Merci beaucoup Sham-Rock de poursuivre ton aide.
Voici le rapport ComboFix:
ComboFix 07-10-23.2 - Ludovic 2007-10-23 9:08:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502 [GMT 2:00]
Running from: C:\Documents and Settings\Ludovic\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\Ludovic\Application Data\macromedia\Flash Player\#SharedObjects\KZ3HJBSR\iforex.com
C:\Documents and Settings\Ludovic\Application Data\macromedia\Flash Player\#SharedObjects\KZ3HJBSR\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Ludovic\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Ludovic\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\~.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))))))))
.
2007-10-23 09:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 17:55 <REP> d-------- C:\VundoFix Backups
2007-10-22 11:59 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-22 11:03 <REP> d-------- C:\WINDOWS\system32\PAV
2007-10-22 11:02 <REP> d-------- C:\Program Files\Panda Software
2007-10-22 11:02 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2007-10-22 10:59 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-10-22 10:09 558,547 ---hs---- C:\WINDOWS\system32\tvvwa.ini2
2007-10-22 09:24 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-20 09:04 572,019 ---hs---- C:\WINDOWS\system32\tvvwa.bak2
2007-10-19 09:16 6,465 ---hs---- C:\WINDOWS\system32\tvvwa.bak1
2007-10-19 09:10 <REP> d--h----- C:\Program Files\ObjectX
2007-10-19 09:10 167,945 --a------ C:\WINDOWS\system32\sysdl132.exe
2007-10-10 13:50 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 18:15 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-10-08 18:15 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-10-08 18:15 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-10-08 18:15 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-10-08 18:15 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-10-08 18:15 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-10-08 18:15 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-08 18:15 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-10-08 18:06 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2007-10-08 18:02 <REP> d-------- C:\Program Files\Logitech
2007-09-29 15:30 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\DivX
2007-09-29 15:24 <REP> d-------- C:\Program Files\DivX
2007-09-26 11:39 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-09-24 23:30 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-09-24 23:30 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-09-24 23:30 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-09-24 23:30 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-09-24 23:30 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-09-24 23:30 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-09-24 23:30 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-09-24 23:30 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 07:06 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-22 19:16 --------- d-----w C:\Program Files\UnibetpokerMPP
2007-10-22 16:13 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Microgaming
2007-10-22 13:55 --------- d-----w C:\Program Files\FlashGet
2007-10-22 09:07 --------- d-----w C:\Program Files\FTP Expert 3
2007-10-22 09:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 08:00 --------- d-----w C:\Program Files\SMAC
2007-10-22 07:56 --------- d-----w C:\Program Files\MSN Messenger
2007-10-19 16:24 --------- d-----w C:\Program Files\PokerStars.NET
2007-10-15 14:46 --------- d-----w C:\Program Files\Absolute Poker
2007-10-14 10:04 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-14 08:32 --------- d-----w C:\Program Files\Java
2007-10-10 15:15 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\gtk-2.0
2007-10-06 09:27 --------- d-----w C:\Program Files\UltimateBet
2007-09-25 13:28 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\OpenOffice.org2
2007-08-31 11:44 --------- d-----w C:\Program Files\Everest Poker
2006-04-10 06:29 184,320 ----a-w C:\Program Files\cutkiller.exe
2006-03-14 11:55 689,152 ----a-w C:\Program Files\Xtremsplit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{317833AD-3A96-11DC-8314-0911200C9A66}]
2007-10-19 09:10 95232 --a------ C:\Program Files\ObjectX\ie-improver.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAFB8B5D-6819-4CB4-A8C9-B92AFEBE73C8}]
C:\WINDOWS\system32\awvvt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04]
"nwiz"="nwiz.exe" [2006-05-01 22:04 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 07:59]
"LUPGCONF"="C:\Program Files\Panda Software\Panda Antivirus 2007\LUpgConf.exe" [2007-10-23 09:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkigg]
ljjkigg.dll
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device
VD "%L"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-14 19:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 09:16:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-23 9:17:54
.
--- E O F ---
Voici le rapport HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20:48, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGS\Anti Spy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: BHO-X - {317833AD-3A96-11DC-8314-0911200C9A66} - C:\Program Files\ObjectX\ie-improver.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CAFB8B5D-6819-4CB4-A8C9-B92AFEBE73C8} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LUPGCONF] "C:\Program Files\Panda Software\Panda Antivirus 2007\LUpgConf.exe" /RunOnce:2_00_03
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Ludovic\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Ludovic\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C446EE-F52F-480D-BF94-97505D13EAEC}: NameServer = 192.168.3.254
O20 - Winlogon Notify: ljjkigg - ljjkigg.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10585 bytes
Voilà...
bonjour
1
supprime tous tes jeux de Poker, ce sont des vrais nids à infection.
2
Copie (Ctrl+C) le texte ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Voilà le log de ComboFix :
ComboFix 07-10-23.2 - Ludovic 2007-10-23 14:34:28.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.483 [GMT 2:00]
Running from: C:\Documents and Settings\Ludovic\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ludovic\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\sysdl132.exe
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini2
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ObjectX
C:\Program Files\ObjectX\bho.dat
C:\Program Files\ObjectX\er.dat
C:\Program Files\ObjectX\ie-improver.dll
C:\Program Files\ObjectX\uninstall.exe
C:\WINDOWS\system32\sysdl132.exe
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))))))))
.
2007-10-23 09:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 17:55 <REP> d-------- C:\VundoFix Backups
2007-10-22 11:59 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-22 11:03 <REP> d-------- C:\WINDOWS\system32\PAV
2007-10-22 11:02 <REP> d-------- C:\Program Files\Panda Software
2007-10-22 11:02 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2007-10-22 10:59 71,552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-10-22 09:24 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 13:50 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 18:15 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-10-08 18:15 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-10-08 18:15 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-10-08 18:15 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-10-08 18:15 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-10-08 18:15 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-10-08 18:15 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-08 18:15 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-10-08 18:06 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2007-10-08 18:02 <REP> d-------- C:\Program Files\Logitech
2007-09-29 15:30 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\DivX
2007-09-29 15:24 <REP> d-------- C:\Program Files\DivX
2007-09-26 11:39 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-09-24 23:30 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-09-24 23:30 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-09-24 23:30 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-09-24 23:30 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-09-24 23:30 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-09-24 23:30 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-09-24 23:30 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-09-24 23:30 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 07:06 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-22 19:16 --------- d-----w C:\Program Files\UnibetpokerMPP
2007-10-22 16:13 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Microgaming
2007-10-22 13:55 --------- d-----w C:\Program Files\FlashGet
2007-10-22 09:07 --------- d-----w C:\Program Files\FTP Expert 3
2007-10-22 09:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 08:00 --------- d-----w C:\Program Files\SMAC
2007-10-22 07:56 --------- d-----w C:\Program Files\MSN Messenger
2007-10-19 16:24 --------- d-----w C:\Program Files\PokerStars.NET
2007-10-15 14:46 --------- d-----w C:\Program Files\Absolute Poker
2007-10-14 10:04 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-14 08:32 --------- d-----w C:\Program Files\Java
2007-10-10 15:15 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\gtk-2.0
2007-10-06 09:27 --------- d-----w C:\Program Files\UltimateBet
2007-09-25 13:28 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\OpenOffice.org2
2006-04-10 06:29 184,320 ----a-w C:\Program Files\cutkiller.exe
2006-03-14 11:55 689,152 ----a-w C:\Program Files\Xtremsplit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04]
"nwiz"="nwiz.exe" [2006-05-01 22:04 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 07:59]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-14 19:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 14:38:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-23 14:40:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-23 09:17
.
--- E O F ---
Pour les jeux de poker, je suis bien embêté, j'en ai déjà enlevé un, mais je dois avouer que je suis accroc au poker en ligne... Y'en a-t-il de moins risqués? Lesquels sont les pires à proscrire d'urgence? Merci pour tout en tout cas!
Bonjour,
Voici les rapports :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:39, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\Basketboy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SystemApp - {163D9676-810E-11DC-8314-0800200C9A66} - C:\Program Files\SystemApp\ie-improver.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [84cba0a2] rundll32.exe "C:\WINDOWS\system32\njbqxexw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Ludovic\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Ludovic\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C446EE-F52F-480D-BF94-97505D13EAEC}: NameServer = 192.168.7.254
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 11782 bytes
ComboFix 07-10-23.2 - Ludovic 2007-10-28 9:39:12.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.795 [GMT 1:00]
Running from: C:\Documents and Settings\Ludovic\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c002B349.dat
C:\WINDOWS\system32\__c006C426.dat
C:\WINDOWS\system32\__c00D72CC.dat
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\uxgdovbw.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))))))))
.
2007-10-27 19:13 83,520 --a------ C:\WINDOWS\system32\njbqxexw.dll
2007-10-27 19:05 10,816 --a------ C:\WINDOWS\system32\xpwkfguf.dll
2007-10-26 09:49 <REP> d-------- C:\Program Files\CCleaner
2007-10-26 09:34 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\Grisoft
2007-10-26 09:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-26 08:30 10,816 --a------ C:\WINDOWS\system32\psjujyod.dll
2007-10-26 08:25 10,816 --a------ C:\WINDOWS\system32\iwaiwplr.dll
2007-10-25 06:49 10,816 --a------ C:\WINDOWS\system32\odatsfgp.dll
2007-10-23 19:00 <REP> d--h----- C:\Program Files\SystemApp
2007-10-23 19:00 33,792 --a------ C:\WINDOWS\system32\iifggde.dll
2007-10-23 18:54 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-23 18:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-23 18:54 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-23 18:54 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-23 18:54 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-23 18:54 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-23 18:54 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-23 08:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 16:55 <REP> d-------- C:\VundoFix Backups
2007-10-22 10:59 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-22 08:24 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 12:50 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 17:15 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-10-08 17:15 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-10-08 17:15 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-10-08 17:15 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-10-08 17:15 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-10-08 17:15 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-10-08 17:15 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-08 17:15 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-10-08 17:06 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2007-10-08 17:02 <REP> d-------- C:\Program Files\Logitech
2007-09-29 14:30 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\DivX
2007-09-29 14:24 <REP> d-------- C:\Program Files\DivX
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 18:28 --------- d-----w C:\Program Files\FlashGet
2007-10-24 17:45 --------- d-----w C:\Program Files\UnibetpokerMPP
2007-10-24 16:33 --------- d-----w C:\Program Files\Absolute Poker
2007-10-24 16:03 --------- d-----w C:\Program Files\PokerStars.NET
2007-10-24 16:02 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Microgaming
2007-10-23 17:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 07:06 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-22 09:07 --------- d-----w C:\Program Files\FTP Expert 3
2007-10-22 08:00 --------- d-----w C:\Program Files\SMAC
2007-10-22 07:56 --------- d-----w C:\Program Files\MSN Messenger
2007-10-14 10:04 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-14 08:32 --------- d-----w C:\Program Files\Java
2007-10-10 15:15 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\gtk-2.0
2007-10-07 16:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-06 09:27 --------- d-----w C:\Program Files\UltimateBet
2007-09-25 13:28 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\OpenOffice.org2
2006-04-10 06:29 184,320 ----a-w C:\Program Files\cutkiller.exe
2006-03-14 11:55 689,152 ----a-w C:\Program Files\Xtremsplit.exe
.
((((((((((((((((((((((((((((( snapshot@2007-10-23_ 9.17.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 05:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-10-22 09:05:23 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 08:23:49 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-22 09:05:23 76,582 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-10-28 08:23:49 76,582 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-22 09:05:23 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 08:23:49 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-22 09:05:23 471,484 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-10-28 08:23:49 471,484 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-04-02 12:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 13:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-10-28 08:45:41 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7d8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{163D9676-810E-11DC-8314-0800200C9A66}]
2007-10-23 19:00 95232 --a------ C:\Program Files\SystemApp\ie-improver.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04]
"nwiz"="nwiz.exe" [2006-05-01 21:04 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47]
"TPSMain"="TPSMain.exe" [2005-08-03 15:09 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"84cba0a2"="C:\WINDOWS\system32\njbqxexw.dll" [2007-10-27 19:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-14 19:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 09:46:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-28 9:48:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-24 13:12
C:\ComboFix3.txt ... 2007-10-23 13:40
.
--- E O F ---
Je n'ai pas testé après ces scans, je ne sais pas si ça remarche...
je te mets la suite car plus on perd du temps, plus l'infection se développe.
la procédure n'est valable que si tu supprimes tes jeux de poker, sinon, on perd notre temps tous les deux.
++++++++++++++++++++++++++++++
Copie (Ctrl+C) le texte ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
++++++++++++++++++++++++++++++
Clique démarrer/exécuter, tape regedit puis clique ok
Recherche la clé en déroulant :
HKEY_LOCAL_Machine\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Program Files\ObjectX\uninstall.exe"
Suprime par un clic droit/supprimer si cette clé est présente.
Même chose avec :
HKEY_LOCAL_Machine\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Program Files\ SystemApp\uninstall.exe"
+++++++++++++++++++++
Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.
Suite au redémarrage, copie/colle le contenu du rapport généré par l'outil qui se trouve ici : C:\fixwareout\report.txt, avec un nouveau rapport HijackThis! également.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bonsoir
c'est angeldark qui continuera avec toi car je vais être absent pendant deux jours.
bonne fin de désinfection 
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Voici le rapport de ComboFix:
ComboFix 07-10-23.2 - Ludovic 2007-10-29 22:15:41.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.408 [GMT 1:00]
Running from: C:\Documents and Settings\Ludovic\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ludovic\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\iifggde.dll
C:\WINDOWS\system32\iwaiwplr.dll
C:\WINDOWS\system32\njbqxexw.dll
C:\WINDOWS\system32\odatsfgp.dll
C:\WINDOWS\system32\psjujyod.dll
C:\WINDOWS\system32\xpwkfguf.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\SystemApp
C:\Program Files\SystemApp\bho.dat
C:\Program Files\SystemApp\er.dat
C:\Program Files\SystemApp\ie-improver.dll
C:\Program Files\SystemApp\uninstall.exe
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\fptglprk.dll.bad
C:\VundoFix Backups\krplgtpf.ini.bad
C:\VundoFix Backups\ykoyddob.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\iifggde.dll
C:\WINDOWS\system32\iwaiwplr.dll
C:\WINDOWS\system32\njbqxexw.dll
C:\WINDOWS\system32\odatsfgp.dll
C:\WINDOWS\system32\psjujyod.dll
C:\WINDOWS\system32\xpwkfguf.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
.
2007-10-28 17:58 <REP> d--h----- C:\Program Files\Zero G Registry
2007-10-28 17:57 <REP> d--h----- C:\Documents and Settings\Ludovic\InstallAnywhere
2007-10-28 09:50 <REP> d-------- C:\HijackThis
2007-10-26 09:49 <REP> d-------- C:\Program Files\CCleaner
2007-10-26 09:34 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\Grisoft
2007-10-26 09:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-23 18:54 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-23 18:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-23 18:54 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-23 18:54 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-23 18:54 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-23 18:54 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-23 18:54 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-23 08:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 10:59 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-10-10 12:50 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 17:15 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-10-08 17:15 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-10-08 17:15 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-10-08 17:15 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-10-08 17:15 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-10-08 17:15 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-10-08 17:15 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-08 17:15 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-10-08 17:06 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2007-10-08 17:02 <REP> d-------- C:\Program Files\Logitech
2007-09-29 14:30 <REP> d-------- C:\Documents and Settings\Ludovic\Application Data\DivX
2007-09-29 14:24 <REP> d-------- C:\Program Files\DivX
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 20:43 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\Microgaming
2007-10-29 20:38 --------- d-----w C:\Program Files\UltimateBet
2007-10-29 20:37 --------- d-----w C:\Program Files\PokerStars.NET
2007-10-29 20:37 --------- d-----w C:\Program Files\Absolute Poker
2007-10-29 08:59 --------- d-----w C:\Program Files\FlashGet
2007-10-23 17:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 07:06 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-22 09:07 --------- d-----w C:\Program Files\FTP Expert 3
2007-10-22 08:00 --------- d-----w C:\Program Files\SMAC
2007-10-22 07:56 --------- d-----w C:\Program Files\MSN Messenger
2007-10-14 10:04 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-14 08:32 --------- d-----w C:\Program Files\Java
2007-10-10 15:15 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\gtk-2.0
2007-10-07 16:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-09-25 13:28 --------- d-----w C:\Documents and Settings\Ludovic\Application Data\OpenOffice.org2
2006-04-10 06:29 184,320 ----a-w C:\Program Files\cutkiller.exe
2006-03-14 11:55 689,152 ----a-w C:\Program Files\Xtremsplit.exe
.
((((((((((((((((((((((((((((( snapshot@2007-10-23_ 9.17.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 05:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-10-22 09:05:23 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 08:23:49 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-22 09:05:23 76,582 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-10-28 08:23:49 76,582 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-22 09:05:23 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 08:23:49 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-22 09:05:23 471,484 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-10-28 08:23:49 471,484 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-04-02 12:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 13:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-10-29 21:18:39 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7f4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04]
"nwiz"="nwiz.exe" [2006-05-01 21:04 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47]
"TPSMain"="TPSMain.exe" [2005-08-03 15:09 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-14 19:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 22:19:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-29 22:21:34 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 09:48
C:\ComboFix3.txt ... 2007-10-24 13:12
.
--- E O F ---
Petite précision, les jeux de pokers ont bien été désinstallés, mais les répertoires étaient restés, je les ai supprimé manuellement après ce scan en les ayant vu sur la liste. La suite arrive.
Merci pour tout Sham-Rock!
Message édité par basketboy le 29-10-2007 à 22:27:45
