TratBHO [Trj]

FORUM Tom's Hardware » Le monde de Windows » Sécurité » TratBHO [Trj]

TratBHO [Trj]

88 utilisateurs inconnus

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : TratBHO [Trj]

loic62

Plus d'informations

14-04-2008 à 10:36:17

Bonjour a tous,

Depuis quelques temps, avast me met un message disant que mon pc est infecté par un trojan :TratBHO. C'est a chaque fois un fichier dll qui est concerné. J'ai beau faire "supprimer" ou "mettre en quarentaine", le message revient souvent. Comment m'en debarrasser ?

Merci.

Angeldark

Profil : Helper

Plus d'informations

14-04-2008 à 22:01:59

Masquer

| 0

Bonjour,

Quel emplacement ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

---------------
Prévention & Protection|Les logiciels gratuits

loic62

Plus d'informations

14-04-2008 à 22:48:10

Masquer

| 0

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:38, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BMd757d4c1] Rundll32.exe "C:\WINDOWS\system32\jcaxtxuv.dll",s
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\ooropaes.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5205 bytes

Angeldark

Profil : Helper

Plus d'informations

15-04-2008 à 15:27:15

Masquer

| 0

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

---------------
Prévention & Protection|Les logiciels gratuits

loic62

Plus d'informations

17-04-2008 à 10:36:04

Masquer

| 0

Voici le rapport de Combofix :

* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\msnimport.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\buarpliw.dll
C:\WINDOWS\system32\cdbgblfy.ini
C:\WINDOWS\system32\cxgvaxjy.ini
C:\WINDOWS\system32\djrhygim.ini
C:\WINDOWS\system32\dqfhdhkt.ini
C:\WINDOWS\system32\ecbnxvox.ini
C:\WINDOWS\system32\gjvvurkg.dll
C:\WINDOWS\system32\gkdeixym.ini
C:\WINDOWS\system32\hQAIOqss.ini
C:\WINDOWS\system32\hQAIOqss.ini2
C:\WINDOWS\system32\iykogntx.ini
C:\WINDOWS\system32\jcaxtxuv.dll
C:\WINDOWS\system32\JmUEOqss.ini
C:\WINDOWS\system32\JmUEOqss.ini2
C:\WINDOWS\system32\jqpfncxq.ini
C:\WINDOWS\system32\kghtyvnd.ini
C:\WINDOWS\system32\kxrhmgba.dll
C:\WINDOWS\system32\kynlfvng.ini
C:\WINDOWS\system32\levltkit.ini
C:\WINDOWS\system32\ljjgheb.dll
C:\WINDOWS\system32\magfuevp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwnuhymx.dll
C:\WINDOWS\system32\myxiedkg.dll
C:\WINDOWS\system32\ogcqrptx.dll
C:\WINDOWS\system32\Onoonnpo.ini
C:\WINDOWS\system32\Onoonnpo.ini2
C:\WINDOWS\system32\powiogtx.ini
C:\WINDOWS\system32\seaporoo.ini
C:\WINDOWS\system32\sqcfehfw.dll
C:\WINDOWS\system32\ssmrypnp.ini
C:\WINDOWS\system32\sybhrlun.dll
C:\WINDOWS\system32\tixrdlpw.ini
C:\WINDOWS\system32\tuvvtrs.dll
C:\WINDOWS\system32\udrmhnep.ini
C:\WINDOWS\system32\uywqrntg.dll
C:\WINDOWS\system32\vpejysls.dll
C:\WINDOWS\system32\vrejhkrg.dll
C:\WINDOWS\system32\wbjqmeaq.ini
C:\WINDOWS\system32\wobpqadp.dll
C:\WINDOWS\system32\xfavhxqf.dll
C:\WINDOWS\system32\xhaechne.ini
C:\WINDOWS\system32\xijhmcve.ini
C:\WINDOWS\system32\xtgoiwop.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\yirdyues.dll
C:\WINDOWS\system32\ynpgiuyl.dll
C:\WINDOWS\system32\yskvnsal.ini
C:\WINDOWS\system32\ysyvxbwo.ini
C:\WINDOWS\system32\yttiwfht.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))
.

2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:58 . 2008-04-15 12:58 <REP> d-------- C:\Program Files\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-31 07:49 . 2008-03-31 07:49 315,664 --------- C:\WINDOWS\system32\mlJBUOfD.dll
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 13:53 . 2008-03-28 13:53 315,568 --a------ C:\WINDOWS\system32\opnnoonO.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 04:35 --------- d-----w C:\Program Files\eMule
2008-04-17 00:53 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7765CA7-D33D-4A6A-8A17-564BCC3B415C}]
2008-03-28 13:53 315568 --a------ C:\WINDOWS\system32\opnnoonO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-17 10:28 3055104]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnnoonO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 12:00:00 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
- c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 10:27:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-17 10:30:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 22:29:58

Pre-Run: 12,904,787,968 octets libres
Post-Run: 13,539,024,896 octets libres
.
2008-04-17 12:20:18 --- E O F ---

Angeldark

Profil : Helper

Plus d'informations

17-04-2008 à 19:33:07

Masquer

| 0

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

---------------
Prévention & Protection|Les logiciels gratuits

loic62

Plus d'informations

21-04-2008 à 11:04:07

Masquer

| 0

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 663

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 72932
Temps écoulé: 52 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\stuffplug3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd757d4c1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnoonO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Onoonnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Onoonnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqckthta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\athtkcqt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gjvvurkg.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kxrhmgba.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\magfuevp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\myxiedkg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014281.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014348.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014386.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014882.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015604.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025271.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025272.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025273.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP135\A0025479.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmwdlejb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\SP3.5.590.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\StuffPlug3\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bobtmoaj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBUOfD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\CASINO01.INI (Malware.Trace) -> Quarantined and deleted successfully.

Angeldark

Profil : Helper

Plus d'informations

21-04-2008 à 16:40:25

Masquer

| 0

Reposte un rapport Hijackthis.

---------------
Prévention & Protection|Les logiciels gratuits

loic62

Plus d'informations

21-04-2008 à 17:04:07

Masquer

| 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:51, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C8DBDC2-2027-46E2-894C-2267B18004A4} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: {9a0a0945-dfb5-2a4b-3474-af6a05ca80fd} - {df08ac50-a6fa-4743-b4a2-5bfd5490a0a9} - C:\WINDOWS\system32\mowekaif.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\tqckthta.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: iiffedd - iiffedd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6052 bytes

Angeldark

Profil : Helper

Plus d'informations

21-04-2008 à 18:36:17

Masquer

| 0

Refais un scan Combofix

---------------
Prévention & Protection|Les logiciels gratuits

loic62

Plus d'informations

22-04-2008 à 11:05:35

Masquer

| 0

ComboFix 08-04-20.5 - Neyrat 2008-04-22 10:57:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.555 [GMT -12:00]
Endroit: E:\Loic\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\celdeaht.ini
C:\WINDOWS\system32\cqhgnavi.dll
C:\WINDOWS\system32\dxqvatfo.ini
C:\WINDOWS\system32\gdjkgywm.dll
C:\WINDOWS\system32\ggtjhsfa.ini
C:\WINDOWS\system32\hqtelocf.ini
C:\WINDOWS\system32\kshqaxyt.ini
C:\WINDOWS\system32\lievwkwu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mowekaif.dll
C:\WINDOWS\system32\rgbkijdy.ini
C:\WINDOWS\system32\uckaqfqy.dll
C:\WINDOWS\system32\udsejhgy.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 13:12 . 2008-04-21 07:53 2,707,566 ---hs---- C:\WINDOWS\system32\wfvvlpgj.ini
2008-04-18 13:10 . 2008-04-19 13:11 1,540,433 ---hs---- C:\WINDOWS\system32\iqcaxucl.ini
2008-04-17 10:33 . 2008-04-18 10:33 1,529,513 ---hs---- C:\WINDOWS\system32\bfsgkpju.ini
2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 09:05 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-22 08:00 --------- d-----w C:\Program Files\eMule
2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-01-26 15:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_10.29.50.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 22:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 22:59:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-22 11:01 3205120]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"d464e75d"="C:\WINDOWS\system32\tqckthta.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 23:00:02 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
- c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 11:00:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 11:01:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 23:01:50
ComboFix2.txt 2008-04-17 22:30:02

Pre-Run: 14,410,051,584 octets libres
Post-Run: 14,390,611,968 octets libres

211 --- E O F --- 2008-04-17 12:20:18

Angeldark

Profil : Helper

Plus d'informations

22-04-2008 à 15:08:01

Masquer

| 0

Re,

Télécharge Lop S&D.exe sur ton Bureau.

Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Message édité par Angeldark le 22-04-2008 à 15:58:01

---------------
Prévention & Protection|Les logiciels gratuits

loic62

Plus d'informations

22-04-2008 à 15:19:27

Masquer