| Qui est en ligne ? | Il y a en tout 0 utilisateur en ligne :: 0 Enregistré, 0 Invisible et 0 Invité Aucun Le record du nombre d'utilisateurs en ligne est de 30 le Mer 5 Mar - 20:36 |
| un peu de pub | 5 euros de réduction
pour toute commande passée
jusqu'au 31 décembre 2008.
code : ANNIVERSAIRE
|
| DreamTeam Bibou | Bibou0007 et jerome1487 : administrateurs
K1ks, GrosBébé, ninie et laddy : Modérateurs
Papy-de-Provence, Gilbert03, Angus Young, TheBloom et icare43 : Intervenants
moloch et arctarus : Animateurs
|
| Statistiques | Nous avons 1054 membres enregistrés
L'utilisateur enregistré le plus récent est didier862
Nos membres ont posté un total de 34166 messages dans 2735 sujets
|
| Meilleurs posteurs | | NiNiE | | | jérome1487 | | | GrosBébé | | | K1ks | | | Laddy | | | bibou0007 | | | gilbert03 | | | Moloch | | | arctarus | | | m3ri3m | |
|
| Sondage | | | comment avez vous connu le forum ? | | clic sur un lien sur un forum de sécurité ? | | 20% | [ 7 ] | | conseil d'un proche ? | | 29% | [ 10 ] | | Un moteur de recherche ? | | 26% | [ 9 ] | | autre site ? | | 23% | [ 8 ] | | Freewares & Tutos | | 0% | [ 0 ] |
| | Total des votes : 34 |
|
| | Problème spyware & "scarabés" |    |
| |
| Auteur | Message |
|---|
Didette
Bibouactif
  
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
 |  Sujet: Problème spyware & "scarabés"  Jeu 19 Juin - 15:33 | |
| Bonjour,
Voilà, je vous explique mon problème.
J'ai eu un gros problème sur mon pc (impossible de lancer un programme) et un de mes amis à tout désinstaller. Malheureusement, je n'ai plus mon CD original et donc j'ai une copie de XP PRO et à ce jour, je ne peux plus rien faire. J'ai un message sur le bureau qui me dit que mon PC est infecté (sur fond bleu). De plus, il y a des ''scarabés'' qui apparaissent de temps en temps.
Que dois-je faire ??? Merci pour votre aide.
Didette |
|  | | bibou0007
Super admin
Inscrit le : 07 Déc 2007
Messages : 2292
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 15:41 | |
| Bonjour ;
Télécharge HijackThis v2.0.2 de trend secure
lien et tuto ici
suis les indications et poste le rapport dans ton prochain message.
PS je revient dans la soirée ou un collègue prendra le relais
_________________
Il est plus simple d'infecter votre pc que de le désinfecter,pensez y. Ne pas cliquer ici
 |
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 18:44 | |
| ci-dessous, rapport. Et encore merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:28, on 19/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Documents and Settings\Alain\ie_updates3r.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\beah684.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\System32\ctfmona.exe
C:\WINDOWS\System32\msdefender.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AXPFixer\AXPFixer.exe
C:\WINDOWS\System32\braviax.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\beah684.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Alain\cftmon.exe
O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\wind32.exe
O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\System32\maxpaynowti1.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [msdefender.exe] C:\WINDOWS\System32\msdefender.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Alain\svchost.exe
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\System32\aliceeadsl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Alain\cftmon.exe
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\System32\aliceeadsl.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Alain\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\System32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'Default user')
O4 - Startup: userinit.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C8958C9-B86C-41D3-8C09-A4B0349EED74}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB664334-81F0-4925-A0FC-E2D44BEBFD3B}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0913EBB-EE16-4B27-A43B-8AC442698E7F}: NameServer = 85.255.115.30 85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C8958C9-B86C-41D3-8C09-A4B0349EED74}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.182
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C8958C9-B86C-41D3-8C09-A4B0349EED74}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.182
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Alain\ie_updates3r.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 7243 bytes |
| | | | K1ks
Moderateurs (trices)
  
Age : 21
Inscrit le : 11 Déc 2007
Messages : 2421
Localisation : ...
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 18:46 | |
| Affiche les Fichiers cachés de XP >>>Pour afficher les fichiers cachés de XP
Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs
# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
# Double clique sur Combofix.exe et suis les instructions.
| Citation: |
/!\ Laisse le travailler et ne l'interromps surtout pas /!\ |
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse avec un nouveau log Hijackthis.
| Citation: | Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
# N'oublie pas de réactiver tes protections !!!
|
_________________
*******************************************************************
 |
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 19:22 | |
| ci-dessous, rapport
ComboFix 08-06-16.5 - Alain 2008-06-19 19:59:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.76 [GMT 2:00]
Endroit: C:\Documents and Settings\Alain\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alain\~tmp74.exe
C:\Documents and Settings\Alain\Application Data\AXPDefender
C:\Documents and Settings\Alain\cftmon.exe
C:\Documents and Settings\Alain\svchost.exe
C:\Documents and Settings\LocalService\Application Data\AXPDefender
C:\Documents and Settings\LocalService\Application Data\install.dat
C:\Documents and Settings\LocalService\Application Data\microsoft\internet explorer\Desktop.htt
C:\Documents and Settings\LocalService\cftmon.exe
C:\Documents and Settings\LocalService\svchost.exe
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry1.bs
C:\WINDOWS\braviax.exe
C:\WINDOWS\index.html
C:\WINDOWS\services.exe
C:\WINDOWS\system32\13332337341.dll
C:\WINDOWS\system32\adsnd.dll
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\mickey32.sys
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\jwzpqng.sys
C:\WINDOWS\system32\kdabo.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\msdefender.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\Temp\39307726.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GOOGLE_ONLINE_SERVICES
-------\Legacy_mickey32
-------\Legacy_tcpsr
-------\Service_jwzpqng
-------\Service_mickey32
-------\Service_tcpsr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-19 19:41 . 2008-06-19 19:41 d-------- C:\Program Files\Trend Micro
2008-06-19 19:19 . 2008-06-19 19:20 2 --a------ C:\-1408652012
2008-06-19 19:18 . 2008-06-19 19:18 30,208 --a------ C:\WINDOWS\system32\drivers\Brv61.sys
2008-06-19 19:18 . 2008-06-19 19:18 8,704 --a------ C:\xdyytq.exe
2008-06-19 18:45 . 2008-06-19 18:45 d-------- C:\Documents and Settings\Alain\Application Data\AXPFixer
2008-06-19 13:45 . 2008-06-19 13:45 6,144 --a------ C:\WINDOWS\system32\beah684.exe
2008-06-19 13:35 . 2008-06-19 13:38 d-------- C:\Program Files\AXPFixer
2008-06-19 13:34 . 2008-06-19 13:34 2,031,832 --a------ C:\WINDOWS\System321lkdoiuekrewr.bin
2008-06-11 12:14 . 2008-06-11 12:14 0 --a------ C:\WINDOWS\system32\lich.dat
2008-06-11 07:54 . 2008-06-11 07:54 138 --a------ C:\Documents and Settings\Alain\delself.bat
2008-06-11 07:39 . 2008-06-11 07:40 dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-11 07:07 . 2008-06-10 15:33 160,256 --a------ C:\WINDOWS\system32\3A.tmp
2008-06-11 07:02 . 2008-06-11 07:02 22,016 --a------ C:\WINDOWS\system32\beah668.exe
2008-06-10 22:54 . 2008-06-10 22:54 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-10 22:53 . 2008-06-10 22:53 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-10 18:24 . 2008-06-10 22:36 d-------- C:\WINDOWS\BDOSCAN8
2008-06-10 18:21 . 2008-06-10 18:21 d---s---- C:\Documents and Settings\Alain\UserData
2008-06-10 16:16 . 2008-06-10 16:16 29 --a------ C:\WINDOWS\system32\taqegqao.tmp
2008-06-10 16:15 . 2008-06-10 16:15 126,976 --a------ C:\WINDOWS\system32\drivers\Mbx44.sys
2008-06-10 15:33 . 2008-06-19 18:46 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-06-10 15:33 . 2008-06-10 15:33 14,848 --a------ C:\tdaphn.exe
2008-06-10 15:33 . 2008-06-10 15:33 5,120 --a------ C:\vrudnif.exe
2008-06-10 15:32 . 2008-06-19 18:46 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-06-10 15:29 . 2008-06-10 15:29 67,584 --a------ C:\rvaqmf.exe
2008-06-10 15:29 . 2008-06-10 15:30 50,688 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-06-10 15:29 . 2008-06-10 15:29 13,312 --a------ C:\0tuia0.exe
2008-06-10 15:29 . 2008-06-10 15:29 6,144 --a------ C:\WINDOWS\system32\beah707.exe
2008-06-10 15:29 . 2008-06-19 19:47 308 --a------ C:\WINDOWS\system32\ppmkbv.tmp
2008-06-10 15:28 . 2008-06-10 15:28 21,504 --a------ C:\skT.exe
2008-06-10 15:28 . 2008-06-10 15:28 6,144 --a------ C:\nFNZ.exe
2008-06-07 10:15 . 2001-08-23 17:47 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-07 10:15 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-07 10:15 . 2001-08-17 21:53 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-07 10:15 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-01 08:56 . 2008-06-01 08:56 d-------- C:\WINDOWS\LogFiles
2008-05-25 10:49 . 2008-05-25 10:49 60 --a------ C:\WINDOWS\wininit.ini
2008-05-24 17:16 . 2008-06-09 10:03 d-------- C:\Documents and Settings\Alain\Application Data\LimeWire
2008-05-24 17:15 . 2008-05-24 17:15 d-------- C:\Program Files\LimeWire
2008-05-24 17:04 . 2008-06-19 12:29 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-24 17:04 . 2008-05-24 17:04 d-------- C:\Documents and Settings\Alain\Application Data\Thunderbird
2008-05-24 17:04 . 2008-05-24 17:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-24 17:00 . 2008-06-19 11:56 d-------- C:\Program Files\FoxTarot4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 09:29 22,016 ----a-w C:\userinit.exe
2008-05-24 13:59 --------- d-----w C:\Program Files\Alwil Software
2008-05-24 13:57 --------- d-----w C:\Program Files\MSN Messenger
2008-05-24 13:56 --------- d-----w C:\Program Files\Lexmark 510 Series
2008-05-24 13:50 --------- d-----w C:\Program Files\VideoLAN
2008-05-24 13:50 --------- d-----w C:\Documents and Settings\Alain\Application Data\vlc
2008-05-24 13:48 --------- d-----w C:\Program Files\Java
2008-05-24 13:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-24 13:44 --------- d-----w C:\Program Files\Services en ligne
2008-05-24 13:29 --------- d-----w C:\Program Files\ZTE Corporation
2008-05-24 13:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 13:14 --------- d-----w C:\Program Files\ATI Technologies
2008-05-24 13:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-24 13:13 --------- d-----w C:\Program Files\7-Zip
2008-05-24 13:05 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05 6856704]
"aliceeadsl"="C:\WINDOWS\System32\aliceeadsl.exe" [2008-06-10 15:30 50688]
"[system]"="C:\WINDOWS\system32\drivers\services.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05 344064]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\System32\aliceeadsl.exe" [2008-06-10 15:30 50688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"winlogon"="C:\Documents and Settings\LocalService\svchost.exe" [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\brv61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
R0 brv61;brv61;C:\WINDOWS\System32\Drivers\Brv61.sys [2008-06-19 19:18]
R0 mbx44;mbx44;C:\WINDOWS\System32\drivers\mbx44.sys [2008-06-10 16:15]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\System32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\System32\drivers\stac97nh.sys [2002-09-20 18:43]
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4B4C8D3-87AC-3E5A-738A-C154F40D8901}]
C:\WINDOWS\System32\aliceeadsl.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:04:52
Windows 5.1.2600 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 20:07:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 18:07:28
Pre-Run: 13,206,085,632 octets libres
Post-Run: 13,205,807,104 octets libres
177
Pour info, je n'avais par réussi à désactiver mon antivirus lorsque j'ai lancé combofix. Maintenant c'est fait alors dites moi si je dois lancer un nouveau combofix |
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 19:24 | |
| nouveau rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:48, on 19/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\System32\aliceeadsl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\System32\aliceeadsl.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKUS\S-1-5-18\..\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C8958C9-B86C-41D3-8C09-A4B0349EED74}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB664334-81F0-4925-A0FC-E2D44BEBFD3B}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C8958C9-B86C-41D3-8C09-A4B0349EED74}: NameServer = 85.255.115.30,85.255.112.182
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C8958C9-B86C-41D3-8C09-A4B0349EED74}: NameServer = 85.255.115.30,85.255.112.182
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 4889 bytes |
| | | | K1ks
Moderateurs (trices)
Age : 21
Inscrit le : 11 Déc 2007
Messages : 2421
Localisation : ...
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 19:50 | |
| Sélectionne tout le texte dans le cadre ci-dessous et copie-colle le dans le bloc-notes:
# Sauvegarde ce fichier sous le nom de CFScript.txt sur ton bureau.
# Fais un glisser/déposer de l'icone de ce fichier CFScript sur l'icone de ComboFix comme sur la capture:
# Ne fenêtre bleue va apparaître
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu dans ta prochaine réponse.
# Si le fichier ne s'ouvre pas, il se trouve ici >>> C:\ComboFix.txt
_________________
*******************************************************************
|
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 20:27 | |
| ComboFix 08-06-16.5 - Alain 2008-06-19 21:12:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.90 [GMT 2:00]
Endroit: C:\Documents and Settings\Alain\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alain\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-1408652012\
C:\Documents and Settings\Alain\delself.bat\
C:\nFNZ.exe\
C:\rvaqmf.exe\
C:\tdaphn.exe\
C:\vrudnif.exe\
C:\WINDOWS\System32\aliceeadsl.exe\
C:\WINDOWS\system32\beah668.exe\
C:\WINDOWS\system32\beah684.exe\
C:\WINDOWS\system32\beah707.exe\
C:\WINDOWS\system32\blackster.scr\
C:\WINDOWS\system32\ctfmonb.bmp\
C:\WINDOWS\system32\drivers\Brv61.sys\
C:\WINDOWS\system32\drivers\Mbx44.sys\
C:\WINDOWS\system32\lich.dat\
C:\WINDOWS\system32\ppmkbv.tmp\
C:\WINDOWS\System321lkdoiuekrewr.bin\
C:\xdyytq.exe\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_mbx44
-------\Legacy_TCPSR
-------\Service_mbx44
-------\Service_tcpsr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-19 19:41 . 2008-06-19 19:41 d-------- C:\Program Files\Trend Micro
2008-06-19 19:19 . 2008-06-19 19:20 2 --a------ C:\-1408652012
2008-06-19 19:18 . 2008-06-19 19:18 30,208 --a------ C:\WINDOWS\system32\drivers\Brv61.sys
2008-06-19 19:18 . 2008-06-19 19:18 8,704 --a------ C:\xdyytq.exe
2008-06-19 18:45 . 2008-06-19 18:45 d-------- C:\Documents and Settings\Alain\Application Data\AXPFixer
2008-06-19 13:45 . 2008-06-19 13:45 6,144 --a------ C:\WINDOWS\system32\beah684.exe
2008-06-19 13:35 . 2008-06-19 20:06 d-------- C:\Program Files\AXPFixer
2008-06-19 13:34 . 2008-06-19 13:34 2,031,832 --a------ C:\WINDOWS\System321lkdoiuekrewr.bin
2008-06-11 12:14 . 2008-06-11 12:14 0 --a------ C:\WINDOWS\system32\lich.dat
2008-06-11 07:54 . 2008-06-11 07:54 138 --a------ C:\Documents and Settings\Alain\delself.bat
2008-06-11 07:39 . 2008-06-11 07:40 dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-11 07:07 . 2008-06-10 15:33 160,256 --a------ C:\WINDOWS\system32\3A.tmp
2008-06-11 07:02 . 2008-06-11 07:02 22,016 --a------ C:\WINDOWS\system32\beah668.exe
2008-06-10 22:54 . 2008-06-10 22:54 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-10 22:53 . 2008-06-10 22:53 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-10 18:24 . 2008-06-10 22:36 d-------- C:\WINDOWS\BDOSCAN8
2008-06-10 18:21 . 2008-06-10 18:21 d---s---- C:\Documents and Settings\Alain\UserData
2008-06-10 16:16 . 2008-06-10 16:16 29 --a------ C:\WINDOWS\system32\taqegqao.tmp
2008-06-10 16:15 . 2008-06-10 16:15 126,976 --a------ C:\WINDOWS\system32\drivers\Mbx44.sys
2008-06-10 15:33 . 2008-06-19 18:46 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-06-10 15:33 . 2008-06-10 15:33 14,848 --a------ C:\tdaphn.exe
2008-06-10 15:33 . 2008-06-10 15:33 5,120 --a------ C:\vrudnif.exe
2008-06-10 15:32 . 2008-06-19 18:46 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-06-10 15:29 . 2008-06-10 15:29 67,584 --a------ C:\rvaqmf.exe
2008-06-10 15:29 . 2008-06-10 15:30 50,688 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-06-10 15:29 . 2008-06-10 15:29 13,312 --a------ C:\0tuia0.exe
2008-06-10 15:29 . 2008-06-10 15:29 6,144 --a------ C:\WINDOWS\system32\beah707.exe
2008-06-10 15:29 . 2008-06-19 19:47 308 --a------ C:\WINDOWS\system32\ppmkbv.tmp
2008-06-10 15:28 . 2008-06-10 15:28 21,504 --a------ C:\skT.exe
2008-06-10 15:28 . 2008-06-10 15:28 6,144 --a------ C:\nFNZ.exe
2008-06-07 10:15 . 2001-08-23 17:47 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-07 10:15 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-07 10:15 . 2001-08-17 21:53 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-07 10:15 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-01 08:56 . 2008-06-01 08:56 d-------- C:\WINDOWS\LogFiles
2008-05-25 10:49 . 2008-05-25 10:49 60 --a------ C:\WINDOWS\wininit.ini
2008-05-24 17:16 . 2008-06-09 10:03 d-------- C:\Documents and Settings\Alain\Application Data\LimeWire
2008-05-24 17:15 . 2008-05-24 17:15 d-------- C:\Program Files\LimeWire
2008-05-24 17:04 . 2008-06-19 12:29 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-24 17:04 . 2008-05-24 17:04 d-------- C:\Documents and Settings\Alain\Application Data\Thunderbird
2008-05-24 17:04 . 2008-05-24 17:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-24 17:00 . 2008-06-19 11:56 d-------- C:\Program Files\FoxTarot4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 09:29 22,016 ----a-w C:\userinit.exe
2008-05-24 13:59 --------- d-----w C:\Program Files\Alwil Software
2008-05-24 13:56 --------- d-----w C:\Program Files\Lexmark 510 Series
2008-05-24 13:50 --------- d-----w C:\Program Files\VideoLAN
2008-05-24 13:50 --------- d-----w C:\Documents and Settings\Alain\Application Data\vlc
2008-05-24 13:48 --------- d-----w C:\Program Files\Java
2008-05-24 13:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-24 13:44 --------- d-----w C:\Program Files\Services en ligne
2008-05-24 13:29 --------- d-----w C:\Program Files\ZTE Corporation
2008-05-24 13:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 13:14 --------- d-----w C:\Program Files\ATI Technologies
2008-05-24 13:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-24 13:13 --------- d-----w C:\Program Files\7-Zip
2008-05-24 13:05 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-06-19_20.06.55.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 18:03:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 19:16:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-19 17:23:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-19 18:09:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-19 17:20:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-19 18:57:15 163,840 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-06-19 17:21:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061920080620\index.dat
+ 2008-06-19 18:57:32 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061920080620\index.dat
- 2008-06-19 17:23:53 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-19 18:56:32 360,448 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-24 13:44:22 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-19 18:10:22 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-24 13:44:22 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-19 18:10:22 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-24 13:44:22 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-19 18:10:22 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-24 13:44:22 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-19 18:10:22 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-19 19:16:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_46c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"aliceeadsl"="C:\WINDOWS\System32\aliceeadsl.exe" [2008-06-10 15:30 50688]
"[system]"="C:\WINDOWS\system32\drivers\services.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05 344064]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"="C:\WINDOWS\System32\aliceeadsl.exe" [2008-06-10 15:30 50688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"winlogon"="C:\Documents and Settings\LocalService\svchost.exe" [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\brv61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
R0 brv61;brv61;C:\WINDOWS\System32\Drivers\Brv61.sys [2008-06-19 19:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\System32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\System32\drivers\stac97nh.sys [2002-09-20 18:43]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4B4C8D3-87AC-3E5A-738A-C154F40D8901}]
C:\WINDOWS\System32\aliceeadsl.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 21:17:00
Windows 5.1.2600 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 21:19:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 19:19:14
ComboFix2.txt 2008-06-19 18:07:49
Pre-Run: 13,145,952,256 octets libres
Post-Run: 13,139,619,840 octets libres
182 |
| | | | K1ks
Moderateurs (trices)
Age : 21
Inscrit le : 11 Déc 2007
Messages : 2421
Localisation : ...
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 20:56 | |
| Execute alors un scan avec Malwarebyte's Anti-Malware (anti malware recommandé )
==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu
_________________
*******************************************************************
|
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 21:53 | |
| ci dessous, rapport. Par contre je n'ai pas pu le lancer en mode sans echec car dès l'instant que je démarre le pc en mode sans echec il me demande un mot de passe que je ne connais pas (ne me le demandais pas avant)
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 869
22:47:37 19/06/2008
mbam-log-6-19-2008 (22-47-37).txt
Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 45339
Temps écoulé: 6 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 82
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\rvaqmf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\tdaphn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\userinit.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\vrudnif.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Alain\svchost.exe.vir (Worm.Socks) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\LocalService\svchost.exe.vir (Worm.Socks) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jwzpqng.sys.vir (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\msdefender.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\winivstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir (Worm.Socks) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\Temp\39307726.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016486.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016489.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0016498.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0017476.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0017486.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0018491.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0019487.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0020488.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0021489.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0022486.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0023489.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0024489.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0025486.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0025489.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026484.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026501.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026502.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026504.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026506.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0026513.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0027516.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0027517.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0027518.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0027521.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028515.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028516.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028520.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028521.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028522.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028528.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028529.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028530.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028532.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028534.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028550.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028553.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP20\A0028554.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028561.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028565.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028567.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028570.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028572.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028580.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028582.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B77BB94D-CA5E-4162-893B-308ECE7240CE}\RP21\A0028596.exe (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\System321lkdoiuekrewr.bin (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beah668.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beah684.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beah707.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\AXPFixer.exe.local (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\AXPFixerSkin.dll (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\database.dat (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\license.txt (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\MFC71.dll (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\MFC71ENU.DLL (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\msvcp71.dll (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Program Files\AXPFixer\msvcr71.dll (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alain\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully. |
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Jeu 19 Juin - 22:17 | |
| Je vous dis à demain. Et oui, je vais me coucher. Boulot oblige
Bonne nuit et encore merci pour tout le boulot que vous faîtes.
@ + |
| | | | Didette
Bibouactif
Age : 41
Inscrit le : 19 Juin 2008
Messages : 88
Localisation : VOSGES
| | Sujet: Re: Problème spyware & "scarabés" Ven 20 Juin - 9:40 | |
| Bonjour à tous,
Nous avons allumé l'ordi ce matin et à priori, il n'y a plus le message sur le bureau comme quoi mon pc est infecté. Par contre, Avast signale encore des |
|
|
