 05:30 --------- d---a-w C:\Program Files\FRITZ01
2007-10-08 05:01 --------- d-----w C:\Documents and Settings\SFRITZ\Application Data\UseNeXT
2007-10-05 06:18 --------- d---a-w C:\Program Files\IZArc
2007-10-05 06:05 --------- d---a-w C:\Program Files\QuickPar
2007-09-26 05:41 --------- d---a-w C:\Program Files\MSN Messenger
2007-09-25 12:05 --------- d---a-w C:\Program Files\Utilitaires LanBooster
2007-09-17 15:59 39,424 ----a-w C:\WINNT\zipinst.exe
2006-10-10 06:33 35 -c--a-w C:\Documents and Settings\SFRITZ\SXCPATHS.DAT
2004-06-10 17:26 449 -c--a-w C:\Documents and Settings\SFRITZ\UpdateReg.reg
2001-02-21 09:01 131,072 ----a-w C:\Documents and Settings\SFRITZ\MSINFO32.EXE
1998-05-18 01:06 368,912 -csha-w C:\WINNT\system32\vbar332.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235508d2-a4d3-4696-b05d-7a8c7b733bc5}]
07-11-24 12:21 81472 --a------ C:\WINNT\system32\ioekbowe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-09-04 22:40 ]
"ctfmon.exe"="ctfmon.exe" [05-03-21 15:13 C:\WINNT\system32\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="atiptaxx.exe" [02-01-22 00:54 C:\WINNT\system32\atiptaxx.exe]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [07-06-28 12:51 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [01-05-08 00:00 C:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 ]
C:\WINNT\system32\klogon.dll 07-06-28 12:51 206088 C:\WINNT\system32\klogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\udwfxfpa]
udwfxfpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wrgodhkx]
wrgodhkx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=ctfmon.exe
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AtiPTA"=atiptaxx.exe
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"StatusClient 2.6"=C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"SymTray - Norton SystemWorks"=C:\Program Files\Fichiers communs\Symantec Shared\Symtray.exe SetReg
"Synchronization Manager"=mobsync.exe /logon
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

R2 KeyP;KeyP;C:\WINNT\system32\DRIVERS\KeyP.sys
R2 myAgtSvc;Service de protection contre les virus et les logiciels espions McAfee;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINNT\system32\inetsrv\inetinfo.exe
R3 Camdrv30;Philips ToUcam XS;C:\WINNT\system32\Drivers\camdrv30.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys
S1 sglfb;sglfb;C:\WINNT\system32\drivers\sglfb.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 MSSQL$FRITZ01;MSSQL$FRITZ01;C:\Program Files\Microsoft SQL Server\MSSQL$FRITZ01\Binn\sqlservr.exe -sFRITZ01
S3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINNT\System32\Drivers\NPDRIVER.SYS
S3 SDdriver;SDdriver;\??\C:\WINNT\System32\Drivers\sddriver.sys
S3 SQLAgent$FRITZ01;SQLAgent$FRITZ01;C:\Program Files\Microsoft SQL Server\MSSQL$FRITZ01\Binn\sqlagent.EXE -i FRITZ01
S3 trid3d;trid3d;C:\WINNT\system32\DRIVERS\trid3dm.sys
S3 VisorUsb;Handspring USB;C:\WINNT\system32\DRIVERS\VisorUsb.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-24 02:00:00 C:\WINNT\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Program Files\SpywareRemover\SpywareRemover.ex
- C:\Program Files\SpywareRemover.SFRITZZRuns SpywareRemover to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 13:01:41
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 13:03:27 - machine was rebooted
.
--- E O F ---
24 Novembre 2007 19:20:50

Beau ménage, mais il en reste.


Commence par t'occuper de tes antivirus (Norton, BitDefender, McAffee et Kaspesky). Il en faut un seul, sinon, il y a risque de conflit.


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINNT\system32\jhqlpthk.dll
C:\WINNT\system32\ioekbowe.dll
C:\WINNT\system32\kdbespnn.ini
C:\WINNT\system32\gyowqaya.exe
C:\WINNT\system32\lmpwcblu.ini
C:\WINNT\system32\tjlptrwe.exe
C:\WINNT\system32\nyrlsrnq.ini
C:\WINNT\system32\__c009331E.vir
C:\WINNT\system32\yhtkajrc.ini
C:\WINNT\system32\ibdwjijs.ini
C:\WINNT\system32\rdcxskca.ini
C:\WINNT\system32\eqpryaiy.ini
C:\WINNT\system32\jexmmhlj.ini
C:\WINNT\system32\olliledr.ini
C:\WINNT\system32\gwcvahag.ini
C:\WINNT\system32\amxtrwhv.ini
C:\WINNT\system32\wybfjnsj.ini
C:\WINNT\system32\nkxsmnnu.ini
C:\WINNT\system32\wamxgbyb.ini
C:\WINNT\system32\svjhxevf.ini
C:\WINNT\system32\hqumfwdi.ini
C:\WINNT\system32\fdufgqpm.exe
C:\WINNT\system32\egrfqtyf.ini
C:\WINNT\system32\sbnryldd.ini
C:\WINNT\system32\ytionefr.ini
C:\WINNT\system32\dnnqckvf.ini
C:\WINNT\system32\gqdgctys.ini
C:\WINNT\system32\rdclasir.ini
C:\WINNT\Tasks\SpywareRemover Scheduled Scan.job
C:\WINNT\system32\winmgd.win
C:\WINNT\system32\mouse_configurator.win

Folder::
C:\Documents and Settings\SFRITZ\Application Data\BestsellerAntivirus
C:\Program Files\SpywareRemover

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235508d2-a4d3-4696-b05d-7a8c7b733bc5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\udwfxfpa]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wrgodhkx]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS