Gros Virus - Sécurité, virus et assimilés::Virus

Auteur

Message

Matcab65

Posté le 28/05/2008 11:56:44

Bonjour a tous,
voila, je pense que mon Ordi a un gros virus, après avoir consulté quelques forum, j'ai lancé une analyse avec ComboFix.
Mais Combox fix a l'air de planté à l'etape 41 ?
Que faire ?
Merci

Matcab65

Posté le 28/05/2008 12:12:11

voici un rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 12:09, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

EDITION MODERATEUR : Règle du forum à respecter :

Pas de rapport avant qu'il n'en soit demandé un !

Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)

Merci d'en prendre connaissance.

-->Message édité par Mérillym le 28/05/2008 12:25:03<--

K1Ks

Posté le 28/05/2008 15:03:49

Suis ce tuto et pot moi le rapport car ta version de Hijackthis est obselete !

# ==>Lien et Tuto ici<==

-------
Site d'Entraide sur la Sécurité Bibou Le Forum

Matcab65

Posté le 28/05/2008 21:23:29

c'est surtout un probleme de message lorsque je surfe "insecure Internet Activity - Threat a virus attack.
Voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Saas] "C:\WINDOWS\FNTS~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntqkdm.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A8B6894-B079-415A-B658-7605B139B18B}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6151 bytes

K1Ks

Posté le 28/05/2008 21:27:54

Affiche les Fichiers cachés de XP >>> Pour afficher les fichiers cachés de XP

Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs

# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

# Double clique sur Combofix.exe et suis les instructions.

/!\ Laisse le travailler et ne l'interromps surtout pas /!\

Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse avec un nouveau log Hijackthis.

Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
# N'oublie pas de réactiver tes protections !!!

-------
Site d'Entraide sur la Sécurité Bibou Le Forum

Matcab65

Posté le 28/05/2008 21:54:39

voici le rapport Combo

ComboFix 08-05-27.4 - PC 2008-05-28 21:41:41.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.167 [GMT 2:00]
Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMeff759d5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\brkpnmxk.exe
C:\WINDOWS\system32\tEhjQqru.ini
C:\WINDOWS\system32\tEhjQqru.ini2
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\PC\Menu Démarrer\Programmes\SpyShredder
C:\Documents and Settings\PC\Menu Démarrer\Programmes\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\PC\Menu Démarrer\Programmes\SpyShredder\Uninstall.lnk
C:\kl.exe
C:\Program Files\CPV
C:\Program Files\dbar
C:\Program Files\dbar\basis.xml
C:\Program Files\dbar\channel.tmpl
C:\Program Files\dbar\content.tmpl
C:\Program Files\dbar\dbaruninst.exe
C:\Program Files\dbar\deskbar.crc
C:\Program Files\dbar\deskbar.dll
C:\Program Files\dbar\deskbar.inf
C:\Program Files\dbar\edit_rss.tmpl
C:\Program Files\dbar\local.xml
C:\Program Files\dbar\nav1.bmp
C:\Program Files\dbar\nav2.bmp
C:\Program Files\dbar\new_alert.tmpl
C:\Program Files\dbar\version.ini
C:\Program Files\dbar\version.txt
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\network monitor
C:\Program Files\Temporary
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\icons\bufferthis.ico
C:\Program Files\winvi\icons\flashfunpages.ico
C:\Program Files\winvi\icons\funnies.ico
C:\Program Files\winvi\icons\funnyfunpages.ico
C:\Program Files\winvi\icons\goodcleanvideos.ico
C:\Program Files\winvi\icons\newfunpages.ico
C:\Program Files\winvi\icons\positivethoughts.ico
C:\Program Files\winvi\icons\removespyware.ico
C:\Program Files\winvi\icons\thissiterocks.ico
C:\Program Files\winvi\icons\Thumbs.db
C:\Program Files\winvi\temp\version.ini
C:\Program Files\winvi\version.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMeff759d5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\fnts~1\F?nts\
C:\WINDOWS\icroso~1.net
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akvousce.ini
C:\WINDOWS\system32\bcimvyfg.dll
C:\WINDOWS\system32\bxujthlr.dll
C:\WINDOWS\system32\byXRjhgG.dll
C:\WINDOWS\system32\cbXQkhgH.dll
C:\WINDOWS\system32\csnlmqgf.ini
C:\WINDOWS\system32\dcytrfpb.ini
C:\WINDOWS\system32\ddcBQjGx.dll
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\hbgkpngj.ini
C:\WINDOWS\system32\ifelllhs.ini
C:\WINDOWS\system32\IloWFfhk.ini
C:\WINDOWS\system32\IloWFfhk.ini2
C:\WINDOWS\system32\jnbvqypx.ini
C:\WINDOWS\system32\kcdqmrgs.dll
C:\WINDOWS\system32\khfEWQkk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJCVmjG.dll
C:\WINDOWS\system32\mlJdDUMd.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nkbuhrnv.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qvhrsoiq.ini
C:\WINDOWS\system32\rlhtjuxb.ini
C:\WINDOWS\system32\sbekqhyk.ini
C:\WINDOWS\system32\sgrmqdck.ini
C:\WINDOWS\system32\tEhjQqru.ini
C:\WINDOWS\system32\tEhjQqru.ini2
C:\WINDOWS\system32\temywdrj.dll
C:\WINDOWS\system32\tjfgumhj.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\UGM\
C:\WINDOWS\xpupdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-28 21:10 . 2008-05-28 21:10 <REP> d-------- C:\Program Files\Trend Micro
2008-05-28 17:19 . 2008-05-28 18:21 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-28 14:42 . 2008-05-28 14:42 <REP> d-------- C:\Program Files\CCleaner
2008-05-28 14:39 . 2008-05-28 14:39 <REP> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes
2008-05-28 14:38 . 2008-05-28 14:39 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 14:38 . 2008-05-28 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 14:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 14:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 14:34 . 2008-05-28 14:34 <REP> d-------- C:\Program Files\Avira
2008-05-28 14:34 . 2008-05-28 14:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 10:40 . 2008-05-28 12:03 <REP> d-------- C:\killer
2008-05-27 22:21 . 2008-05-27 22:21 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-27 22:15 . 2008-05-27 22:14 47,056 --a------ C:\a
2008-05-27 21:22 . 2008-05-27 21:22 280,576 --------- C:\WINDOWS\system32\urqQjhEt.dll
2008-05-27 17:56 . 2008-05-27 17:56 <REP> d-------- C:\Program Files\Alwil Software
2008-05-27 12:55 . 2008-05-27 13:20 <REP> d-------- C:\Program Files\Win-X-Defender
2008-05-27 12:55 . 2008-05-27 12:55 <REP> d-------- C:\Documents and Settings\PC\Application Data\Win-X-Defender
2008-05-26 12:32 . 2008-05-26 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 09:44 . 2008-05-26 09:45 2,981,942 --a------ C:\WINDOWS\Screen Saver Wallpaper.bmp
2008-05-23 12:00 . 2008-05-26 13:34 <REP> d-------- C:\WINDOWS\system32\xnA
2008-05-23 12:00 . 2008-05-28 15:54 <REP> d-------- C:\WINDOWS\system32\vntiho18
2008-05-23 12:00 . 2008-05-23 12:00 <REP> d-------- C:\temp\vtmp2
2008-05-22 13:02 . 2008-05-22 13:02 <REP> d-------- C:\Documents and Settings\PC\Application Data\libresystem
2008-05-22 12:56 . 2008-05-22 12:56 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
2008-05-22 12:52 . 2008-05-26 13:34 <REP> d-------- C:\Program Files\Fichiers communs\LibreSystem
2008-05-21 22:31 . 2008-05-21 22:31 <REP> d-------- C:\Documents and Settings\PC\Application Data\MonContenuassistant
2008-05-21 22:25 . 2008-05-21 22:25 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-21 22:25 . 2008-05-21 22:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MonContenuassistant
2008-05-21 22:24 . 2008-05-26 13:34 <REP> d-------- C:\Program Files\Fichiers communs\MonContenuassistant
2008-05-20 23:30 . 2008-05-20 23:30 <REP> d--hs---- C:\VirusEffaceur
2008-05-20 23:24 . 2008-05-20 23:24 <REP> d-------- C:\Documents and Settings\PC\Application Data\VirusEffaceur
2008-05-20 13:39 . 2008-05-20 13:39 <REP> d-------- C:\WINDOWS\system32\Engines
2008-05-20 13:38 . 2008-05-28 15:08 <REP> d-------- C:\Program Files\Fichiers communs\VirusEffaceur
2008-05-20 13:25 . 2008-05-27 13:03 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-05-20 13:25 . 2008-05-27 13:03 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-05-19 14:08 . 2008-05-26 13:33 <REP> d-------- C:\WINDOWS\system32\logXv18
2008-05-19 12:41 . 2008-05-26 13:34 <REP> d-------- C:\WINDOWS\system32\rDA
2008-05-19 12:41 . 2008-05-26 13:33 <REP> d-------- C:\WINDOWS\system32\logXv05
2008-05-19 12:41 . 2008-05-28 15:53 <REP> d-------- C:\WINDOWS\system32\emL1
2008-05-19 12:41 . 2008-05-27 21:52 <REP> d-------- C:\WINDOWS\system32\3056v
2008-05-18 19:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-18 19:35 . 2008-05-18 19:36 <REP> d-------- C:\Program Files\Java
2008-05-18 19:33 . 2008-05-18 19:33 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-16 14:52 . 2008-05-21 11:55 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-08 00:28 . 2008-05-08 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-05-08 00:21 . 2008-05-08 00:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 19:45 --------- d-----w C:\Program Files\Wanadoo
2008-05-22 16:32 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-22 16:22 --------- d-----w C:\Program Files\Winamp
2008-05-22 16:09 --------- d-----w C:\Program Files\Logitech
2008-05-22 16:02 --------- d-----w C:\Program Files\Controle Parental
2008-05-22 15:53 --------- d-----w C:\Documents and Settings\PC\Application Data\skypePM
2008-05-21 20:02 --------- d-----w C:\Program Files\Lx_cats
2008-05-20 10:40 --------- d-----w C:\Documents and Settings\PC\Application Data\LimeWire
2008-05-18 12:56 --------- d-----w C:\Program Files\Ahead
2008-05-16 13:46 --------- d-----w C:\Documents and Settings\PC\Application Data\Skype
2008-03-30 21:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-30 21:24 --------- d-----w C:\Program Files\Skype
2008-03-30 21:24 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-03-30 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2006-04-24 09:44 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

------- Sigcheck -------

2004-08-04 06:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe
2004-08-04 06:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 06:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2004-08-04 06:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 06:55 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe
2004-08-04 06:55 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 05:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 05:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2006-12-19 20:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:22 2059648 06015d137b02542f07d5cd7b144df942 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2006-12-19 20:45 2184064 1f3fa2065e6e043a1d82a487b5da309c C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:22 2182400 d27929db7b7f92f9d0f8ec9ba01c601c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 06:55 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe
2004-08-04 06:55 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 06:54 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe
2004-08-04 06:54 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 06:54 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 06:54 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DC90A3C-197A-4BE5-9FCE-7FD58D612AE0}]
C:\WINDOWS\system32\bispram.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{273d97f4-8c16-9362-a241-2907293e0486}]
C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{407D81A6-E1CA-44AA-A836-43C6C709A1C7}]
C:\WINDOWS\system32\bispram.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B72CD588-9ED8-4675-92E8-5056FA5FCB2C}]
C:\WINDOWS\system32\bispram.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C71039EB-68AB-431A-9438-34B4C6FF86B5}]
2008-05-27 12:55 28160 --a------ C:\Program Files\Win-X-Defender\redir.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D03308DF-A978-4317-B3E2-F947D9A7FB94}]
C:\WINDOWS\system32\khfFWolI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECEF6936-F5EA-4A80-94EC-15966142946B}]
2008-05-27 21:22 280576 --------- C:\WINDOWS\system32\urqQjhEt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Saas"="C:\WINDOWS\FNTS~1\ntvdm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 22:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-24 01:13 185632]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 11:09 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBQjGx]
ddcBQjGx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=C:\Documents and Settings\PC\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\PC\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMeff759d5]
C:\WINDOWS\system32\rcrhyhid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:54 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbar_starter]
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\starter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ecc46a49]
C:\WINDOWS\system32\kyhqkebs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Euou]
C:\WINDOWS\?icrosoft.NET\s?chost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-06-07 02:05 98304 C:\Program Files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaCore]
C:\Program Files\\JavaCore\\JavaCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
--a------ 2006-07-10 22:30 294912 C:\Program Files\Lexmark 5400 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LibreSystem]
C:\Program Files\LibreSystem\SysRep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 10:46 497200 C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 11:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
C:\Documents and Settings\PC\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
--a------ 2007-01-11 13:57 291760 C:\Program Files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack16]
C:\Program Files\QdrPack\QdrPack16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-26 15:56 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Saas]
C:\WINDOWS\FNTS~1\ntvdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
C:\Documents and Settings\PC\Application Data\Microsoft\Windows\cekars.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:37 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\PC\Application Data\SpeedRunner\SpeedRunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svconr]
C:\Program Files\Svconr\Svconr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-04 22:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-24 01:13 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ucookw]
C:\PROGRA~1\LIBRES~1\ucookw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusEffaceur]
C:\Program Files\VirusEffaceur\pgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSUpdater]
C:\Program Files\winvi\wupda.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdater]
C:\Program Files\winvi\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yhun]
C:\WINDOWS\system32\F?nts\d?dplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{22b59b77-11a2-f5a1-4875-360e719e8a9a}]
C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{46-6A-AE-E6-DW}]
C:\WINDOWS\system32\jpwnw64n.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OPTENET_FILTER"=2 (0x2)
"MSIServer"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 12:14]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59a3904a-2821-11dd-b7e3-001109ec1d7b}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 21:45:48
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 21:51:32 - machine was rebooted [PC]
ComboFix-quarantined-files.txt 2008-05-28 19:51:22

Pre-Run: 32,322,445,312 octets libres
Post-Run: 32,260,743,168 octets libres

380 --- E O F --- 2008-05-17 12:12:03

Matcab65

Posté le 28/05/2008 21:56:10

Et le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:24, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {0DC90A3C-197A-4BE5-9FCE-7FD58D612AE0} - C:\WINDOWS\system32\bispram.dll (file missing)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: gooochi browser optimizer - {273d97f4-8c16-9362-a241-2907293e0486} - C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll (file missing)
O2 - BHO: (no name) - {407D81A6-E1CA-44AA-A836-43C6C709A1C7} - C:\WINDOWS\system32\bispram.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B72CD588-9ED8-4675-92E8-5056FA5FCB2C} - C:\WINDOWS\system32\bispram.dll (file missing)
O2 - BHO: (no name) - {C71039EB-68AB-431A-9438-34B4C6FF86B5} - C:\Program Files\Win-X-Defender\redir.dll
O2 - BHO: (no name) - {D03308DF-A978-4317-B3E2-F947D9A7FB94} - C:\WINDOWS\system32\khfFWolI.dll (file missing)
O2 - BHO: (no name) - {ECEF6936-F5EA-4A80-94EC-15966142946B} - C:\WINDOWS\system32\urqQjhEt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Saas] "C:\WINDOWS\FNTS~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntqkdm.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A8B6894-B079-415A-B658-7605B139B18B}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcBQjGx - ddcBQjGx.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7677 bytes

Matcab65

Posté le 28/05/2008 22:07:12

Que faire après ceux ci

K1Ks

Posté le 29/05/2008 19:49:51

# Execute alors un scan avec Malwarebyte's Anti-Malware (anti malware recommandé )
# ==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu dans ton prochain message.

-------
Site d'Entraide sur la Sécurité Bibou Le Forum

Matcab65

Posté le 29/05/2008 22:01:23

nouveau rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:48, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Documents and Settings\CABOS\lsass.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mypcchoice.com/IconEntry.aspx?l=2&v=2&p=10EF20445BDECAF348(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\CABOS\lsass.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [{d5e31b93-4ac0-477b-fdba-81e24c7cbf59}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3f4ce5e0-1c06-2108-67be-ee580eb3d8d3}.dll" DllInit
O4 - HKLM\..\Run: [09cf3e3b] rundll32.exe "C:\WINDOWS\system32\dgvbbspy.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

--
End of file - 7472 bytes

gil le fantom

Posté le 29/05/2008 22:20:12

bonjour K1ks
peut tu jeter un oeil sur ce lien
http://www.commentcamarche.net/forum/affich-6624170-insecure-internet-activit(...)
je te laisse terminer avec lui

bonne continuation
amicalement

gil

K1Ks

Posté le 30/05/2008 14:55:28

Ok gil le fantom !!!

Maintenant 2choses Matcab652 !!!

# Ne jamais mettre en parallele 2 désinfections aux méthodes differentes , cela our etre fatal pour ton pc et d'ailleurs ennyeux pour l'helper puisqu'il tourne en rond !!

# Le rapport de malwares Bytes ???

Autre chose , peux tu repondre a sa :

sur 01 net Posté le 28/05/2008 21:54:39

voici le rapport Combo

ComboFix 08-05-27.4 - PC 2008-05-28 21:41:41.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.167 [GMT 2:00]
Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe

tu as bien fait combofix,c'est bien toi qui la posté

oui mais pas sur cet engin!

-->Message édité par K1Ks le 30/05/2008 14:58:33<--

-------
Site d'Entraide sur la Sécurité Bibou Le Forum

[logiciel libre] Mandriva Linux 2009 est disponible

[vu sur le web] Première photo pour le satellite GeoEye-1, l'œil de lynx de Google

[sélection] Téléchargement : les dix meilleurs logiciels de la semaine

[banc d'essai] Le classement des fournisseurs d'accès à Internet (2 au 8 octobre)

[bureautique] La version définitive d'OpenOffice.org 3.0 à télécharger

[très haut-débit] Fibre optique : les règles du jeu sont fixées

[desktops] Chez Packard Bell, l'achat d'un PC à 499 euros donne droit à une Xbox 360 à 30 euros

[pc] L'Eee Box d'Asus fourni avec virus