clé crypto API + ntos.exe + 55critical sustem errors [RESOLU]
Forum Sécurité - Virus : clé crypto API + ntos.exe + 55critical sustem errors [RESOLU]
bonjour,
quelqu'un peut il m'aider ou me diriger vers un autre forum (personne n'a repondu sur celui ci à mes deux demandes précédentes!) a propos d'une demande de clé crypto API en rapport avec le fichier ntos.exe.
je n'ai plus accès aux fonctions d'administrateur.
de plus je reçois maintenant une fenetre me signalant 55 critical system errors, et me demandant (en résumé) "download registry update from
--édité par Angeldark--
Je n'ai toujours pas de réponse, je ne sais pas si je peux appliquer un protocole, selon la question ntos dejà résolue figurant dèjà dans le forum.
Message édité par pterpan le 26-12-2007 à 14:56:08
Bonjour,
Désactive tes protections résidentes (antivirus...) !
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
je scan en fin d'apres midi, je ne serais pas avant devant mon ordinateur, et je t'envoie le rapport.
merci.
Ok 
Répondre à Angeldark
a suivre rapport combofix.txt
ComboFix 07-12-18.1 - Pierrot 2007-12-18 20:18:09.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.62 [GMT 1:00]
Running from: C:\Documents and Settings\Pierrot\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32.dll
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\repl.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.
2007-12-16 22:09 . 2007-12-16 22:09 2,096 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 22:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 22:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 22:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 22:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 22:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 22:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 19:00 . 2007-12-16 19:00 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 13:01 . 2007-12-18 07:39 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-16 13:01 . 2007-12-16 13:01 <REP> d-------- C:\Documents and Settings\Pierrot\Application Data\Thunderbird
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Program Files\Avira
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 19:01 . 2007-12-15 19:01 0 --a------ C:\40.tmp
2007-12-15 19:00 . 2007-12-15 19:00 0 --a------ C:\F.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\3.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\2.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\1.tmp
2007-11-30 19:53 . 19,456 C:\WINDOWS\system32\drivers\vzhbefma.dat
2007-11-29 19:10 . 2001-08-28 11:00 87,552 --a------ C:\WINDOWS\system32\atkctr.dll
2007-11-18 00:04 . 2007-11-18 00:04 221 --a------ C:\WINDOWS\sam7_E.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 19:38 --------- d-----w C:\Program Files\Wanadoo
2007-12-15 23:51 --------- d-----w C:\Program Files\Google
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2007-12-08 17:15 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\U3
2007-11-17 22:48 --------- d-----w C:\Program Files\Magix
2007-11-04 18:09 5,963,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-08 07:15 40,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_07_19_58_39_small.dmp.zip
2007-01-13 17:48 45,868 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_13_18_41_43_small.dmp.zip
2007-01-04 14:02 34,664 ----a-w C:\Documents and Settings\Pierrot\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040FA520-78C6-41ce-81D0-9E733ABC1A29}]
C:\WINDOWS\System32\comi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE}]
2001-08-28 11:00 87552 --a------ C:\WINDOWS\System32\atkctr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"SsAAD.exe"="C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 08:09]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-28 11:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Documents and Settings\Pierrot\Mes documents\Pierre JAILLETTE\emule_win2k_winsp1\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-04 02:01 28739 --a------ C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 13:48 286720 --a------ C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
C:\WINDOWS\System32\winter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-12 11:59 24576 --a------ C:\Program Files\Microsoft Works\wkfud.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R0 zexnasuq;zexnasuq;C:\WINDOWS\System32\drivers\vzhbefma.dat []
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Maestro;Pilote audio ESS Maestro2E (WDM);C:\WINDOWS\System32\drivers\essm2e.sys [2001-08-17 20:19]
S3 ntosnh.sys;ntosnh.sys;C:\WINDOWS\system32\drivers\ntosnh.sys []
S3 ntoss.sys;ntoss.sys;C:\WINDOWS\system32\drivers\ntoss.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-18 19:18:05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 20:38:41
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-18 20:40:41 - machine was rebooted [Pierrot]
Re,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:46, on 18/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\System32\comi.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE} - C:\WINDOWS\System32\atkctr.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07C06BCF-1AB8-4E99-9FF4-F1BFA6B756DC}: NameServer = 85.255.115.53,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 81.253.149.9 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
O17 - HKLM\System\CS1\Services\Tcpip\..\{07C06BCF-1AB8-4E99-9FF4-F1BFA6B756DC}: NameServer = 85.255.115.53,85.255.112.217
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
O17 - HKLM\System\CS2\Services\Tcpip\..\{07C06BCF-1AB8-4E99-9FF4-F1BFA6B756DC}: NameServer = 85.255.115.53,85.255.112.217
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7954 bytes
Re,
Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.
Télécharge le FixWareout (LonnyRJones) sur le Bureau.
**Si le lien ne fonctionne pas, clique ici**
Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
Répondre à Angeldark
Username "Pierrot" - 18/12/2007 21:36:22 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.53 85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{07C06BCF-1AB8-4E99-9FF4-F1BFA6B756DC}
"nameserver"="85.255.115.53,85.255.112.217" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{07C06BCF-1AB8-4E99-9FF4-F1BFA6B756DC}
"DhcpNameServer"="85.255.115.53,85.255.112.217" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C-Media Mixer"="Mixer.exe /startup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"CnxDslTaskBar"="\"C:\\Program Files\\ZTE Corporation\\ZXDSL852\\CnxDslTb.exe\" \"ZTE Corporation\\ZXDSL852\""
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"SsAAD.exe"="C:\\DOCUME~1\\Pierrot\\Bureau\\RENAUD\\SONICS~1\\SsAAD.exe"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"WOOKIT"="C:\\Program Files\\Wanadoo\\GestMaj.exe GestionnaireInternet.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:02, on 18/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\System32\comi.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE} - C:\WINDOWS\System32\atkctr.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 80.10.246.1 81.253.149.10
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7346 bytes
Refais un scan Combofix 
Répondre à Angeldark
j'ai fait un peu le point,
j'ai a nouveau accès aux fonction administrateur (bureau propriétés, panneau config etc...) super dèjà merci.
J'ai toujours la demande de clé privée cryptoAPI a l'ouverture de windows
a suivre rapport combo fix
ComboFix 07-12-18.1 - Pierrot 2007-12-18 21:51:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.73 [GMT 1:00]
Running from: C:\Documents and Settings\Pierrot\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:10 . 2007-12-18 21:10 <REP> d-------- C:\Program Files\Trend Micro
2007-12-16 22:09 . 2007-12-16 22:09 2,096 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 22:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 22:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 22:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 22:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 22:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 22:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 19:00 . 2007-12-16 19:00 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 13:01 . 2007-12-18 07:39 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-16 13:01 . 2007-12-16 13:01 <REP> d-------- C:\Documents and Settings\Pierrot\Application Data\Thunderbird
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Program Files\Avira
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 19:01 . 2007-12-15 19:01 0 --a------ C:\40.tmp
2007-12-15 19:00 . 2007-12-15 19:00 0 --a------ C:\F.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\3.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\2.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\1.tmp
2007-11-30 19:53 . 19,456 C:\WINDOWS\system32\drivers\vzhbefma.dat
2007-11-29 19:10 . 2001-08-28 11:00 87,552 --a------ C:\WINDOWS\system32\atkctr.dll
2007-11-18 00:04 . 2007-11-18 00:04 221 --a------ C:\WINDOWS\sam7_E.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 20:45 --------- d-----w C:\Program Files\Wanadoo
2007-12-15 23:51 --------- d-----w C:\Program Files\Google
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2007-12-08 17:15 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\U3
2007-11-17 22:48 --------- d-----w C:\Program Files\Magix
2007-11-04 18:09 5,963,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-08 07:15 40,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_07_19_58_39_small.dmp.zip
2007-01-13 17:48 45,868 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_13_18_41_43_small.dmp.zip
2007-01-04 14:02 34,664 ----a-w C:\Documents and Settings\Pierrot\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-12-18_20.39.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-18 20:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-18 20:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-18 20:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040FA520-78C6-41ce-81D0-9E733ABC1A29}]
C:\WINDOWS\System32\comi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE}]
2001-08-28 11:00 87552 --a------ C:\WINDOWS\System32\atkctr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"SsAAD.exe"="C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 08:09]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Scroll-In-Mouse V2.0.lnk - C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe [2005-09-25 10:01:20]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Documents and Settings\Pierrot\Mes documents\Pierre JAILLETTE\emule_win2k_winsp1\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-04 02:01 28739 --a------ C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 13:48 286720 --a------ C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
C:\WINDOWS\System32\winter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-12 11:59 24576 --a------ C:\Program Files\Microsoft Works\wkfud.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R0 zexnasuq;zexnasuq;C:\WINDOWS\System32\drivers\vzhbefma.dat []
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Maestro;Pilote audio ESS Maestro2E (WDM);C:\WINDOWS\System32\drivers\essm2e.sys [2001-08-17 20:19]
S3 ntosnh.sys;ntosnh.sys;C:\WINDOWS\system32\drivers\ntosnh.sys []
S3 ntoss.sys;ntoss.sys;C:\WINDOWS\system32\drivers\ntoss.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-18 20:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 21:57:13
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\ntos.exe 103936 bytes executable
C:\WINDOWS\system32\wsnpoem
scan completed successfully
hidden files: 2
**************************************************************************
.
Completion time: 2007-12-18 21:59:44
C:\ComboFix2.txt ... 2007-12-18 20:40
Re,
Tu peux analyser le fichier ci-dessous sur VirusTotal ?
C:\WINDOWS\system32\drivers\vzhbefma.dat
On attaque après.
Répondre à Angeldark
je ne connais pas virus total?
peux tu m'eclairer ?
merci
J'ai trouvé Virus Total, mais je ne peux pas envoyer le fichier pour scan, ni par le site, ni par mail, les deux me disent que je n'ai pas accès au fichier ?
Ok.
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Rootkit::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
ComboFix 07-12-18.1 - Pierrot 2007-12-19 20:56:01.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.70 [GMT 1:00]
Running from: C:\Documents and Settings\Pierrot\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pierrot\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\System32\atkctr.dll
C:\WINDOWS\System32\comi.dll
C:\WINDOWS\System32\winter.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\System32\atkctr.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:10 . 2007-12-18 21:10 <REP> d-------- C:\Program Files\Trend Micro
2007-12-16 22:09 . 2007-12-16 22:09 2,096 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 22:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 22:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 22:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 22:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 22:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 22:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 19:00 . 2007-12-16 19:00 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 13:01 . 2007-12-19 20:29 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-16 13:01 . 2007-12-16 13:01 <REP> d-------- C:\Documents and Settings\Pierrot\Application Data\Thunderbird
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Program Files\Avira
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 19:01 . 2007-12-15 19:01 0 --a------ C:\40.tmp
2007-12-15 19:00 . 2007-12-15 19:00 0 --a------ C:\F.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\3.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\2.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\1.tmp
2007-11-30 19:53 . 19,456 C:\WINDOWS\system32\drivers\vzhbefma.dat
2007-11-29 19:10 . 2001-08-28 11:00 87,552 --a------ C:\WINDOWS\system32\atkctr.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 20:04 --------- d-----w C:\Program Files\Wanadoo
2007-12-19 06:37 --------- d-----w C:\Program Files\LooperTools
2007-12-19 06:36 --------- d-----w C:\Program Files\Google
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2007-12-08 17:15 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\U3
2007-11-17 22:48 --------- d-----w C:\Program Files\Magix
2007-11-04 18:09 5,963,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-08 07:15 40,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_07_19_58_39_small.dmp.zip
2007-01-13 17:48 45,868 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_13_18_41_43_small.dmp.zip
2007-01-04 14:02 34,664 ----a-w C:\Documents and Settings\Pierrot\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-12-18_20.39.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-29 10:40:15 152,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-19 14:35:06 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-18 19:09:16 49,307 ----a-w C:\WINDOWS\system32\wsnpoem\video.dll
+ 2007-12-19 19:16:41 49,307 ----a-w C:\WINDOWS\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE}]
2001-08-28 11:00 87552 --a------ C:\WINDOWS\System32\atkctr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"SsAAD.exe"="C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 08:09]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-28 11:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Documents and Settings\Pierrot\Mes documents\Pierre JAILLETTE\emule_win2k_winsp1\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 13:48 286720 --a------ C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R0 zexnasuq;zexnasuq;C:\WINDOWS\System32\drivers\vzhbefma.dat []
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Maestro;Pilote audio ESS Maestro2E (WDM);C:\WINDOWS\System32\drivers\essm2e.sys [2001-08-17 20:19]
S3 ntosnh.sys;ntosnh.sys;C:\WINDOWS\system32\drivers\ntosnh.sys []
S3 ntoss.sys;ntoss.sys;C:\WINDOWS\system32\drivers\ntoss.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-19 19:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 21:04:41
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-19 21:06:30 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-18 21:59
C:\ComboFix3.txt ... 2007-12-18 20:40
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:23, on 19/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE} - C:\WINDOWS\System32\atkctr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6405 bytes
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:28, on 19/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE} - C:\WINDOWS\System32\atkctr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6405 bytes
Le nouveau script arrive.
Répondre à Angeldark
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
ComboFix 07-12-18.1 - Pierrot 2007-12-19 21:17:49.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.76 [GMT 1:00]
Running from: C:\Documents and Settings\Pierrot\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pierrot\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\drivers\ntosnh.sys
C:\WINDOWS\system32\drivers\ntoss.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\System32\atkctr.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTOSNH.SYS
-------\ntosnh.sys
-------\ntoss.sys
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:10 . 2007-12-18 21:10 <REP> d-------- C:\Program Files\Trend Micro
2007-12-16 22:09 . 2007-12-16 22:09 2,096 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 22:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 22:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 22:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 22:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 22:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 22:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 19:00 . 2007-12-16 19:00 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 13:01 . 2007-12-19 20:29 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-16 13:01 . 2007-12-16 13:01 <REP> d-------- C:\Documents and Settings\Pierrot\Application Data\Thunderbird
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Program Files\Avira
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 19:01 . 2007-12-15 19:01 0 --a------ C:\40.tmp
2007-12-15 19:00 . 2007-12-15 19:00 0 --a------ C:\F.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\3.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\2.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\1.tmp
2007-11-30 19:53 . 19,456 C:\WINDOWS\system32\drivers\vzhbefma.dat
2007-11-29 19:10 . 2001-08-28 11:00 87,552 --a------ C:\WINDOWS\system32\atkctr.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 20:23 --------- d-----w C:\Program Files\Wanadoo
2007-12-19 06:37 --------- d-----w C:\Program Files\LooperTools
2007-12-19 06:36 --------- d-----w C:\Program Files\Google
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2007-12-08 17:15 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\U3
2007-11-17 22:48 --------- d-----w C:\Program Files\Magix
2007-11-04 18:09 5,963,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-08 07:15 40,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_07_19_58_39_small.dmp.zip
2007-01-13 17:48 45,868 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_13_18_41_43_small.dmp.zip
2007-01-04 14:02 34,664 ----a-w C:\Documents and Settings\Pierrot\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-12-18_20.39.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-29 10:40:15 152,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-19 14:35:06 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE}]
2001-08-28 11:00 87552 --a------ C:\WINDOWS\System32\atkctr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"SsAAD.exe"="C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 08:09]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-28 11:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Documents and Settings\Pierrot\Mes documents\Pierre JAILLETTE\emule_win2k_winsp1\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 13:48 286720 --a------ C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R0 zexnasuq;zexnasuq;C:\WINDOWS\System32\drivers\vzhbefma.dat []
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Maestro;Pilote audio ESS Maestro2E (WDM);C:\WINDOWS\System32\drivers\essm2e.sys [2001-08-17 20:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-19 20:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 21:23:27
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-19 21:25:22 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-19 21:06
C:\ComboFix3.txt ... 2007-12-18 21:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:01, on 19/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE} - C:\WINDOWS\System32\atkctr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6395 bytes
Les grands moyens pour le dernier fichier.
1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
Dézippe-le ensuite sur ton Bureau.
2/ Copie tout le texte en rouge ci-dessous :
| Citation : Files to delete:
|
---> Clique-droit puis Copier
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
Sous "Script file to execute" choisis "Input Script Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
Clique sur "Done"
Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
Réponds par "Yes" deux fois quand cela te sera demandé.
4/ The Avenger va automatiquement faire ce qui suit :
Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.
5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.
Répondre à Angeldark
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ybqqsqkb
*******************
Script file located at: \??\C:\WINDOWS\sfdihhav.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file C:\WINDOWS\System32\atkctr.dll for deletion
Deletion of file C:\WINDOWS\System32\atkctr.dll failed!
Could not process line:
C:\WINDOWS\System32\atkctr.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:25, on 19/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE} - C:\WINDOWS\System32\atkctr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 81.253.149.9 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6437 bytes
Tu peux refaire un scan Combofix ?
Répondre à Angeldark
desolé pour le retard,
en plus j'ai une alerte antivir a chaque fois que j'ouvre un dossier, a propos d'un TR\trash.Gen dans Windows\system32\atkctr.dll
J'ai 'limpression que je ne l'en sortirais jamais de tous ces saloperies...
ComboFix 07-12-18.1 - Pierrot 2007-12-24 10:04:34.6 - NTFSx86
Running from: C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:10 . 2007-12-18 21:10 <REP> d-------- C:\Program Files\Trend Micro
2007-12-16 22:09 . 2007-12-16 22:09 2,096 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 22:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 22:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 22:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 22:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 22:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 22:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 19:00 . 2007-12-16 19:00 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 13:01 . 2007-12-24 10:05 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-16 13:01 . 2007-12-16 13:01 <REP> d-------- C:\Documents and Settings\Pierrot\Application Data\Thunderbird
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Program Files\Avira
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 19:01 . 2007-12-15 19:01 0 --a------ C:\40.tmp
2007-12-15 19:00 . 2007-12-15 19:00 0 --a------ C:\F.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\3.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\2.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\1.tmp
2007-11-30 19:53 . 19,456 C:\WINDOWS\system32\drivers\vzhbefma.dat
2007-11-29 19:10 . 2001-08-28 11:00 87,552 --a------ C:\WINDOWS\system32\atkctr.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 08:54 --------- d-----w C:\Program Files\Wanadoo
2007-12-22 10:48 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-19 06:37 --------- d-----w C:\Program Files\LooperTools
2007-12-19 06:36 --------- d-----w C:\Program Files\Google
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2007-12-08 17:15 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\U3
2007-11-17 22:48 --------- d-----w C:\Program Files\Magix
2007-11-04 18:09 5,963,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-08 07:15 40,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_07_19_58_39_small.dmp.zip
2007-01-13 17:48 45,868 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_13_18_41_43_small.dmp.zip
2007-01-04 14:02 34,664 ----a-w C:\Documents and Settings\Pierrot\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-12-18_20.39.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-29 10:40:15 152,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-19 14:35:06 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE5AD31-5D53-45FF-A8C2-7F32C890B3FE}]
2001-08-28 11:00 87552 --a------ C:\WINDOWS\System32\atkctr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"SsAAD.exe"="C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 08:09]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-22 11:48:29]
Scroll-In-Mouse V2.0.lnk - C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe [2005-09-25 10:01:20]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Documents and Settings\Pierrot\Mes documents\Pierre JAILLETTE\emule_win2k_winsp1\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 13:48 286720 --a------ C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R0 zexnasuq;zexnasuq;C:\WINDOWS\System32\drivers\vzhbefma.dat []
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Maestro;Pilote audio ESS Maestro2E (WDM);C:\WINDOWS\System32\drivers\essm2e.sys [2001-08-17 20:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-22 17:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 10:08:37
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-24 10:10:53
C:\ComboFix2.txt ... 2007-12-20 19:45
C:\ComboFix3.txt ... 2007-12-19 21:25
Re,
Tu as essayé AntiVir en sans échec ?
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
bonjour et joyeux Noël.
ComboFix 07-12-18.1 - Pierrot 2007-12-25 10:17:30.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.98 [GMT 1:00]
Running from: C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\atkctr.dll
C:\WINDOWS\System32\drivers\vzhbefma.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\atkctr.dll
C:\WINDOWS\System32\drivers\vzhbefma.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ZEXNASUQ
-------\zexnasuq
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:10 . 2007-12-18 21:10 <REP> d-------- C:\Program Files\Trend Micro
2007-12-16 22:09 . 2007-12-16 22:09 2,096 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 22:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 22:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 22:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 22:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 22:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 22:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 19:00 . 2007-12-16 19:00 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 13:01 . 2007-12-25 10:06 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-16 13:01 . 2007-12-16 13:01 <REP> d-------- C:\Documents and Settings\Pierrot\Application Data\Thunderbird
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Program Files\Avira
2007-12-16 00:25 . 2007-12-16 00:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 19:01 . 2007-12-15 19:01 0 --a------ C:\40.tmp
2007-12-15 19:00 . 2007-12-15 19:00 0 --a------ C:\F.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\3.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\2.tmp
2007-12-15 18:59 . 2007-12-15 18:59 0 --a------ C:\1.tmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 09:23 --------- d-----w C:\Program Files\Wanadoo
2007-12-24 09:52 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\U3
2007-12-22 10:48 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-19 06:37 --------- d-----w C:\Program Files\LooperTools
2007-12-19 06:36 --------- d-----w C:\Program Files\Google
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\Pierrot\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-15 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2007-11-17 22:48 --------- d-----w C:\Program Files\Magix
2007-11-04 18:09 5,963,225 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-08 07:15 40,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_07_19_58_39_small.dmp.zip
2007-01-13 17:48 45,868 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_13_18_41_43_small.dmp.zip
2007-01-04 14:02 34,664 ----a-w C:\Documents and Settings\Pierrot\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-12-18_20.39.21.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-18 19:37:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-19 19:13:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-29 10:40:15 152,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-19 14:35:06 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"SsAAD.exe"="C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 08:09]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Documents and Settings\Pierrot\Mes documents\Pierre JAILLETTE\emule_win2k_winsp1\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 13:48 286720 --a------ C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Maestro;Pilote audio ESS Maestro2E (WDM);C:\WINDOWS\System32\drivers\essm2e.sys [2001-08-17 20:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-25 09:18:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 10:24:16
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-25 10:25:57 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 10:10
C:\ComboFix3.txt ... 2007-12-20 19:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:21, on 25/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\Pierrot\Bureau\RENAUD\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C042D9F-4FFD-410E-85E6-18924D99E041}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: IDriverT - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6467 bytes
D'autres soucis ? On l'a eu
Répondre à Angeldark
eh bah dis donc !!!
si jamais on se croise je te paye le resto !!!
Merci beaucoup pour la perseverance et l'efficacité.
Bon surf !
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\HijackThis.lnk: trouvé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\avenger.zip: trouvé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\FixWareout.exe: trouvé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\ComboFix.exe: trouvé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\HJTInstall.exe: trouvé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\SmitFraudfix: trouvé !
C:\Program Files\Mozilla Thunderbird\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\HijackThis.lnk: supprimé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\avenger.zip: supprimé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\FixWareout.exe: supprimé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\ComboFix.exe: supprimé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Pierrot\Bureau\Bricolage informatique\SmitFraudfix: supprimé !
C:\Program Files\Mozilla Thunderbird\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Il y a 1624 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
