Tom's Guide > Forum > Sécurité - Virus > TR spy gen avec Antivir

TR spy gen avec Antivir

Forum Sécurité - Virus : TR spy gen avec Antivir

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
2lavega67   07-03-2009 à 12:57:32

Bonjour a tous, je sais que ce topic est récurrent mais apres avoir lu toutes vos réponses et les avoir mises en places, je ne me suis toujours pas débarrassé de ce trojan. :??:

J'ai donc un message récurent d'antivir, dans lequel il aparrait que le fichier: c:\\WINDOWS\system32\DOCOBJ32.dll contient le cheval de Troie TR/Spy.Gen

Cette fenetre s'ouvre systématiquement a chaque fois que je lance un programme ou un navigateur...

J'ai clean avec Maleware mais sans succes, j'ai clean avec Antivir et malgres ce rapport:
C:\WINDOWS\system32\DOCOBJ32.dll
[RESULTAT] Contient le cheval de Troie TR/Spy.Gen
[AVERTISSEMENT] Impossible de supprimer le fichier !
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Fichier supprimé.

Le Trojan est toujours la.

J'ai télécharger CCcleaner, marche pas non plus... J'ai éssayer de le supprimer manuellement mais "Acces refusé"

Que dois-je faire? testez avec Spybot?

Merci de votre aide!

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   07-03-2009 à 13:03:21

Bonjour,

Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue  à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt  (qui sera affiché)

ainsi que de info.txt  (qui sera réduit dans la Barre des Tâches)

  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit  
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
2lavega67   07-03-2009 à 13:20:21

Voici le fichier "info"

info.txt logfile of random's system information tool 1.05 2009-03-07 13:18:07

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivePerl 5.8.4 Build 810-->MsiExec.exe /I{D629903C-0C85-4425-ACE5-38CFD312AF0B}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Defenza-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B3AA536-2193-4D9B-812A-DE45C4D57AD1}\Setup.exe" -l0x9
F-Secure Management Agent-->"C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java 2 Runtime Environment, SE v1.4.2_14-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 5.1.1-->"C:\Program Files\LimeWire\uninstall.exe"
livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office 97 Standard-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Std.stf
Microsoft Report Viewer Redistributable 2005-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\install.exe
Microsoft SQL Server Desktop Engine (MPSC_DB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique de Microsoft Report Viewer Redistributable 2005 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005 Language Pack - FRA\install.exe
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MySQL Connector/ODBC-->MsiExec.exe /I{DBB6755D-3ACC-416D-B810-188C6951A4B5}
OpenOffice.org 2.2-->MsiExec.exe /I{419805D6-75A0-4981-BC8F-9FF97EC6B03A}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerPacket Ethernet Adapter-->MsiExec.exe /X{B7B8AA42-B894-4668-A652-D9915C7EDDCF}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Visual FoxPro ODBC Driver-->MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic

System event log

Computer Name: VERITRON-M410
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers VERITRON-M410.

Record Number: 5
Source Name: EventLog
Time Written: 20080806094947.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

Record Number: 4
Source Name: Serial
Time Written: 20080806114222.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial1 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

Répondre à 2lavega67
2lavega67   07-03-2009 à 13:21:23

Ici, le fichier "log"

Logfile of random's system information tool 1.05 (written by random/random)
Run by compte ff at 2009-03-07 13:17:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 107 GB (93%) free of 115 GB
Total RAM: 3071 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:05, on 07/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\perl\bin\perl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
C:\MySql\Bin\MySqld-nt.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\OOffice2\program\soffice.exe
C:\OOffice2\program\soffice.BIN
C:\Program Files\F-Secure\Common\FNRB32.EXE
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\GUILD WARS\Gw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\compte ff\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\compte ff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8012343078
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\DOCOBJ32.dll
O20 - Winlogon Notify: f8b0aac6548 - C:\WINDOWS\System32\DOCOBJ32.dll (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DGIAV - ActiveState, a division of Sophos - c:\perl\bin\perl.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:\MySql\Bin\MySqld-nt.exe

--
End of file - 7044 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2005-09-19 106571]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-06 136600]
"PCDAS"=C:\Program Files\Defenza\pcd-as.exe [2006-12-15 1359872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\compte ff\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.2.lnk - C:\OOffice2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\DOCOBJ32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548]
C:\WINDOWS\System32\DOCOBJ32.dll [2009-03-07 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Perl\bin\perl.exe"="C:\Perl\bin\perl.exe:*:Enabled:Perl Command Line Interpreter"
"C:\Program Files\Cobian Backup 7\cobui.exe"="C:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface"
"C:\Program Files\Cobian Backup 7\CobBU.exe"="C:\Program Files\Cobian Backup 7\CobBU.exe:*:Enabled:Cobian Backup 7 Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2765931a-dc96-11dd-a540-806d6172696f}]
shell\AutoRun\command - E:\Setup.exe


======List of files/folders created in the last 1 months======

2009-03-07 13:17:54 ----D---- C:\Program Files\trend micro
2009-03-07 13:17:53 ----D---- C:\rsit
2009-03-07 12:15:56 ----A---- C:\WINDOWS\system32\Machnm1.exe
2009-03-07 12:15:51 ----D---- C:\Program Files\Defenza
2009-03-07 12:09:09 ----D---- C:\Program Files\XoftSpySE
2009-03-07 12:04:00 ----D---- C:\Program Files\CCleaner
2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\muweb.dll
2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-03-07 12:02:17 ----D---- C:\WINDOWS\LastGood
2009-03-06 21:02:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Malwarebytes
2009-03-06 20:59:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-06 20:59:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-06 20:56:43 ----A---- C:\WINDOWS\GnuHashes.ini
2009-03-06 20:49:08 ----A---- C:\WINDOWS\system32\DOCOBJ32.dll
2009-03-06 20:49:08 ----A---- C:\ARK41.tmp
2009-03-06 20:49:08 ----A---- C:\ARK30.tmp
2009-03-06 20:37:48 ----D---- C:\Documents and Settings\compte ff\Application Data\teamspeak2
2009-03-06 20:37:39 ----D---- C:\Program Files\Teamspeak2_RC2
2009-03-06 20:11:59 ----D---- C:\Program Files\uTorrent
2009-03-06 20:11:53 ----D---- C:\Documents and Settings\compte ff\Application Data\uTorrent
2009-03-06 20:04:18 ----D---- C:\Documents and Settings\compte ff\Application Data\Adobe
2009-03-06 20:03:52 ----D---- C:\Documents and Settings\compte ff\Application Data\LimeWire
2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-06 19:59:39 ----D---- C:\Documents and Settings\compte ff\Application Data\Sun
2009-03-06 19:59:31 ----D---- C:\Program Files\LimeWire
2009-03-06 19:59:14 ----D---- C:\Program Files\Microsoft
2009-03-06 19:58:59 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-06 19:58:39 ----D---- C:\Program Files\Windows Live
2009-03-06 19:50:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Mozilla
2009-03-06 19:50:52 ----D---- C:\Program Files\Mozilla Firefox
2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-03-06 19:46:05 ----D---- C:\Program Files\GUILD WARS
2009-03-06 19:42:53 ----D---- C:\Documents and Settings\compte ff\Application Data\Macromedia
2009-03-06 19:30:27 ----D---- C:\Program Files\Avira
2009-03-06 19:30:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-06 16:54:13 ----D---- C:\Program Files\SAGEM
2009-03-06 16:36:59 ----D---- C:\Program Files\Securitoo
2009-03-06 16:27:11 ----D---- C:\Program Files\PowerPacket
2009-03-05 14:33:19 ----D---- C:\Documents and Settings\compte ff\Application Data\Identities
2009-03-05 14:33:13 ----ASH---- C:\Documents and Settings\compte ff\Application Data\desktop.ini
2009-03-05 14:33:12 ----SD---- C:\Documents and Settings\compte ff\Application Data\Microsoft
2009-03-05 14:33:12 ----D---- C:\Documents and Settings\compte ff\Application Data\OpenOffice.org2
2009-03-05 13:52:18 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-05 13:48:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-05 13:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-03-07 13:17:59 ----D---- C:\WINDOWS\Prefetch
2009-03-07 13:17:54 ----RD---- C:\Program Files
2009-03-07 13:14:10 ----D---- C:\WINDOWS\Temp
2009-03-07 12:46:22 ----D---- C:\WINDOWS\system32
2009-03-07 12:16:00 ----D---- C:\WINDOWS
2009-03-07 12:15:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-07 12:09:11 ----SD---- C:\WINDOWS\Tasks
2009-03-07 12:05:54 ----D---- C:\WINDOWS\Debug
2009-03-07 12:02:42 ----HD---- C:\WINDOWS\inf
2009-03-07 12:02:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-07 12:02:22 ----D---- C:\WINDOWS\Help
2009-03-07 11:56:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-07 11:55:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-03-06 21:02:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-06 21:00:04 ----SHD---- C:\WINDOWS\Installer
2009-03-06 20:48:58 ----D---- C:\Program Files\Windows Media Player
2009-03-06 20:20:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\java.exe
2009-03-06 20:02:43 ----D---- C:\Program Files\Java
2009-03-06 19:59:24 ----D---- C:\WINDOWS\WinSxS
2009-03-06 19:59:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-03-06 19:58:44 ----RSD---- C:\WINDOWS\Fonts
2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs
2009-03-06 16:19:54 ----SHD---- C:\RECYCLER
2009-03-05 15:23:12 ----D---- C:\Program Files\Cobian Backup 7
2009-03-05 14:33:12 ----D---- C:\Documents and Settings
2009-03-05 13:56:41 ----D---- C:\WINDOWS\repair
2009-03-05 13:56:39 ----D---- C:\WINDOWS\Registration
2009-03-05 13:47:30 ----D---- C:\temp
2009-03-05 13:27:44 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-05 13:27:44 ----D---- C:\Program Files\ALTO
2009-03-05 13:23:16 ----H---- C:\WINDOWS\system32\FFASTLOG.TXT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-06 75072]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.2.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-06 21419]
R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Common\FSfilter.sys []
R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Common\fsgk.sys []
R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Common\FSrec.sys []
R2 FSpm;F-Secure Policy Manager; \??\C:\Program Files\F-Secure\Common\FSPM.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-05-03 259712]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCMP532.sys []
S3 PLCND532;PLCND532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCND532.sys [2007-08-08 26656]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 DGIAV;DGIAV; c:\perl\bin\perl.exe [2004-06-01 41050]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2005-09-19 61516]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-06 152984]
R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 MySql;MySql; C:\MySql\Bin\MySqld-nt.exe [2003-07-21 2244608]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2005-09-19 110668]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S2 FSAA;F-Secure Authentication Agent; C:\Program Files\F-Secure\Common\FSAA.EXE [2005-09-19 225280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE [2002-12-17 311872]

-----------------EOF-----------------

Répondre à 2lavega67
Angeldark   07-03-2009 à 13:56:45

Re,

Désinstalle via Ajout/Suppression de Programmes (si présents) :

  • Defenza
  • XoftSpySE

(Et tous les autres programmes associés à celui-ci !)

&

Télécharge R-Hosts (de S!ri).
Lance R-host en double cliquant sur l’exe, puis clique sur restaurer , puis ok.

&

Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDAS"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548]

:files
c:\temp1\*.txt /s
C:\WINDOWS\System32\DOCOBJ32.dll
C:\Program Files\XoftSpySE

:commands
[emptytemp]
[start explorer]
[reboot]



Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
2lavega67   07-03-2009 à 14:10:54

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDAS not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548\\ deleted successfully.
========== FILES ==========
File/Folder c:\temp1\*.txt not found.
LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
File/Folder C:\Program Files\XoftSpySE not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_84.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03072009_140639

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
File C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found!
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ moved successfully.

Répondre à 2lavega67
2lavega67   07-03-2009 à 14:11:33

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDAS not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548\\ deleted successfully.
========== FILES ==========
File/Folder c:\temp1\*.txt not found.
LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
File/Folder C:\Program Files\XoftSpySE not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_84.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03072009_140639

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
File C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found!
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ moved successfully.

Répondre à 2lavega67
2lavega67   07-03-2009 à 14:29:58

Logfile of random's system information tool 1.05 (written by random/random)
Run by compte ff at 2009-03-07 14:27:51
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 107 GB (92%) free of 115 GB
Total RAM: 3071 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:59, on 07/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\perl\bin\perl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
C:\MySql\Bin\MySqld-nt.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\OOffice2\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\OOffice2\program\soffice.BIN
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\compte ff\Bureau\RSIT.exe
C:\Program Files\trend micro\compte ff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8012343078
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\DOCOBJ32.dll
O20 - Winlogon Notify: f8b0aac6548 - C:\WINDOWS\System32\DOCOBJ32.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DGIAV - ActiveState, a division of Sophos - c:\perl\bin\perl.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:\MySql\Bin\MySqld-nt.exe

--
End of file - 6468 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2005-09-19 106571]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-06 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\compte ff\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.2.lnk - C:\OOffice2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\DOCOBJ32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548]
C:\WINDOWS\System32\DOCOBJ32.dll [2009-03-07 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Perl\bin\perl.exe"="C:\Perl\bin\perl.exe:*:Enabled:Perl Command Line Interpreter"
"C:\Program Files\Cobian Backup 7\cobui.exe"="C:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface"
"C:\Program Files\Cobian Backup 7\CobBU.exe"="C:\Program Files\Cobian Backup 7\CobBU.exe:*:Enabled:Cobian Backup 7 Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-03-07 14:06:39 ----D---- C:\_OTMoveIt
2009-03-07 13:17:54 ----D---- C:\Program Files\trend micro
2009-03-07 13:17:53 ----D---- C:\rsit
2009-03-07 12:15:56 ----A---- C:\WINDOWS\system32\Machnm1.exe
2009-03-07 12:04:00 ----D---- C:\Program Files\CCleaner
2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\muweb.dll
2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-03-06 21:02:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Malwarebytes
2009-03-06 20:59:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-06 20:59:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-06 20:56:43 ----A---- C:\WINDOWS\GnuHashes.ini
2009-03-06 20:49:08 ----A---- C:\WINDOWS\system32\DOCOBJ32.dll
2009-03-06 20:37:48 ----D---- C:\Documents and Settings\compte ff\Application Data\teamspeak2
2009-03-06 20:37:39 ----D---- C:\Program Files\Teamspeak2_RC2
2009-03-06 20:11:59 ----D---- C:\Program Files\uTorrent
2009-03-06 20:11:53 ----D---- C:\Documents and Settings\compte ff\Application Data\uTorrent
2009-03-06 20:04:18 ----D---- C:\Documents and Settings\compte ff\Application Data\Adobe
2009-03-06 20:03:52 ----D---- C:\Documents and Settings\compte ff\Application Data\LimeWire
2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-06 19:59:39 ----D---- C:\Documents and Settings\compte ff\Application Data\Sun
2009-03-06 19:59:31 ----D---- C:\Program Files\LimeWire
2009-03-06 19:59:14 ----D---- C:\Program Files\Microsoft
2009-03-06 19:58:59 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-06 19:58:39 ----D---- C:\Program Files\Windows Live
2009-03-06 19:50:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Mozilla
2009-03-06 19:50:52 ----D---- C:\Program Files\Mozilla Firefox
2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-03-06 19:46:05 ----D---- C:\Program Files\GUILD WARS
2009-03-06 19:42:53 ----D---- C:\Documents and Settings\compte ff\Application Data\Macromedia
2009-03-06 19:30:27 ----D---- C:\Program Files\Avira
2009-03-06 19:30:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-06 16:54:13 ----D---- C:\Program Files\SAGEM
2009-03-06 16:36:59 ----D---- C:\Program Files\Securitoo
2009-03-06 16:27:11 ----D---- C:\Program Files\PowerPacket
2009-03-05 14:33:19 ----D---- C:\Documents and Settings\compte ff\Application Data\Identities
2009-03-05 14:33:13 ----ASH---- C:\Documents and Settings\compte ff\Application Data\desktop.ini
2009-03-05 14:33:12 ----SD---- C:\Documents and Settings\compte ff\Application Data\Microsoft
2009-03-05 14:33:12 ----D---- C:\Documents and Settings\compte ff\Application Data\OpenOffice.org2
2009-03-05 13:52:18 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-05 13:48:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-05 13:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-03-07 14:27:55 ----D---- C:\WINDOWS\Temp
2009-03-07 14:22:48 ----D---- C:\WINDOWS\Prefetch
2009-03-07 14:08:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-07 14:08:25 ----D---- C:\WINDOWS
2009-03-07 14:07:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-07 14:07:44 ----D---- C:\WINDOWS\system32
2009-03-07 14:07:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-07 14:03:50 ----SD---- C:\WINDOWS\Tasks
2009-03-07 14:03:50 ----RD---- C:\Program Files
2009-03-07 14:03:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-07 12:05:54 ----D---- C:\WINDOWS\Debug
2009-03-07 12:02:42 ----HD---- C:\WINDOWS\inf
2009-03-07 12:02:22 ----D---- C:\WINDOWS\Help
2009-03-06 21:02:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-06 21:00:04 ----SHD---- C:\WINDOWS\Installer
2009-03-06 20:48:58 ----D---- C:\Program Files\Windows Media Player
2009-03-06 20:20:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\java.exe
2009-03-06 20:02:43 ----D---- C:\Program Files\Java
2009-03-06 19:59:24 ----D---- C:\WINDOWS\WinSxS
2009-03-06 19:59:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-03-06 19:58:44 ----RSD---- C:\WINDOWS\Fonts
2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs
2009-03-06 16:19:54 ----SHD---- C:\RECYCLER
2009-03-05 15:23:12 ----D---- C:\Program Files\Cobian Backup 7
2009-03-05 14:33:12 ----D---- C:\Documents and Settings
2009-03-05 13:56:41 ----D---- C:\WINDOWS\repair
2009-03-05 13:56:39 ----D---- C:\WINDOWS\Registration
2009-03-05 13:47:30 ----D---- C:\temp
2009-03-05 13:27:44 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-05 13:27:44 ----D---- C:\Program Files\ALTO
2009-03-05 13:23:16 ----H---- C:\WINDOWS\system32\FFASTLOG.TXT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-06 75072]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.2.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-06 21419]
R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Common\FSfilter.sys []
R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Common\fsgk.sys []
R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Common\FSrec.sys []
R2 FSpm;F-Secure Policy Manager; \??\C:\Program Files\F-Secure\Common\FSPM.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-05-03 259712]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCMP532.sys []
S3 PLCND532;PLCND532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCND532.sys [2007-08-08 26656]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 DGIAV;DGIAV; c:\perl\bin\perl.exe [2004-06-01 41050]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2005-09-19 61516]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-06 152984]
R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 MySql;MySql; C:\MySql\Bin\MySqld-nt.exe [2003-07-21 2244608]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2005-09-19 110668]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S2 FSAA;F-Secure Authentication Agent; C:\Program Files\F-Secure\Common\FSAA.EXE [2005-09-19 225280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE [2002-12-17 311872]

-----------------EOF-----------------

Répondre à 2lavega67
Angeldark   07-03-2009 à 14:32:16

Il est revenu, on va faire autrement.

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
2lavega67   07-03-2009 à 14:41:35

ComboFix 09-03-06.02 - compte ff 2009-03-07 14:37:01.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2421 [GMT 1:00]
Lancé depuis: c:\documents and settings\compte ff\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\compte ff\Application Data\02000000ad946441548C.manifest
c:\documents and settings\compte ff\Application Data\02000000ad946441548O.manifest
c:\documents and settings\compte ff\Application Data\02000000ad946441548P.manifest
c:\documents and settings\compte ff\Application Data\02000000ad946441548S.manifest
c:\documents and settings\compte ff\Application Data\PLCLIB32.dll
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))
.

2009-03-07 14:06 . 2009-03-07 14:06 <REP> d-------- C:\_OTMoveIt
2009-03-07 13:17 . 2009-03-07 13:18 <REP> d-------- C:\rsit
2009-03-07 13:17 . 2009-03-07 14:27 <REP> d-------- c:\program files\trend micro
2009-03-07 12:16 . 2009-03-07 12:16 3,120 --a------ c:\windows\118294.78
2009-03-07 12:15 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2009-03-07 12:15 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-03-07 12:15 . 2009-03-07 12:15 3,120 --a------ c:\windows\system32\118290.54
2009-03-07 12:15 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-03-07 12:04 . 2009-03-07 12:04 <REP> d-------- c:\program files\CCleaner
2009-03-07 12:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-07 12:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-07 12:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-06 21:02 . 2009-03-06 21:02 <REP> d-------- c:\documents and settings\compte ff\Application Data\Malwarebytes
2009-03-06 20:59 . 2009-03-06 21:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 20:59 . 2009-03-06 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-06 20:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-06 20:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 20:49 . 2009-03-07 14:07 139,264 --a------ c:\windows\system32\DOCOBJ32.dll
2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\program files\Teamspeak2_RC2
2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\documents and settings\compte ff\Application Data\teamspeak2
2009-03-06 20:37 . 2009-03-06 20:37 34,064 --a------ c:\windows\system32\lhacm.acm
2009-03-06 20:11 . 2009-03-06 20:11 <REP> d-------- c:\program files\uTorrent
2009-03-06 20:11 . 2009-03-07 14:07 <REP> d-------- c:\documents and settings\compte ff\Application Data\uTorrent
2009-03-06 20:10 . 2009-03-06 20:10 <REP> d---s---- c:\documents and settings\compte ff\UserData
2009-03-06 20:03 . 2009-03-07 14:37 <REP> d-------- c:\documents and settings\compte ff\Application Data\LimeWire
2009-03-06 20:02 . 2009-03-06 20:02 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-06 20:02 . 2009-03-06 20:02 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-06 20:01 . 2009-03-07 14:09 <REP> d-------- c:\documents and settings\compte ff\Tracing
2009-03-06 19:59 . 2009-03-06 19:59 <REP> d-------- c:\program files\Microsoft
2009-03-06 19:59 . 2009-03-06 20:03 <REP> d-------- c:\program files\LimeWire
2009-03-06 19:58 . 2009-03-06 19:58 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-06 19:58 . 2009-03-06 19:59 <REP> d-------- c:\program files\Windows Live
2009-03-06 19:50 . 2009-03-06 19:50 0 --a------ c:\windows\nsreg.dat
2009-03-06 19:47 . 2009-03-06 19:47 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-03-06 19:46 . 2009-03-06 20:18 <REP> d-------- c:\program files\GUILD WARS
2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\program files\Avira
2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-06 16:54 . 2009-03-06 16:54 <REP> d-------- c:\program files\SAGEM
2009-03-06 16:36 . 2009-03-06 16:36 <REP> d-------- c:\program files\Securitoo
2009-03-06 16:27 . 2009-03-06 16:27 <REP> d-------- c:\program files\PowerPacket
2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage réseau
2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage d'impression
2009-03-05 14:33 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte ff\Modèles
2009-03-05 14:33 . 2009-03-06 20:04 <REP> dr------- c:\documents and settings\compte ff\Mes documents
2009-03-05 14:33 . 2009-03-06 20:11 <REP> dr------- c:\documents and settings\compte ff\Menu Démarrer
2009-03-05 14:33 . 2009-03-05 14:33 <REP> dr------- c:\documents and settings\compte ff\Favoris
2009-03-05 14:33 . 2009-03-07 14:34 <REP> d-------- c:\documents and settings\compte ff\Bureau
2009-03-05 14:33 . 2009-03-07 14:09 <REP> d-------- c:\documents and settings\compte ff\Application Data\OpenOffice.org2
2009-03-05 14:33 . 2009-03-07 12:06 <REP> d-------- c:\documents and settings\compte ff
2009-03-05 13:52 . 2009-03-05 13:56 <REP> d-------- c:\windows\system32\NtmsData
2009-03-05 13:48 . 2009-03-06 21:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-05 13:48 . 2009-03-07 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 13:47 . 2009-03-05 13:47 15,083,520 --------- c:\temp\spybotsd16030.exe
2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage réseau
2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage d'impression
2009-03-05 13:25 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte2\Modèles
2009-03-05 13:25 . 2009-03-05 13:25 <REP> dr------- c:\documents and settings\compte2\Mes documents
2009-03-05 13:25 . 2008-08-06 10:42 <REP> dr------- c:\documents and settings\compte2\Menu Démarrer
2009-03-05 13:25 . 2009-03-05 13:26 <REP> dr------- c:\documents and settings\compte2\Favoris
2009-03-05 13:25 . 2009-03-05 13:48 <REP> d-------- c:\documents and settings\compte2\Bureau
2009-03-05 13:25 . 2009-03-06 17:41 <REP> d-------- c:\documents and settings\compte2\Application Data\OpenOffice.org2
2009-03-05 13:25 . 2009-03-05 16:01 <REP> d-------- c:\documents and settings\compte2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 13:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 19:02 --------- d-----w c:\program files\Java
2009-03-05 14:23 --------- d-----w c:\program files\Cobian Backup 7
2009-03-05 12:27 --------- d-----w c:\program files\ALTO
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-07 14:27 74,752 ------w c:\windows\ST6UNST.EXE
2009-01-07 14:27 253,952 ------w c:\windows\Setup1.exe
2009-01-07 14:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2007-08-08 13:40 26,656 ----a-w c:\documents and settings\compte ff\Application Data\PLCND532.sys
2007-08-08 13:39 40,992 ----a-w c:\documents and settings\compte ff\Application Data\PLCND564.sys
2004-04-26 09:53 94,208 ----a-w c:\documents and settings\compte ff\Application Data\PLCLIB.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-09-19 106571]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

c:\documents and settings\compte2\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\compte ff\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f8b0aac6548]
2009-03-07 14:07 139264 c:\windows\system32\DOCOBJ32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\DOCOBJ32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Perl\\bin\\perl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R2 DGIAV;DGIAV;c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots --> c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots [?]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Common\fsfilter.sys [2008-08-08 14640]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Common\fsgk.sys [2008-08-08 79600]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Common\fsrec.sys [2008-08-08 12944]
R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [2008-08-08 65328]
R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB [?]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [2007-08-08 26656]
S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB [?]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.youtube.com
mStart Page = www.youtube.com
FF - ProfilePath - c:\documents and settings\compte ff\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 14:37:43
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\System32\DOCOBJ32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\System32\DOCOBJ32.dll
.
Heure de fin: 2009-03-07 14:38:29
ComboFix-quarantined-files.txt 2009-03-07 13:38:27

Avant-CF: 111 621 758 976 octets libres
Après-CF: 111,632,355,328 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

185

Répondre à 2lavega67
Angeldark   07-03-2009 à 15:08:46

Pas beaucoup d'info sur la dll quand même. Tu peux l'analyser sur le site VirusTotal ?
c:\windows\System32\DOCOBJ32.dll

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
2lavega67   07-03-2009 à 15:16:21

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.07 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.07 TR/Spy.Gen
Authentium 5.1.0.4 2009.03.06 W32/Heuristic-KPP!Eldorado
Avast 4.8.1335.0 2009.03.06 -
AVG 8.0.0.237 2009.03.06 Agent.BBYI
BitDefender 7.2 2009.03.07 Trojan.Generic.1536445
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1030 2009.03.06 -
DrWeb 4.44.0.09170 2009.03.07 Trojan.DownLoader.origin
eSafe 7.0.17.0 2009.03.05 -
eTrust-Vet 31.6.6386 2009.03.06 Win32/Benload!generic
F-Prot 4.4.4.56 2009.03.06 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14470.0 2009.03.07 -
Fortinet 3.117.0.0 2009.03.07 -
GData 19 2009.03.07 Trojan.Generic.1536445
Ikarus T3.1.1.45.0 2009.03.07 -
K7AntiVirus 7.10.660 2009.03.06 -
Kaspersky 7.0.0.125 2009.03.07 -
McAfee 5545 2009.03.06 Downloader-BMN
McAfee+Artemis 5545 2009.03.06 Downloader-BMN
Microsoft 1.4405 2009.03.07 TrojanDownloader:Win32/Tracur.A
NOD32 3917 2009.03.07 a variant of Win32/Agent.OAF
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.07 -
Panda 10.0.0.10 2009.03.07 Suspicious file
PCTools 4.4.2.0 2009.03.07 -
Prevx1 V2 2009.03.07 Medium Risk Malware
Rising 21.19.42.00 2009.03.06 -
SecureWeb-Gateway 6.7.6 2009.03.07 Trojan.Spy.Gen
Sophos 4.39.0 2009.03.07 Troj/Agent-INP
Sunbelt 3.2.1858.2 2009.03.07 -
Symantec 1.4.4.12 2009.03.07 Backdoor.Trojan
TheHacker 6.3.2.7.274 2009.03.07 -
TrendMicro 8.700.0.1004 2009.03.06 -
VBA32 3.12.10.1 2009.03.07 -
ViRobot 2009.3.7.1639 2009.03.07 -
VirusBuster 4.5.11.0 2009.03.07 -
Information additionnelle
File size: 139264 bytes
MD5...: 4e31d48bc4a3dda96317ef34556d617f
SHA1..: ca0d7598e79c8c41f29838bffa7c92dc6c00db99
SHA256: 47a39b82c6889dd01c98daf1795ac1466498f18da81869055a40456b6dc0edc4
SHA512: b6640bd6fd8c4ae75dd6b42b7ee686896267721760d07a077696570cc9f89b55
b0839ea2485d7e03290a73c5e3032393b583fc444bbd1b3358fdd1bcbc908ea1
ssdeep: 3072:/f42XzsiKGYNPtvi8ykwlcm7TBf+8NZVVaXju:/A2DCdjvi8ykwlcm7TBm8
rVAu
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2035
timedatestamp.....: 0x49afe844 (Thu Mar 05 14:57:08 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16b40 0x17000 6.54 3e8f01af7857183feed55b5cdf50cffd
.rdata 0x18000 0x6679 0x7000 6.44 8838c186c6501d2378cc4dd2024988dd
.data 0x1f000 0x16e8 0x1000 2.11 52761104ccc5ef26ceb1c2015e150382
.reloc 0x21000 0x1c30 0x2000 6.10 25e1675accf1019881c54073d2803e36

( 11 imports )
> ntdll.dll: strlen, _strnicmp, strstr, tolower, _stricmp, _snprintf, atoi, _itoa, _ultoa, memcpy, memcmp, memset, _chkstk, _allmul, _alldiv
> msvcrt.dll: strtok
> WS2_32.dll: -, WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, WSARecv, -, WSAGetOverlappedResult, -, -, -, -, -, WSACreateEvent, -
> WININET.dll: InternetCloseHandle, HttpAddRequestHeadersA, HttpQueryInfoA, HttpOpenRequestA, HttpSendRequestA, InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetConnectA, InternetSetOptionA
> OLEAUT32.dll: -, -
> SHLWAPI.dll: PathFileExistsA
> KERNEL32.dll: ReadFile, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, GetVersionExA, FindClose, RemoveDirectoryA, TransactNamedPipe, HeapCreate, HeapSetInformation, HeapDestroy, FindFirstFileA, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, FreeLibrary, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, MapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, InterlockedExchange, CreateEventA, TlsSetValue, TlsGetValue, TlsAlloc, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, VirtualFreeEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, lstrlenA, InterlockedCompareExchange, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, CreateFileA, GetCurrentProcess, WriteFile, EnterCriticalSection, GetFileSize, CreateThread, WaitForMultipleObjects, lstrcpyA, OpenProcess, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, DisconnectNamedPipe, GetTempPathA, lstrcmpA, SetFilePointer, SetEndOfFile, GetTickCount, GetSystemDefaultLangID, GetTempFileNameA, DeleteCriticalSection, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetFileAttributesA, LoadLibraryA, GetSystemDirectoryA, CreateRemoteThread
> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA
> ADVAPI32.dll: OpenSCManagerA, RegCreateKeyExA, CloseServiceHandle, OpenServiceA, ChangeServiceConfigA, ControlService, RegQueryValueExA, RegDeleteKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: ShellExecuteA, SHGetFolderPathA
> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance

( 2 exports )
DllGetClassObject, EventStartup
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=613C047F00D4AF8D20D4023D722B3200E2F2DE58' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=613C047F00D4AF8D20D4023D722B3200E2F2DE58</a>

Répondre à 2lavega67
Angeldark   07-03-2009 à 15:20:28

On retente la suppression :o

Sélectionne l'intégralité du cadre ci-dessous :

Rootkit::
c:\windows\System32\DOCOBJ32.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f8b0aac6548]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-



  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.


Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
2lavega67   07-03-2009 à 16:21:38

combo fixe ne se relance pas, le script n'est pas bien écrit...

Répondre à 2lavega67
2lavega67   07-03-2009 à 16:29:38

Ok, Re! J'avais mal nommé le script... my bad =(

Voila le rapport!
ComboFix 09-03-06.02 - compte ff 2009-03-07 16:24:00.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2410 [GMT 1:00]
Lancé depuis: c:\documents and settings\compte ff\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\compte ff\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\compte ff\Application Data\02000000ad946441548C.manifest
c:\documents and settings\compte ff\Application Data\02000000ad946441548O.manifest
c:\documents and settings\compte ff\Application Data\02000000ad946441548P.manifest
c:\documents and settings\compte ff\Application Data\02000000ad946441548S.manifest
c:\windows\GnuHashes.ini
c:\windows\System32\DOCOBJ32.dll
c:\windows\system32\GroupPolicy000.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))
.

2009-03-07 14:52 . 2009-03-07 14:53 <REP> d--hs---- c:\windows\system32\LocalService32
2009-03-07 14:52 . 2009-03-07 14:52 374,272 --ahs---- c:\windows\system32\13.tmp
2009-03-07 14:06 . 2009-03-07 14:06 <REP> d-------- C:\_OTMoveIt
2009-03-07 13:17 . 2009-03-07 13:18 <REP> d-------- C:\rsit
2009-03-07 13:17 . 2009-03-07 14:27 <REP> d-------- c:\program files\trend micro
2009-03-07 12:16 . 2009-03-07 12:16 3,120 --a------ c:\windows\118294.78
2009-03-07 12:15 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2009-03-07 12:15 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-03-07 12:15 . 2009-03-07 12:15 3,120 --a------ c:\windows\system32\118290.54
2009-03-07 12:15 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-03-07 12:04 . 2009-03-07 12:04 <REP> d-------- c:\program files\CCleaner
2009-03-07 12:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-07 12:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-07 12:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-06 21:02 . 2009-03-06 21:02 <REP> d-------- c:\documents and settings\compte ff\Application Data\Malwarebytes
2009-03-06 20:59 . 2009-03-06 21:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 20:59 . 2009-03-06 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-06 20:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-06 20:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\program files\Teamspeak2_RC2
2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\documents and settings\compte ff\Application Data\teamspeak2
2009-03-06 20:37 . 2009-03-06 20:37 34,064 --a------ c:\windows\system32\lhacm.acm
2009-03-06 20:11 . 2009-03-06 20:11 <REP> d-------- c:\program files\uTorrent
2009-03-06 20:11 . 2009-03-07 14:07 <REP> d-------- c:\documents and settings\compte ff\Application Data\uTorrent
2009-03-06 20:10 . 2009-03-06 20:10 <REP> d---s---- c:\documents and settings\compte ff\UserData
2009-03-06 20:03 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\compte ff\Application Data\LimeWire
2009-03-06 20:02 . 2009-03-06 20:02 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-06 20:02 . 2009-03-06 20:02 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-06 20:01 . 2009-03-07 16:26 <REP> d-------- c:\documents and settings\compte ff\Tracing
2009-03-06 19:59 . 2009-03-06 19:59 <REP> d-------- c:\program files\Microsoft
2009-03-06 19:59 . 2009-03-06 20:03 <REP> d-------- c:\program files\LimeWire
2009-03-06 19:58 . 2009-03-06 19:58 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-06 19:58 . 2009-03-06 19:59 <REP> d-------- c:\program files\Windows Live
2009-03-06 19:50 . 2009-03-06 19:50 0 --a------ c:\windows\nsreg.dat
2009-03-06 19:47 . 2009-03-06 19:47 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-03-06 19:46 . 2009-03-06 20:18 <REP> d-------- c:\program files\GUILD WARS
2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\program files\Avira
2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-06 16:54 . 2009-03-06 16:54 <REP> d-------- c:\program files\SAGEM
2009-03-06 16:36 . 2009-03-06 16:36 <REP> d-------- c:\program files\Securitoo
2009-03-06 16:27 . 2009-03-06 16:27 <REP> d-------- c:\program files\PowerPacket
2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage réseau
2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage d'impression
2009-03-05 14:33 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte ff\Modèles
2009-03-05 14:33 . 2009-03-06 20:04 <REP> dr------- c:\documents and settings\compte ff\Mes documents
2009-03-05 14:33 . 2009-03-06 20:11 <REP> dr------- c:\documents and settings\compte ff\Menu Démarrer
2009-03-05 14:33 . 2009-03-05 14:33 <REP> dr------- c:\documents and settings\compte ff\Favoris
2009-03-05 14:33 . 2009-03-07 16:23 <REP> d-------- c:\documents and settings\compte ff\Bureau
2009-03-05 14:33 . 2009-03-07 16:26 <REP> d-------- c:\documents and settings\compte ff\Application Data\OpenOffice.org2
2009-03-05 14:33 . 2009-03-07 12:06 <REP> d-------- c:\documents and settings\compte ff
2009-03-05 13:52 . 2009-03-05 13:56 <REP> d-------- c:\windows\system32\NtmsData
2009-03-05 13:48 . 2009-03-06 21:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-05 13:48 . 2009-03-07 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 13:47 . 2009-03-05 13:47 15,083,520 --------- c:\temp\spybotsd16030.exe
2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage réseau
2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage d'impression
2009-03-05 13:25 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte2\Modèles
2009-03-05 13:25 . 2009-03-05 13:25 <REP> dr------- c:\documents and settings\compte2\Mes documents
2009-03-05 13:25 . 2008-08-06 10:42 <REP> dr------- c:\documents and settings\compte2\Menu Démarrer
2009-03-05 13:25 . 2009-03-05 13:26 <REP> dr------- c:\documents and settings\compte2\Favoris
2009-03-05 13:25 . 2009-03-05 13:48 <REP> d-------- c:\documents and settings\compte2\Bureau
2009-03-05 13:25 . 2009-03-06 17:41 <REP> d-------- c:\documents and settings\compte2\Application Data\OpenOffice.org2
2009-03-05 13:25 . 2009-03-05 16:01 <REP> d-------- c:\documents and settings\compte2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 13:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 19:02 --------- d-----w c:\program files\Java
2009-03-05 14:23 --------- d-----w c:\program files\Cobian Backup 7
2009-03-05 12:27 --------- d-----w c:\program files\ALTO
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-07 14:27 74,752 ------w c:\windows\ST6UNST.EXE
2009-01-07 14:27 253,952 ------w c:\windows\Setup1.exe
2009-01-07 14:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2007-08-08 13:40 26,656 ----a-w c:\documents and settings\compte ff\Application Data\PLCND532.sys
2007-08-08 13:39 40,992 ----a-w c:\documents and settings\compte ff\Application Data\PLCND564.sys
2004-04-26 09:53 94,208 ----a-w c:\documents and settings\compte ff\Application Data\PLCLIB.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-07_14.37.57,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-06 19:09:23 241,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-07 15:25:33 241,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-07 15:26:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e8.dat
+ 2009-03-07 15:26:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_240.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-09-19 106571]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

c:\documents and settings\compte2\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\compte ff\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Perl\\bin\\perl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R2 DGIAV;DGIAV;c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots --> c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots [?]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Common\fsfilter.sys [2008-08-08 14640]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Common\fsgk.sys [2008-08-08 79600]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Common\fsrec.sys [2008-08-08 12944]
R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [2008-08-08 65328]
R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB [?]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [2007-08-08 26656]
S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB [?]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.youtube.com
mStart Page = www.youtube.com
FF - ProfilePath - c:\documents and settings\compte ff\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 16:26:32
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\perl\bin\perl.exe
c:\ooffice2\program\soffice.exe
c:\ooffice2\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\F-Secure\Common\FSMA32.exe
c:\program files\F-Secure\Common\FSMB32.exe
c:\program files\F-Secure\Common\fch32.exe
c:\program files\F-Secure\Common\FAMEH32.exe
c:\program files\F-Secure\Common\FNRB32.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\F-Secure\Common\FIH32.exe
.
**************************************************************************
.
Heure de fin: 2009-03-07 16:27:47 - La machine a redémarré [compte ff]
ComboFix-quarantined-files.txt 2009-03-07 15:27:44
ComboFix2.txt 2009-03-07 13:38:30

Avant-CF: 111 308 144 640 octets libres
Après-CF: 111,297,163,264 octets libres

199


J'ai l'impression que ca a marché, merci beaucoup de ton aide et de ta patience!

Répondre à 2lavega67
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > TR spy gen avec Antivir
Aller à :

Il y a 1513 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,478 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens