|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour
je commence à être un peu démoralisé je n'arrive pas à me débarasser de ce virus comment faire? svp
|
|
|
|
|
Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs
# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
# Double clique sur Combofix.exe et suis les instructions.
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse
Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
# N'oublie pas de réactiver tes protections !!!
# Télécharge HijackThis v2.0.2
# ==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu dans ton prochain message.
|
|
|
|
|
|
je suis un peu lent désolé j'ai télécharger combofix il a fait son travail mais comment je fais pour mettre sur le forum son analyse
|
|
|
|
|
K1Ks a écrit :
:hello:
Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs
# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
# Double clique sur Combofix.exe et suis les instructions.
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse
# Télécharge HijackThis v2.0.2
# ==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu dans ton prochain message.
Voici le rapport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:58, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [34512955] rundll32.exe "C:\WINDOWS\system32\iojvtgmd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtac(...)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6577 bytes
|
|
|
|
|
|
le rapport se trouve ici >>> C:\Combofix.txt
|
|
|
|
|
voila alors le vrai rapport
ComboFix 08-05-12.1 - Stéphane 2008-05-14 19:37:22.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.520 [GMT 2:00]
Endroit: C:\Documents and Settings\Stéphane\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\JSYFOqss.ini
C:\WINDOWS\system32\JSYFOqss.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.
2008-05-14 19:40 . 2008-05-14 19:40 318,848 --a------ C:\WINDOWS\system32\tuvUKeba.dll
2008-05-14 19:40 . 2008-05-14 19:40 344 --ahs---- C:\WINDOWS\system32\abeKUvut.ini2
2008-05-14 19:40 . 2008-05-14 19:40 344 --ahs---- C:\WINDOWS\system32\abeKUvut.ini
2008-05-14 19:25 . 2008-05-14 19:25 90,240 --a------ C:\WINDOWS\system32\ipfmwpyw.dll
2008-05-14 19:25 . 2008-05-14 19:40 474 ---hs---- C:\WINDOWS\system32\wypwmfpi.ini
2008-05-14 19:24 . 2008-05-14 19:24 318,848 --a------ C:\WINDOWS\system32\ssqOFYSJ.dll
2008-05-14 19:19 . 2008-05-14 19:19 <REP> d-------- C:\Documents and Settings\Stéphane
2008-05-14 19:19 . <REP> C:\Documents and Settings\StÚphane\Local Settings
2008-05-14 19:19 . <REP> C:\Documents and Settings\StÚphane\Local Settings
2008-05-14 18:26 . 2008-05-14 18:26 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 22:16 . 2008-05-13 22:16 <REP> d-------- C:\Program Files\MalWarrior 2007
2008-05-13 21:21 . 2008-05-13 21:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 21:21 . 2008-05-13 21:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-13 21:21 . 2008-05-13 21:21 318,080 --a------ C:\WINDOWS\system32\awtrRlli.dll
2008-05-13 21:21 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-13 21:21 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-13 19:13 . 2008-05-13 19:13 <REP> d-------- C:\Program Files\CableRouting
2008-05-13 17:21 . 2008-05-13 17:21 318,080 --a------ C:\WINDOWS\system32\fccbATlI.dll
2008-05-13 16:11 . 2008-05-13 16:11 29,824 --a------ C:\WINDOWS\system32\byXPFWqo.dll
2008-05-13 16:10 . 2008-05-13 04:48 94,208 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-13 16:09 . 2008-05-13 22:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-04-21 18:13 . 2008-04-21 18:13 <REP> d-------- C:\Program Files\Real
2008-04-21 18:13 . 2008-04-21 18:13 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-21 18:13 . 2008-04-21 18:13 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-21 18:12 . 2008-04-21 18:12 <REP> d-------- C:\Program Files\Google
2008-04-18 15:39 . 2008-04-18 15:39 <REP> d-------- C:\Program Files\VideoLAN
2008-04-15 10:51 . 2008-05-13 21:15 <REP> d-------- C:\Documents and Settings\Vanessa\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:57 --------- d-----w C:\Program Files\eMule
2008-05-11 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cyberlink
2008-04-01 18:43 --------- d-----w C:\Program Files\QuickTime
2008-03-18 21:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 17:20 --------- d-----w C:\Documents and Settings\Vanessa\Application Data\CyberLink
2008-03-17 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 17:15 --------- d-----w C:\Program Files\CyberLink
2008-03-17 17:12 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-03-17 11:32 --------- d-----w C:\Program Files\Brother
2008-03-17 11:29 --------- d-----w C:\Program Files\ScanSoft
2008-03-17 11:29 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
2008-03-17 11:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-17 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-17 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-17 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-03-11 20:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_19.18.48.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 17:16:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 17:39:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 17:39:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
2008-03-27 15:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A1C4AC6-53F2-4046-906D-A0C1F75E97D8}]
2008-05-14 19:24 318848 --a------ C:\WINDOWS\system32\ssqOFYSJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C706F3-347F-4F9F-8F71-62E3E3B608AE}]
2008-05-13 17:21 318080 --a------ C:\WINDOWS\system32\fccbATlI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63B51E21-EE6C-4E68-B319-B649A701EBEA}]
2008-05-14 19:40 318848 --a------ C:\WINDOWS\system32\tuvUKeba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B4FBDC1-F90E-428F-9C16-119BF113079D}]
2008-05-13 16:11 29824 --a------ C:\WINDOWS\system32\byXPFWqo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-24 12:00 68856]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-13 16:11 1025536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 20:30 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-01 20:43 385024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 18:13 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7B4FBDC1-F90E-428F-9C16-119BF113079D}"= C:\WINDOWS\system32\byXPFWqo.dll [2008-05-13 16:11 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPFWqo]
byXPFWqo.dll 2008-05-13 16:11 29824 C:\WINDOWS\system32\byXPFWqo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\tuvUKeba
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 19:40:33
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXPFWqo.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iojvtgmd.dll
-> C:\WINDOWS\system32\tuvUKeba.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-14 19:42:27 - machine was rebooted [St‚phane]
ComboFix-quarantined-files.txt 2008-05-14 17:42:21
ComboFix2.txt 2008-05-14 17:19:07
Pre-Run: 29,866,307,584 octets libres
Post-Run: 29,857,062,912 octets libres
163 --- E O F --- 2008-04-09 17:00:38
|
|
|
|
|
K1Ks a écrit :
le rapport se trouve ici >>> C:\Combofix.txt
Je ne sais pas si tu as attendu mon rapport mais mon ordinateur était bloqué je ne pouvais plus rien faire désolé
voilà le vrai rapport
ComboFix 08-05-12.1 - Stéphane 2008-05-14 19:37:22.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.520 [GMT 2:00]
Endroit: C:\Documents and Settings\Stéphane\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\JSYFOqss.ini
C:\WINDOWS\system32\JSYFOqss.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.
2008-05-14 19:40 . 2008-05-14 19:40 318,848 --a------ C:\WINDOWS\system32\tuvUKeba.dll
2008-05-14 19:40 . 2008-05-14 19:40 344 --ahs---- C:\WINDOWS\system32\abeKUvut.ini2
2008-05-14 19:40 . 2008-05-14 19:40 344 --ahs---- C:\WINDOWS\system32\abeKUvut.ini
2008-05-14 19:25 . 2008-05-14 19:25 90,240 --a------ C:\WINDOWS\system32\ipfmwpyw.dll
2008-05-14 19:25 . 2008-05-14 19:40 474 ---hs---- C:\WINDOWS\system32\wypwmfpi.ini
2008-05-14 19:24 . 2008-05-14 19:24 318,848 --a------ C:\WINDOWS\system32\ssqOFYSJ.dll
2008-05-14 19:19 . 2008-05-14 19:19 <REP> d-------- C:\Documents and Settings\Stéphane
2008-05-14 19:19 . <REP> C:\Documents and Settings\StÚphane\Local Settings
2008-05-14 19:19 . <REP> C:\Documents and Settings\StÚphane\Local Settings
2008-05-14 18:26 . 2008-05-14 18:26 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 22:16 . 2008-05-13 22:16 <REP> d-------- C:\Program Files\MalWarrior 2007
2008-05-13 21:21 . 2008-05-13 21:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 21:21 . 2008-05-13 21:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-13 21:21 . 2008-05-13 21:21 318,080 --a------ C:\WINDOWS\system32\awtrRlli.dll
2008-05-13 21:21 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-13 21:21 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-13 19:13 . 2008-05-13 19:13 <REP> d-------- C:\Program Files\CableRouting
2008-05-13 17:21 . 2008-05-13 17:21 318,080 --a------ C:\WINDOWS\system32\fccbATlI.dll
2008-05-13 16:11 . 2008-05-13 16:11 29,824 --a------ C:\WINDOWS\system32\byXPFWqo.dll
2008-05-13 16:10 . 2008-05-13 04:48 94,208 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-13 16:09 . 2008-05-13 22:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-04-21 18:13 . 2008-04-21 18:13 <REP> d-------- C:\Program Files\Real
2008-04-21 18:13 . 2008-04-21 18:13 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-21 18:13 . 2008-04-21 18:13 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-21 18:12 . 2008-04-21 18:12 <REP> d-------- C:\Program Files\Google
2008-04-18 15:39 . 2008-04-18 15:39 <REP> d-------- C:\Program Files\VideoLAN
2008-04-15 10:51 . 2008-05-13 21:15 <REP> d-------- C:\Documents and Settings\Vanessa\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:57 --------- d-----w C:\Program Files\eMule
2008-05-11 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cyberlink
2008-04-01 18:43 --------- d-----w C:\Program Files\QuickTime
2008-03-18 21:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 17:20 --------- d-----w C:\Documents and Settings\Vanessa\Application Data\CyberLink
2008-03-17 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 17:15 --------- d-----w C:\Program Files\CyberLink
2008-03-17 17:12 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-03-17 11:32 --------- d-----w C:\Program Files\Brother
2008-03-17 11:29 --------- d-----w C:\Program Files\ScanSoft
2008-03-17 11:29 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
2008-03-17 11:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-17 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-17 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-17 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-03-11 20:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_19.18.48.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 17:16:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 17:39:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 17:39:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
2008-03-27 15:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A1C4AC6-53F2-4046-906D-A0C1F75E97D8}]
2008-05-14 19:24 318848 --a------ C:\WINDOWS\system32\ssqOFYSJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C706F3-347F-4F9F-8F71-62E3E3B608AE}]
2008-05-13 17:21 318080 --a------ C:\WINDOWS\system32\fccbATlI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63B51E21-EE6C-4E68-B319-B649A701EBEA}]
2008-05-14 19:40 318848 --a------ C:\WINDOWS\system32\tuvUKeba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B4FBDC1-F90E-428F-9C16-119BF113079D}]
2008-05-13 16:11 29824 --a------ C:\WINDOWS\system32\byXPFWqo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-24 12:00 68856]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-13 16:11 1025536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 20:30 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-01 20:43 385024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 18:13 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7B4FBDC1-F90E-428F-9C16-119BF113079D}"= C:\WINDOWS\system32\byXPFWqo.dll [2008-05-13 16:11 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPFWqo]
byXPFWqo.dll 2008-05-13 16:11 29824 C:\WINDOWS\system32\byXPFWqo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\tuvUKeba
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 19:40:33
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXPFWqo.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iojvtgmd.dll
-> C:\WINDOWS\system32\tuvUKeba.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-14 19:42:27 - machine was rebooted [St‚phane]
ComboFix-quarantined-files.txt 2008-05-14 17:42:21
ComboFix2.txt 2008-05-14 17:19:07
Pre-Run: 29,866,307,584 octets libres
Post-Run: 29,857,062,912 octets libres
163 --- E O F --- 2008-04-09 17:00:38
|
|
|
|
|
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\tuvUKeba.dll
C:\WINDOWS\system32\abeKUvut.ini2
C:\WINDOWS\system32\abeKUvut.ini
C:\WINDOWS\system32\ipfmwpyw.dll
C:\WINDOWS\system32\wypwmfpi.ini
C:\WINDOWS\system32\ssqOFYSJ.dll
C:\WINDOWS\system32\awtrRlli.dll
C:\WINDOWS\system32\fccbATlI.dll
C:\WINDOWS\system32\byXPFWqo.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\iojvtgmd.dll
Folder::
C:\Program Files\MalWarrior 2007
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A1C4AC6-53F2-4046-906D-A0C1F75E97D8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C706F3-347F-4F9F-8F71-62E3E3B608AE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63B51E21-EE6C-4E68-B319-B649A701EBEA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B4FBDC1-F90E-428F-9C16-119BF113079D}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalWarrior"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7B4FBDC1-F90E-428F-9C16-119BF113079D}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPFWqo]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
|
|
|
1
|
|
|
|
