Virus, redirection vers page publicitaire
Dernière réponse : dans Sécurité
Bonjour,
J'ai un problème avec internet explorer, je suis quasiment systematiquement redirigé vers des sites publicitaires comme thefeedyard.com ou livefeedinc.com .....
Je suis déspéré, je n'arrive pas a venir a bout de ce virus!
j'utilise win xp et je transmets un rapport de catche me . 0.3 en éspérant que quelqu'un puisse m'aider. J'ai deja passé un coup de malwarebyte et j'utilise avast ! Merci de votre aide
rapport :
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 00:06:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:3b,55,9d,36,91,58,15,71,52,53,07,12,bb,24,c5,bf,bd,e6,46,fa,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f1,d0,b6,c5,2a,71,ea,46,34,b8,07,28,63,ea,d2,b3,dc,1b,87,01,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,9b,d9,ca,bf,ed,8a,78,59,02,51,8f,6f,61,78,3d,97,..
"khjeh"=hex:2d,cb,5d,cf,1c,b8,91,a1,a2,4e,5f,e3,46,a1,9b,35,cb,7f,c6,6e,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,b6,51,02,dd,e0,3c,eb,38,87,09,b6,c1,e6,7b,54,dd,20,35,33,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7b,15,b4,fe,01,27,8f,ee,bb,b1,99,05,91,fc,97,dc,49,6f,64,56,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:3b,55,9d,36,91,58,15,71,52,53,07,12,bb,24,c5,bf,bd,e6,46,fa,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f1,d0,b6,c5,2a,71,ea,46,34,b8,07,28,63,ea,d2,b3,dc,1b,87,01,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,9b,d9,ca,bf,ed,8a,78,59,02,51,8f,6f,61,78,3d,97,..
"khjeh"=hex:2d,cb,5d,cf,1c,b8,91,a1,a2,4e,5f,e3,46,a1,9b,35,cb,7f,c6,6e,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,b6,51,02,dd,e0,3c,eb,38,87,09,b6,c1,e6,7b,54,dd,20,35,33,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7b,15,b4,fe,01,27,8f,ee,bb,b1,99,05,91,fc,97,dc,49,6f,64,56,9f,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore]
"Count"=dword:0000005b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}\iexplore]
"Count"=dword:00000081
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore]
"Count"=dword:0000005b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore]
"Count"=dword:00000081
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}\iexplore]
"Count"=dword:0000005b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore]
"Count"=dword:0000340b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count"=dword:0000005b
scanning hidden files ...
C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll 25088 bytes executable
C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk 645 bytes
C:\Documents and Settings\Ed\ntuser.dll 25088 bytes executable
C:\Documents and Settings\LocalService\ntuser.dll 25088 bytes executable
C:\WINDOWS\system32\calc.dll 25088 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5
file zipped: C:\Documents and Settings\Ed\Local Settings\Application Data\Microsoft\Messenger\b.@hotmail.com\SharingMetadata\tht@hotmail.com\DFSR\Staging\CS{B1798D5D-368F-00EB-93CB-1528B6DCCA30}\01\10-{B1798D5D-368F-00EB-93CB-1528B6DCCA30}-v1-{E570B026-AC33-4478-883A-10BF7AC83870}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.2 ( 8 bytes )
file zipped: C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll -> catchme.zip -> scandisk.dll.2 ( 25088 bytes )
file zipped: C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk -> catchme.zip -> scandisk.lnk.2 ( 645 bytes )
file zipped: C:\Documents and Settings\Ed\ntuser.dll -> catchme.zip -> ntuser.dll.3 ( 25088 bytes )
file zipped: C:\Documents and Settings\LocalService\ntuser.dll -> catchme.zip -> ntuser.dll.4 ( 25088 bytes )
file zipped: C:\WINDOWS\system32\calc.dll -> catchme.zip -> calc.dll.2 ( 25088 bytes )
J'ai un problème avec internet explorer, je suis quasiment systematiquement redirigé vers des sites publicitaires comme thefeedyard.com ou livefeedinc.com .....
Je suis déspéré, je n'arrive pas a venir a bout de ce virus!
j'utilise win xp et je transmets un rapport de catche me . 0.3 en éspérant que quelqu'un puisse m'aider. J'ai deja passé un coup de malwarebyte et j'utilise avast ! Merci de votre aide
rapport :
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 00:06:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:3b,55,9d,36,91,58,15,71,52,53,07,12,bb,24,c5,bf,bd,e6,46,fa,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f1,d0,b6,c5,2a,71,ea,46,34,b8,07,28,63,ea,d2,b3,dc,1b,87,01,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,9b,d9,ca,bf,ed,8a,78,59,02,51,8f,6f,61,78,3d,97,..
"khjeh"=hex:2d,cb,5d,cf,1c,b8,91,a1,a2,4e,5f,e3,46,a1,9b,35,cb,7f,c6,6e,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,b6,51,02,dd,e0,3c,eb,38,87,09,b6,c1,e6,7b,54,dd,20,35,33,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7b,15,b4,fe,01,27,8f,ee,bb,b1,99,05,91,fc,97,dc,49,6f,64,56,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:3b,55,9d,36,91,58,15,71,52,53,07,12,bb,24,c5,bf,bd,e6,46,fa,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:f1,d0,b6,c5,2a,71,ea,46,34,b8,07,28,63,ea,d2,b3,dc,1b,87,01,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,9b,d9,ca,bf,ed,8a,78,59,02,51,8f,6f,61,78,3d,97,..
"khjeh"=hex:2d,cb,5d,cf,1c,b8,91,a1,a2,4e,5f,e3,46,a1,9b,35,cb,7f,c6,6e,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,b6,51,02,dd,e0,3c,eb,38,87,09,b6,c1,e6,7b,54,dd,20,35,33,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:7b,15,b4,fe,01,27,8f,ee,bb,b1,99,05,91,fc,97,dc,49,6f,64,56,9f,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore]
"Count"=dword:0000005b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}\iexplore]
"Count"=dword:00000081
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore]
"Count"=dword:0000005b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore]
"Count"=dword:00000081
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}\iexplore]
"Count"=dword:0000005b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore]
"Count"=dword:0000340b
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count"=dword:0000005b
scanning hidden files ...
C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll 25088 bytes executable
C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk 645 bytes
C:\Documents and Settings\Ed\ntuser.dll 25088 bytes executable
C:\Documents and Settings\LocalService\ntuser.dll 25088 bytes executable
C:\WINDOWS\system32\calc.dll 25088 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5
file zipped: C:\Documents and Settings\Ed\Local Settings\Application Data\Microsoft\Messenger\b.@hotmail.com\SharingMetadata\tht@hotmail.com\DFSR\Staging\CS{B1798D5D-368F-00EB-93CB-1528B6DCCA30}\01\10-{B1798D5D-368F-00EB-93CB-1528B6DCCA30}-v1-{E570B026-AC33-4478-883A-10BF7AC83870}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.2 ( 8 bytes )
file zipped: C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll -> catchme.zip -> scandisk.dll.2 ( 25088 bytes )
file zipped: C:\Documents and Settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk -> catchme.zip -> scandisk.lnk.2 ( 645 bytes )
file zipped: C:\Documents and Settings\Ed\ntuser.dll -> catchme.zip -> ntuser.dll.3 ( 25088 bytes )
file zipped: C:\Documents and Settings\LocalService\ntuser.dll -> catchme.zip -> ntuser.dll.4 ( 25088 bytes )
file zipped: C:\WINDOWS\system32\calc.dll -> catchme.zip -> calc.dll.2 ( 25088 bytes )
Autres pages sur : virus redirection vers page publicitaire
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Merci de ton aide,
voici mon rapport, j'ai du m'y reprendre a deux fois après une erreur de manip...
rapport :
ComboFix 09-10-06.04 - Ed 08/10/2009 1:40.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.619 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ed\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\All Users\Application Data\agexyjicez.dll
c:\documents and settings\All Users\Application Data\ecebuhuvyr.inf
c:\documents and settings\All Users\Application Data\obitejug._dl
c:\documents and settings\All Users\Application Data\wuzon._dl
c:\documents and settings\All Users\Documents\opiz._dl
c:\documents and settings\All Users\Documents\oryrynyzy.scr
c:\documents and settings\Ed\Application Data\osiruvor.lib
c:\documents and settings\Ed\Application Data\ydypuzugu.exe
c:\documents and settings\Ed\Cookies\ajopevyji.reg
c:\documents and settings\Ed\Cookies\uxabowa.bin
c:\documents and settings\Ed\Cookies\wini.ban
c:\documents and settings\Ed\Local Settings\Application Data\imulegeq._sy
c:\documents and settings\Ed\Local Settings\Application Data\udosuk.bin
c:\documents and settings\Ed\Local Settings\Application Data\ynabim.scr
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\abutyl.pif
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\dedego.reg
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\esyfysoc.scr
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\foqicejyh.lib
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\ifolip._dl
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\mubav.dl
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\oxif.reg
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\unafyqyf.sys
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\xyti.sys
c:\documents and settings\Ed\Mes documents\Backup.reg
c:\documents and settings\Ed\ntuser.dll
c:\documents and settings\LocalService\ntuser.dll
c:\windows\doxe._dl
c:\windows\ebyqarowes.sys
c:\windows\ezopyg.sys
c:\windows\jitilys.bin
c:\windows\ojak.reg
c:\windows\ovinolav.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\ajegoduh.ini
c:\windows\system32\amisewej.ini
c:\windows\system32\apitefuy.ini
c:\windows\system32\ativivoj.ini
c:\windows\system32\ayurupan.ini
c:\windows\system32\calc.dll
c:\windows\system32\cysarypij.reg
c:\windows\system32\dumphive.exe
c:\windows\system32\edihonay.ini
c:\windows\system32\egiyejoj.ini
c:\windows\system32\epupotoj.ini
c:\windows\system32\ibuyibas.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\igupezet.ini
c:\windows\system32\ihekytob.scr
c:\windows\system32\ikaneyaw.ini
c:\windows\system32\ineyepat.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\odabugub.ini
c:\windows\system32\ogezugov.ini
c:\windows\system32\ogohofon.ini
c:\windows\system32\omehaneg.ini
c:\windows\system32\omuzuhez.ini
c:\windows\system32\oyokamej.ini
c:\windows\system32\pedusolaw.reg
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uhigidid.ini
c:\windows\system32\umujazek.ini
c:\windows\system32\utehohah.ini
c:\windows\system32\uvunejid.ini
c:\windows\system32\uwafatim.ini
c:\windows\system32\uxar.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\ysilyva._dl
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-08 au 2009-10-08 ))))))))))))))))))))))))))))))))))))
.
2009-10-07 15:54 . 2009-10-06 16:12 138448 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-07 15:54 . 2009-10-06 16:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-07 15:54 . 2009-10-06 16:09 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-07 15:54 . 2009-10-06 16:13 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-07 15:54 . 2009-10-06 16:09 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-07 15:54 . 2009-10-06 16:09 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-07 15:54 . 2009-10-06 16:08 27728 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-07 15:54 . 2009-10-06 16:24 149064 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\program files\Alwil Software
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2009-10-07 15:07 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-07 15:06 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-10-07 15:04 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Malwarebytes
2009-10-06 22:58 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 22:58 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 21:54 . 2008-09-08 21:38 88576 ----a-w- c:\windows\system32\AntiXPVSTFix.exe
2009-09-29 16:05 . 2009-10-07 22:21 -------- d-----w- c:\documents and settings\Ed\Tracing
2009-09-29 16:02 . 2009-09-29 16:02 -------- d-----w- c:\program files\Microsoft
2009-09-29 16:02 . 2009-09-29 16:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 16:01 . 2009-09-29 16:04 -------- d-----w- c:\program files\Windows Live
2009-09-29 15:55 . 2009-09-29 15:55 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\Lame for Audacity
2009-09-15 21:02 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Ed\Application Data\Audacity
2009-09-15 21:01 . 2009-09-15 21:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 19:36 . 2008-01-18 09:35 -------- d-----w- c:\program files\TimeAdjuster
2009-10-07 19:35 . 2008-09-13 15:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-07 19:20 . 2006-03-03 17:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Skype
2009-10-07 18:14 . 2008-11-08 19:22 -------- d-----w- c:\documents and settings\Ed\Application Data\skypePM
2009-10-07 17:57 . 2005-09-13 07:27 -------- d-----w- c:\program files\QuickTime
2009-09-30 09:28 . 2008-10-02 22:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-29 16:05 . 2005-09-17 12:06 51080 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 16:03 . 2005-09-15 20:13 -------- d-----w- c:\program files\MSN Messenger
2009-09-24 20:42 . 2005-09-19 12:13 -------- d-----w- c:\program files\Club-Internet
2009-09-23 18:13 . 2004-08-20 09:24 64922 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-23 18:13 . 2004-08-20 09:24 447222 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-14 18:26 . 2005-09-15 20:15 -------- d-----w- c:\program files\eMule
2009-09-05 14:24 . 2008-10-30 19:21 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-05 14:19 . 2005-12-27 15:13 -------- d-----w- c:\program files\Musicmatch
2009-09-05 14:15 . 2009-02-10 16:16 -------- d-----w- c:\program files\Image Grabber II
2009-09-05 14:13 . 2006-12-19 22:20 -------- d-----w- c:\program files\Creative
2009-09-05 14:03 . 2005-09-15 16:53 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-03 09:54 . 2009-09-03 09:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-28 11:09 . 2008-05-27 15:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 21:09 . 2005-09-18 22:44 -------- d-----w- c:\program files\DivX
2009-08-11 21:09 . 2009-08-11 21:09 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-05 09:06 . 2004-08-20 09:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 11:19 . 2005-09-24 14:07 68204 ----a-w- c:\windows\system32\drivers\StMp3Rec.sys
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2006-08-21 11:00 . 2006-08-21 11:00 16826 ---ha-w- c:\program files\COOL96.GID
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-19 05:59 . 2008-12-19 05:59 522 --sh--w- c:\windows\system32\bewisobe.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-01-01 16384]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-16 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-12-17 278528]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe" [2005-06-02 543232]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2009-10-06 2525256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-13 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-26 315392]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 11:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
"c:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*![:D]( ":D")
isabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*![:D]( ":D")
isabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*![:D]( ":D")
isabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*![:D]( ":D")
isabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*![:D]( ":D")
isabled:UDP port 37675 ooVoo
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/10/2009 16:54 138448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/10/2009 16:54 19024]
.
Contenu du dossier 'Tâches planifiées'
2005-09-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 11:00]
2009-10-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-13 10:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uInternet Settings,ProxyServer = proxy.abdn.ac.uk:8080
IE: Ajouter cette page à la file d'attente de Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Ajouter à la file d'attente le lien ciblé - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Ouvrir cette page avec Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Ouvrir le lien ciblé avec Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\tmjs6js8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-*{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 01:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-10-08 1:50
ComboFix-quarantined-files.txt 2009-10-08 00:48
Avant-CF: 12 696 117 248 octets libres
Après-CF: 12 655 517 696 octets libres
276 --- E O F --- 2009-10-07 01:13
voici mon rapport, j'ai du m'y reprendre a deux fois après une erreur de manip...
rapport :
ComboFix 09-10-06.04 - Ed 08/10/2009 1:40.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.619 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ed\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\All Users\Application Data\agexyjicez.dll
c:\documents and settings\All Users\Application Data\ecebuhuvyr.inf
c:\documents and settings\All Users\Application Data\obitejug._dl
c:\documents and settings\All Users\Application Data\wuzon._dl
c:\documents and settings\All Users\Documents\opiz._dl
c:\documents and settings\All Users\Documents\oryrynyzy.scr
c:\documents and settings\Ed\Application Data\osiruvor.lib
c:\documents and settings\Ed\Application Data\ydypuzugu.exe
c:\documents and settings\Ed\Cookies\ajopevyji.reg
c:\documents and settings\Ed\Cookies\uxabowa.bin
c:\documents and settings\Ed\Cookies\wini.ban
c:\documents and settings\Ed\Local Settings\Application Data\imulegeq._sy
c:\documents and settings\Ed\Local Settings\Application Data\udosuk.bin
c:\documents and settings\Ed\Local Settings\Application Data\ynabim.scr
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\abutyl.pif
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\dedego.reg
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\esyfysoc.scr
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\foqicejyh.lib
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\ifolip._dl
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\mubav.dl
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\oxif.reg
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\unafyqyf.sys
c:\documents and settings\Ed\Local Settings\Temporary Internet Files\xyti.sys
c:\documents and settings\Ed\Mes documents\Backup.reg
c:\documents and settings\Ed\ntuser.dll
c:\documents and settings\LocalService\ntuser.dll
c:\windows\doxe._dl
c:\windows\ebyqarowes.sys
c:\windows\ezopyg.sys
c:\windows\jitilys.bin
c:\windows\ojak.reg
c:\windows\ovinolav.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\ajegoduh.ini
c:\windows\system32\amisewej.ini
c:\windows\system32\apitefuy.ini
c:\windows\system32\ativivoj.ini
c:\windows\system32\ayurupan.ini
c:\windows\system32\calc.dll
c:\windows\system32\cysarypij.reg
c:\windows\system32\dumphive.exe
c:\windows\system32\edihonay.ini
c:\windows\system32\egiyejoj.ini
c:\windows\system32\epupotoj.ini
c:\windows\system32\ibuyibas.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\igupezet.ini
c:\windows\system32\ihekytob.scr
c:\windows\system32\ikaneyaw.ini
c:\windows\system32\ineyepat.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\odabugub.ini
c:\windows\system32\ogezugov.ini
c:\windows\system32\ogohofon.ini
c:\windows\system32\omehaneg.ini
c:\windows\system32\omuzuhez.ini
c:\windows\system32\oyokamej.ini
c:\windows\system32\pedusolaw.reg
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uhigidid.ini
c:\windows\system32\umujazek.ini
c:\windows\system32\utehohah.ini
c:\windows\system32\uvunejid.ini
c:\windows\system32\uwafatim.ini
c:\windows\system32\uxar.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\ysilyva._dl
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-08 au 2009-10-08 ))))))))))))))))))))))))))))))))))))
.
2009-10-07 15:54 . 2009-10-06 16:12 138448 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-07 15:54 . 2009-10-06 16:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-07 15:54 . 2009-10-06 16:09 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-07 15:54 . 2009-10-06 16:13 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-07 15:54 . 2009-10-06 16:09 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-07 15:54 . 2009-10-06 16:09 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-07 15:54 . 2009-10-06 16:08 27728 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-07 15:54 . 2009-10-06 16:24 149064 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\program files\Alwil Software
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2009-10-07 15:07 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-07 15:06 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-10-07 15:04 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Malwarebytes
2009-10-06 22:58 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 22:58 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 21:54 . 2008-09-08 21:38 88576 ----a-w- c:\windows\system32\AntiXPVSTFix.exe
2009-09-29 16:05 . 2009-10-07 22:21 -------- d-----w- c:\documents and settings\Ed\Tracing
2009-09-29 16:02 . 2009-09-29 16:02 -------- d-----w- c:\program files\Microsoft
2009-09-29 16:02 . 2009-09-29 16:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 16:01 . 2009-09-29 16:04 -------- d-----w- c:\program files\Windows Live
2009-09-29 15:55 . 2009-09-29 15:55 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\Lame for Audacity
2009-09-15 21:02 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Ed\Application Data\Audacity
2009-09-15 21:01 . 2009-09-15 21:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 19:36 . 2008-01-18 09:35 -------- d-----w- c:\program files\TimeAdjuster
2009-10-07 19:35 . 2008-09-13 15:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-07 19:20 . 2006-03-03 17:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Skype
2009-10-07 18:14 . 2008-11-08 19:22 -------- d-----w- c:\documents and settings\Ed\Application Data\skypePM
2009-10-07 17:57 . 2005-09-13 07:27 -------- d-----w- c:\program files\QuickTime
2009-09-30 09:28 . 2008-10-02 22:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-29 16:05 . 2005-09-17 12:06 51080 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 16:03 . 2005-09-15 20:13 -------- d-----w- c:\program files\MSN Messenger
2009-09-24 20:42 . 2005-09-19 12:13 -------- d-----w- c:\program files\Club-Internet
2009-09-23 18:13 . 2004-08-20 09:24 64922 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-23 18:13 . 2004-08-20 09:24 447222 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-14 18:26 . 2005-09-15 20:15 -------- d-----w- c:\program files\eMule
2009-09-05 14:24 . 2008-10-30 19:21 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-05 14:19 . 2005-12-27 15:13 -------- d-----w- c:\program files\Musicmatch
2009-09-05 14:15 . 2009-02-10 16:16 -------- d-----w- c:\program files\Image Grabber II
2009-09-05 14:13 . 2006-12-19 22:20 -------- d-----w- c:\program files\Creative
2009-09-05 14:03 . 2005-09-15 16:53 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-03 09:54 . 2009-09-03 09:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-28 11:09 . 2008-05-27 15:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 21:09 . 2005-09-18 22:44 -------- d-----w- c:\program files\DivX
2009-08-11 21:09 . 2009-08-11 21:09 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-05 09:06 . 2004-08-20 09:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 11:19 . 2005-09-24 14:07 68204 ----a-w- c:\windows\system32\drivers\StMp3Rec.sys
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2006-08-21 11:00 . 2006-08-21 11:00 16826 ---ha-w- c:\program files\COOL96.GID
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-19 05:59 . 2008-12-19 05:59 522 --sh--w- c:\windows\system32\bewisobe.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-01-01 16384]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-16 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-12-17 278528]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe" [2005-06-02 543232]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2009-10-06 2525256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-13 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-26 315392]
c:\documents and settings\Ed\Menu D‚marrer\Programmes\D‚marrage\
scandisk.dll [2009-10-7 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-20 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 11:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
"c:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabled:TCP port 443 ooVoo"443:UDP"= 443:UDP:*
isabled:UDP port 443 ooVoo"37674:TCP"= 37674:TCP:*
isabled:TCP port 37674 ooVoo"37674:UDP"= 37674:UDP:*
isabled:UDP port 37674 ooVoo"37675:UDP"= 37675:UDP:*
isabled:UDP port 37675 ooVooR1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/10/2009 16:54 138448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/10/2009 16:54 19024]
.
Contenu du dossier 'Tâches planifiées'
2005-09-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 11:00]
2009-10-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-13 10:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uInternet Settings,ProxyServer = proxy.abdn.ac.uk:8080
IE: Ajouter cette page à la file d'attente de Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Ajouter à la file d'attente le lien ciblé - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Ouvrir cette page avec Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Ouvrir le lien ciblé avec Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\tmjs6js8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-*{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 01:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-10-08 1:50
ComboFix-quarantined-files.txt 2009-10-08 00:48
Avant-CF: 12 696 117 248 octets libres
Après-CF: 12 655 517 696 octets libres
276 --- E O F --- 2009-10-07 01:13
/!\ Seul gadjo_03 peut suivre cette procédure /!\
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
![]()
Cela va relancer Combofix : au message qui apparaît, accepte.
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
![;)]( ";)")
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
File::
c:\windows\system32\bewisobe.exe
c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll
c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
File::
c:\windows\system32\bewisobe.exe
c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll
c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
voila mon nouveau rapport :
Par ailleurs internet expl ne marche plus , je dois passer par mozilla et je n'ai plus de problème de redirection vers les sites de pub pr l'instant...
mon rapport :
ComboFix 09-10-06.04 - Ed 08/10/2009 2:14.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.471 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ed\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Ed\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
"c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll"
"c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk"
"c:\windows\system32\bewisobe.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.dll
c:\documents and settings\Ed\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
c:\windows\system32\bewisobe.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-08 au 2009-10-08 ))))))))))))))))))))))))))))))))))))
.
2009-10-07 15:54 . 2009-10-06 16:12 138448 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-07 15:54 . 2009-10-06 16:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-07 15:54 . 2009-10-06 16:09 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-07 15:54 . 2009-10-06 16:13 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-07 15:54 . 2009-10-06 16:09 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-07 15:54 . 2009-10-06 16:09 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-07 15:54 . 2009-10-06 16:08 27728 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-07 15:54 . 2009-10-06 16:24 149064 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\program files\Alwil Software
2009-10-07 15:53 . 2009-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2009-10-07 15:07 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-07 15:06 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-10-07 15:04 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Malwarebytes
2009-10-06 22:58 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 22:58 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 21:54 . 2008-09-08 21:38 88576 ----a-w- c:\windows\system32\AntiXPVSTFix.exe
2009-09-29 16:05 . 2009-10-07 22:21 -------- d-----w- c:\documents and settings\Ed\Tracing
2009-09-29 16:02 . 2009-09-29 16:02 -------- d-----w- c:\program files\Microsoft
2009-09-29 16:02 . 2009-09-29 16:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 16:01 . 2009-09-29 16:04 -------- d-----w- c:\program files\Windows Live
2009-09-29 15:55 . 2009-09-29 15:55 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\Lame for Audacity
2009-09-15 21:02 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Ed\Application Data\Audacity
2009-09-15 21:01 . 2009-09-15 21:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 19:36 . 2008-01-18 09:35 -------- d-----w- c:\program files\TimeAdjuster
2009-10-07 19:35 . 2008-09-13 15:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-07 19:20 . 2006-03-03 17:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Skype
2009-10-07 18:14 . 2008-11-08 19:22 -------- d-----w- c:\documents and settings\Ed\Application Data\skypePM
2009-10-07 17:57 . 2005-09-13 07:27 -------- d-----w- c:\program files\QuickTime
2009-09-30 09:28 . 2008-10-02 22:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-29 16:05 . 2005-09-17 12:06 51080 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 16:03 . 2005-09-15 20:13 -------- d-----w- c:\program files\MSN Messenger
2009-09-24 20:42 . 2005-09-19 12:13 -------- d-----w- c:\program files\Club-Internet
2009-09-23 18:13 . 2004-08-20 09:24 64922 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-23 18:13 . 2004-08-20 09:24 447222 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-14 18:26 . 2005-09-15 20:15 -------- d-----w- c:\program files\eMule
2009-09-05 14:24 . 2008-10-30 19:21 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-05 14:19 . 2005-12-27 15:13 -------- d-----w- c:\program files\Musicmatch
2009-09-05 14:15 . 2009-02-10 16:16 -------- d-----w- c:\program files\Image Grabber II
2009-09-05 14:13 . 2006-12-19 22:20 -------- d-----w- c:\program files\Creative
2009-09-05 14:03 . 2005-09-15 16:53 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-03 09:54 . 2009-09-03 09:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-28 11:09 . 2008-05-27 15:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 21:09 . 2005-09-18 22:44 -------- d-----w- c:\program files\DivX
2009-08-11 21:09 . 2009-08-11 21:09 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-05 09:06 . 2004-08-20 09:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 11:19 . 2005-09-24 14:07 68204 ----a-w- c:\windows\system32\drivers\StMp3Rec.sys
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2006-08-21 11:00 . 2006-08-21 11:00 16826 ---ha-w- c:\program files\COOL96.GID
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-01-01 16384]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-16 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-12-17 278528]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe" [2005-06-02 543232]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2009-10-06 2525256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-13 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-12-26 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 11:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
"c:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabled:TCP port 443 ooVoo"443:UDP"= 443:UDP:*
isabled:UDP port 443 ooVoo"37674:TCP"= 37674:TCP:*
isabled:TCP port 37674 ooVoo"37674:UDP"= 37674:UDP:*
isabled:UDP port 37674 ooVoo"37675:UDP"= 37675:UDP:*
isabled:UDP port 37675 ooVooR1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/10/2009 16:54 138448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/10/2009 16:54 19024]
.
Contenu du dossier 'Tâches planifiées'
2005-09-16 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 11:00]
2009-10-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-13 10:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uInternet Settings,ProxyServer = proxy.abdn.ac.uk:8080
IE: Ajouter cette page à la file d'attente de Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Ajouter à la file d'attente le lien ciblé - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Ouvrir cette page avec Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Ouvrir le lien ciblé avec Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\tmjs6js8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 02:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(1636)
c:\docume~1\Ed\LOCALS~1\TempIadHide3.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\CTSVCCDA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\WLAN\USB_WLAN_Utility\Wlan.exe
.
**************************************************************************
.
Heure de fin: 2009-10-08 2:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-08 01:27
ComboFix2.txt 2009-10-08 00:50
Avant-CF: 12 661 448 704 octets libres
Après-CF: 12 623 462 400 octets libres
222 --- E O F --- 2009-10-07 01:13
Citation :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
bonjour,
désolé de m'incruster dans la conversation mais j'ai le même problème.
Mon rapport à l'issue des recommandations de destrio5:
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2926
Windows 5.1.2600 Service Pack 3
09/10/2009 12:48:15
mbam-log-2009-10-09 (12-48-14).txt
Type de recherche: Examen rapide
Eléments examinés: 123511
Temps écoulé: 17 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv1191.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv2114.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv3036.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv3967.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv4889.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv5811.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv6734.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv7657.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv8577.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv9498.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
MERCI!
désolé de m'incruster dans la conversation mais j'ai le même problème.
Mon rapport à l'issue des recommandations de destrio5:
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2926
Windows 5.1.2600 Service Pack 3
09/10/2009 12:48:15
mbam-log-2009-10-09 (12-48-14).txt
Type de recherche: Examen rapide
Eléments examinés: 123511
Temps écoulé: 17 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv1191.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv2114.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv3036.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv3967.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv4889.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv5811.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv6734.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv7657.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv8577.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\ctv9498.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
MERCI!
Tutoriel : Scanner le(s) disque(s) dur(s)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumRedirection vers une autre page quand un mobile se connecte a mon site
- ForumVirus ? redirection à partir de google vers des sites indésirables
- Forum[RESOLU] Virus peristant : redirection vers liens publicitaires
- ForumProblême virus redirection vers search-dealy
- ForumVirus pages publicitaire qui ouvre sans arret et les liens redirigés
- ForumVirus IE: page google mauvaise redirection - fonction Back IE deconne
- ForumVirus IE, sur page google avec mauvaise redirection
- Forum[résolu] Pb de redirection google vers pages de pub
- ForumComment faire un redirection ver une autre page ?
- Voir plus
