Gros problème infecté par plusieur virus et trojan

Logiciel & apps Logiciel Général
41

Bon l’orsque je démarais combofix, conterspy détectais ceci
A potentially dangerous program, Trojan-Downloader.Win32.Agent.aww (swxcacls.cfexe), is being started

Full path: c:\windows\system32\cmd.exe
File Size: 400896
MD5: DC1742629C03A1AD3F1E4165742958F6
Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description: Interpréteur de commandes Windows
Product Name: Système d’exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
Company: Microsoft Corporation
Copyright: © Microsoft Corporation. Tous droits réservés.
Full path: c:\327882r2fwjfw\swxcacls.cfexe
File Size: 212480
MD5: B1A9CF0B6F80611D31987C247EC630B4
Version: 1.0.1.1
Description: Freeware implementation of XCACLS
Product Name: SteelWerX Extended Configurator ACLists
Product Version: 1.0.1.1
Company: SteelWerX
Copyright: Copyright © Frank Staal 1999-2006

A program not recognized by CounterSpy, Handle viewer(handle.cfexe), is changing a system startup location in the Registry, which could allow the program or one of its components to start automatically with Windows.

Would you like to quarantine ‘Handle viewer(handle.cfexe)’?

Alors je n’ai rien fait j’ai attendu que sa finisse et alors la j’ai désactivé conter spy et j’ai refait combofix avec le fichier que tu ma dit
et voici le log:

ComboFix 08-07-20.A0 - dan 2008-07-21 15:07:01.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1063 [GMT -4:00]
Endroit: C:\Documents and Settings\dan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\dan\Bureau\CFScript.txt

  • Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\Program Files\windows.genuine.advantage.patch.exe
C:\WINDOWS\system32\tmp287.tmp
C:\WINDOWS\system32\tmp288.tmp
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))))))
.

2008-07-20 12:54 . 2008-07-20 21:10 d-------- C:\Documents and Settings\dan\Application Data\HouseCall 6.6
2008-07-18 15:16 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-17 18:32 . 2008-07-17 18:32 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-17 18:32 . 2008-07-17 18:32 d-------- C:\Documents and Settings\dan\Application Data\Malwarebytes
2008-07-17 18:32 . 2008-07-17 18:32 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 18:32 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-17 18:32 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 13:51 . 2008-07-17 13:51 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-17 13:47 . 2008-07-17 13:47 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-17 13:47 . 2007-07-19 22:42 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-17 13:47 . 2007-07-19 22:42 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-17 13:47 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-07-17 13:46 . 2008-07-17 13:46 d-------- C:\Program Files\Webroot
2008-07-17 13:46 . 2008-07-17 13:46 d-------- C:\Documents and Settings\dan\Application Data\Webroot
2008-07-17 13:46 . 2008-07-17 13:46 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-17 13:46 . 2007-07-19 22:54 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2008-07-17 13:34 . 2008-07-17 13:34 d-------- C:\Program Files\iPod
2008-07-17 13:33 . 2008-07-17 13:34 d-------- C:\Program Files\iTunes
2008-07-17 13:31 . 2008-07-17 13:32 d-------- C:\Program Files\QuickTime
2008-07-16 23:53 . 2007-07-19 22:42 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-16 23:53 . 2007-01-25 21:57 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-07-16 21:42 . 2008-07-16 21:42 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-16 21:42 . 2008-07-16 21:42 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-16 21:22 . 2008-07-16 21:22 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-07-16 21:19 . 2008-07-16 21:19 d-------- C:\Documents and Settings\dan\Application Data\Sunbelt Software
2008-07-16 21:19 . 2008-07-16 21:19 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-07-16 21:16 . 2008-07-16 21:16 d-------- C:\Program Files\Sunbelt Software
2008-07-16 18:10 . 2008-07-16 18:10 d-------- C:\Program Files\Trend Micro
2008-07-16 16:59 . 2001-08-17 21:28 794,654 --a–c— C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-16 16:58 . 2004-08-03 22:41 404,990 --a–c— C:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-16 16:57 . 2001-08-23 17:18 899,914 --a–c— C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-16 16:56 . 2004-08-04 00:54 1,737,856 --a–c— C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-07-16 16:55 . 2001-09-28 08:00 1,875,968 --a–c— C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-16 16:54 . 2001-09-28 08:00 13,463,552 --a–c— C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-16 16:53 . 2001-08-23 17:46 1,733,120 --a–c— C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-16 16:52 . 2001-09-28 08:00 1,677,824 --a–c— C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-16 16:51 . 2004-08-04 00:54 1,888,992 --a–c— C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-07-16 16:50 . 2001-08-17 21:28 762,780 --a–c— C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-07-16 16:49 . 2001-08-23 17:46 66,048 --a–c— C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-16 13:27 . 2008-07-16 14:52 d-------- C:\GTR2
2008-07-14 22:38 . 2008-07-16 23:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 22:38 . 2008-07-14 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 15:28 . 2008-07-14 15:28 d-------- C:\Documents and Settings\dan\Application Data\Ubisoft
2008-07-14 15:22 . 2008-07-14 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-14 01:05 . 2008-07-14 01:06 d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-07-14 01:03 . 2008-07-14 01:03 d-------- C:\Program Files\OpenAL
2008-07-09 23:25 . 2008-07-09 23:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-09 10:13 . 2008-07-09 10:13 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-09 10:10 . 2008-07-16 21:06 d-------- C:\Program Files\SlySoft
2008-07-09 10:10 . 2008-07-09 10:10 24 —hs---- C:\WINDOWS\SD2543AF1.tmp
2008-07-08 10:38 . 2008-07-16 21:30 32,549 --a------ C:\WINDOWS\king-uninstall.exe
2008-07-07 22:59 . 2008-07-07 22:59 d-------- C:\Program Files\APDemo
2008-07-07 17:25 . 2008-07-07 17:35 d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-07-07 17:18 . 2008-07-07 17:18 dr-h----- C:\Documents and Settings\dan\Application Data\SecuROM
2008-07-07 17:18 . 2008-07-07 17:18 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 11:04 . 2008-07-07 15:09 d-------- C:\Documents and Settings\dan\Application Data\DivX
2008-07-04 07:12 . 2008-07-04 07:12 316,672 --a------ C:\WINDOWS\KingComIE.dll
2008-06-28 23:11 . 2008-06-28 23:11 dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-28 23:03 . 2008-07-17 22:29 d-------- C:\Program Files\WinClamAVShield
2008-06-28 23:02 . 2008-07-16 12:21 d-------- C:\Documents and Settings\dan\Application Data\Spyware Terminator
2008-06-28 23:02 . 2008-07-17 22:03 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-28 23:02 . 2008-06-28 23:02 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-26 13:52 . 2008-06-26 13:52 d-------- C:\Program Files\CCleaner
2008-06-25 23:01 . 2008-06-25 23:01 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-25 22:53 . 2008-07-17 22:27 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 18:10 . 2008-07-17 22:21 d-------- C:\Program Files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 12:14 --------- d-----w C:\Program Files\eMule
2008-07-19 20:41 --------- d-----w C:\Documents and Settings\dan\Application Data\Vso
2008-07-17 23:39 --------- d-----w C:\Documents and Settings\dan\Application Data\Apple Computer
2008-07-14 19:08 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-14 05:03 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-14 05:03 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-07 15:04 --------- d-----w C:\Program Files\DivX
2008-06-26 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 01:44 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-19 01:40 --------- d-----w C:\Documents and Settings\dan\Application Data\SUPERAntiSpyware.com
2008-06-19 01:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-16 16:14 --------- d-----w C:\Program Files\VSO
2008-06-14 20:59 --------- d-----w C:\Program Files\ASGvis
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 03:32 --------- d-----w C:\Documents and Settings\dan\Application Data\Abvent_Artlantis2
2008-06-14 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Abvent
2008-06-14 01:31 --------- d-----w C:\Documents and Settings\dan\Application Data\Abvent
2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-11 00:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-06-11 00:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-06-11 00:03 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-06-11 00:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-06-11 00:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-06-11 00:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-06-11 00:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-06-11 00:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-06-11 00:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-06-11 00:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-06-10 16:34 --------- d-----w C:\Documents and Settings\dan\Application Data\Ahead
2008-06-10 14:55 --------- d-----w C:\Program Files\Microsoft Works
2008-06-09 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-04 00:26 --------- d-----w C:\Documents and Settings\dan\Application Data\Image Zone Express
2008-06-01 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 17:18 --------- d-----w C:\Program Files\Lavalys
2008-05-27 11:52 --------- d-----w C:\Program Files\Java
2008-05-24 23:20 --------- d-----w C:\Documents and Settings\dan\Application Data\Grisoft
2008-05-23 22:54 --------- d-----w C:\Documents and Settings\dan\Application Data\QA International
2008-05-23 22:52 --------- d-----w C:\Program Files\QA International
2008-05-23 22:27 --------- d-----w C:\Program Files\Druide
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-21 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\tpfmon
2008-05-21 17:41 --------- d-----w C:\Program Files\Avanquest update
2008-05-21 17:41 --------- d-----w C:\Documents and Settings\dan\Application Data\InstallShield
2008-05-21 17:35 24,192 ----a-w C:\Documents and Settings\dan\usbsermptxp.sys
2008-05-21 17:35 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-05-21 17:35 22,768 ----a-w C:\Documents and Settings\dan\usbsermpt.sys
2008-05-21 17:35 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-05-21 02:05 0 —ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-21 02:05 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-05-21 02:02 92,064 ----a-w C:\Documents and Settings\dan\mqdmmdm.sys
2008-05-21 02:02 9,232 ----a-w C:\Documents and Settings\dan\mqdmmdfl.sys
2008-05-21 02:02 79,328 ----a-w C:\Documents and Settings\dan\mqdmserd.sys
2008-05-21 02:02 66,656 ----a-w C:\Documents and Settings\dan\mqdmbus.sys
2008-05-21 02:02 6,208 ----a-w C:\Documents and Settings\dan\mqdmcmnt.sys
2008-05-21 02:02 5,936 ----a-w C:\Documents and Settings\dan\mqdmwhnt.sys
2008-05-21 02:02 4,048 ----a-w C:\Documents and Settings\dan\mqdmcr.sys
2008-05-21 02:02 --------- d-----w C:\Program Files\Fichiers communs\Motorola Shared
2008-05-07 17:43 47,360 ----a-w C:\Documents and Settings\dan\Application Data\pcouffin.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 22:43 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-21_14.36.49.21 )))))))))))))))))))))))))))))))))))))))))
.

  • 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
  • 2008-07-21 18:51:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 11:34 5724184]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2002-12-31 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HPLJ Config”=“C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe” [2003-03-31 18:32 28672]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“StatusClient”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe” [2002-12-16 16:51 36864]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-05-14 13:41 81920]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-05-14 13:41 3784704]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-06-06 11:45 155648]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-06-06 11:41 118784]
“Adobe Acrobat Speed Launcher”=“C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe” [2007-05-11 02:59 46200]
“Acrobat Assistant 8.0”=“C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2008-01-11 19:54 623992]
“SBCSTray”=“C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe” [2007-12-21 15:30 698864]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-05-27 10:50 413696]
“TomcatStartup”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [2003-03-31 19:28 155648]
“SpySweeper”=“C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” [2007-07-19 22:54 5361464]
“SoundMan”=“SOUNDMAN.EXE” [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
“nwiz”=“nwiz.exe” [2004-05-14 13:41 831488 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2002-12-31 08:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.VP40”= vp4vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]
–a------ 2008-05-10 14:09 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
–a------ 2008-07-10 09:47 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 12:51 25088 C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
–a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
–a------ 2008-06-28 23:02 1817600 C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
–a------ 2008-06-18 21:44 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Google\Google SketchUp 6\SketchUp.exe”=
“C:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe”=
“C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
“C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe”=
“C:\Program Files\Autodesk\3dsMax8\3dsmax.exe”=
“C:\WINDOWS\system32\fxsclnt.exe”=
“C:\Program Files\eMule\eMule0.49a\emule.exe”=
“C:\Program Files\iTunes\iTunes.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“135:TCP”= 135:TCP:Port DCOM (135)
“2528:TCP”= 2528:TCP:messenger

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-07-16 21:22]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-28 23:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 BvrpKrnl;BvrpKrnl;C:\Program Files\WinFax eXPert\BVRPKrnl.exe []
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-05-19 10:01]

Newly Created Service - SBAPIFS
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’
“2008-07-17 13:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    “2008-07-21 06:01:14 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job”
  • C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
  • C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
  • C:
    .

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-21 15:08:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0

.
Temps d’accomplissement: 2008-07-21 15:08:51
ComboFix-quarantined-files.txt 2008-07-21 19:08:47
ComboFix2.txt 2008-07-21 19:04:40
ComboFix3.txt 2008-07-21 18:37:18

Pre-Run: 258,942,840,832 octets libres
Post-Run: 258,941,517,824 octets libres

287 — E O F — 2008-07-11 05:32:25

42

Pour moi sa a l’air pas mal niveau nettoyage…
Qu’est ce que t’en pense toi vu que c’est toi qui a la machine devant toi
Edité le 21/07/2008 à 21:19

43

Ok merci alors le scan dit quoi lolll que j’ai des problèmes

44

Copie sa dans notepad et nomme le CFScript
Et fait le glisser sur combofix

45

voici le log

ComboFix 08-07-20.A0 - dan 2008-07-21 15:30:29.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.994 [GMT -4:00]
Endroit: C:\Documents and Settings\dan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\dan\Bureau\CFScript.txt

  • Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\SD2543AF1.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SD2543AF1.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))))))
.

2008-07-20 12:54 . 2008-07-20 21:10 d-------- C:\Documents and Settings\dan\Application Data\HouseCall 6.6
2008-07-18 15:16 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-17 18:32 . 2008-07-17 18:32 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-17 18:32 . 2008-07-17 18:32 d-------- C:\Documents and Settings\dan\Application Data\Malwarebytes
2008-07-17 18:32 . 2008-07-17 18:32 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 18:32 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-17 18:32 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 13:51 . 2008-07-17 13:51 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-17 13:47 . 2008-07-17 13:47 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-17 13:47 . 2007-07-19 22:42 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-17 13:47 . 2007-07-19 22:42 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-17 13:47 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-07-17 13:46 . 2008-07-17 13:46 d-------- C:\Program Files\Webroot
2008-07-17 13:46 . 2008-07-17 13:46 d-------- C:\Documents and Settings\dan\Application Data\Webroot
2008-07-17 13:46 . 2008-07-17 13:46 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-17 13:46 . 2007-07-19 22:54 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2008-07-17 13:34 . 2008-07-17 13:34 d-------- C:\Program Files\iPod
2008-07-17 13:33 . 2008-07-17 13:34 d-------- C:\Program Files\iTunes
2008-07-17 13:31 . 2008-07-17 13:32 d-------- C:\Program Files\QuickTime
2008-07-16 23:53 . 2007-07-19 22:42 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-16 23:53 . 2007-01-25 21:57 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-07-16 21:42 . 2008-07-16 21:42 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-16 21:42 . 2008-07-16 21:42 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-16 21:22 . 2008-07-16 21:22 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-07-16 21:19 . 2008-07-16 21:19 d-------- C:\Documents and Settings\dan\Application Data\Sunbelt Software
2008-07-16 21:19 . 2008-07-16 21:19 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-07-16 21:16 . 2008-07-16 21:16 d-------- C:\Program Files\Sunbelt Software
2008-07-16 18:10 . 2008-07-16 18:10 d-------- C:\Program Files\Trend Micro
2008-07-16 16:59 . 2001-08-17 21:28 794,654 --a–c— C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-16 16:58 . 2004-08-03 22:41 404,990 --a–c— C:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-16 16:57 . 2001-08-23 17:18 899,914 --a–c— C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-16 16:56 . 2004-08-04 00:54 1,737,856 --a–c— C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-07-16 16:55 . 2001-09-28 08:00 1,875,968 --a–c— C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-16 16:54 . 2001-09-28 08:00 13,463,552 --a–c— C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-16 16:53 . 2001-08-23 17:46 1,733,120 --a–c— C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-16 16:52 . 2001-09-28 08:00 1,677,824 --a–c— C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-16 16:51 . 2004-08-04 00:54 1,888,992 --a–c— C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-07-16 16:50 . 2001-08-17 21:28 762,780 --a–c— C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-07-16 16:49 . 2001-08-23 17:46 66,048 --a–c— C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-16 13:27 . 2008-07-16 14:52 d-------- C:\GTR2
2008-07-14 22:38 . 2008-07-16 23:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 22:38 . 2008-07-14 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 15:28 . 2008-07-14 15:28 d-------- C:\Documents and Settings\dan\Application Data\Ubisoft
2008-07-14 15:22 . 2008-07-14 15:22 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-14 01:05 . 2008-07-14 01:06 d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-07-14 01:03 . 2008-07-14 01:03 d-------- C:\Program Files\OpenAL
2008-07-09 23:25 . 2008-07-09 23:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-09 10:13 . 2008-07-09 10:13 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-09 10:10 . 2008-07-16 21:06 d-------- C:\Program Files\SlySoft
2008-07-08 10:38 . 2008-07-16 21:30 32,549 --a------ C:\WINDOWS\king-uninstall.exe
2008-07-07 22:59 . 2008-07-07 22:59 d-------- C:\Program Files\APDemo
2008-07-07 17:25 . 2008-07-07 17:35 d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-07-07 17:18 . 2008-07-07 17:18 dr-h----- C:\Documents and Settings\dan\Application Data\SecuROM
2008-07-07 17:18 . 2008-07-07 17:18 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 11:04 . 2008-07-07 15:09 d-------- C:\Documents and Settings\dan\Application Data\DivX
2008-07-04 07:12 . 2008-07-04 07:12 316,672 --a------ C:\WINDOWS\KingComIE.dll
2008-06-28 23:11 . 2008-06-28 23:11 dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-28 23:03 . 2008-07-17 22:29 d-------- C:\Program Files\WinClamAVShield
2008-06-28 23:02 . 2008-07-16 12:21 d-------- C:\Documents and Settings\dan\Application Data\Spyware Terminator
2008-06-28 23:02 . 2008-07-17 22:03 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-28 23:02 . 2008-06-28 23:02 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-26 13:52 . 2008-06-26 13:52 d-------- C:\Program Files\CCleaner
2008-06-25 23:01 . 2008-06-25 23:01 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-25 22:53 . 2008-07-17 22:27 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 18:10 . 2008-07-17 22:21 d-------- C:\Program Files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 12:14 --------- d-----w C:\Program Files\eMule
2008-07-19 20:41 --------- d-----w C:\Documents and Settings\dan\Application Data\Vso
2008-07-17 23:39 --------- d-----w C:\Documents and Settings\dan\Application Data\Apple Computer
2008-07-14 19:08 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-14 05:03 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-14 05:03 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-07 15:04 --------- d-----w C:\Program Files\DivX
2008-06-26 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 01:44 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-19 01:40 --------- d-----w C:\Documents and Settings\dan\Application Data\SUPERAntiSpyware.com
2008-06-19 01:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-16 16:14 --------- d-----w C:\Program Files\VSO
2008-06-14 20:59 --------- d-----w C:\Program Files\ASGvis
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 03:32 --------- d-----w C:\Documents and Settings\dan\Application Data\Abvent_Artlantis2
2008-06-14 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Abvent
2008-06-14 01:31 --------- d-----w C:\Documents and Settings\dan\Application Data\Abvent
2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-11 00:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-06-11 00:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-06-11 00:03 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-06-11 00:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-06-11 00:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-06-11 00:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-06-11 00:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-06-11 00:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-06-11 00:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-06-11 00:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-06-11 00:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-06-10 16:34 --------- d-----w C:\Documents and Settings\dan\Application Data\Ahead
2008-06-10 14:55 --------- d-----w C:\Program Files\Microsoft Works
2008-06-09 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-04 00:26 --------- d-----w C:\Documents and Settings\dan\Application Data\Image Zone Express
2008-06-01 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 17:18 --------- d-----w C:\Program Files\Lavalys
2008-05-27 11:52 --------- d-----w C:\Program Files\Java
2008-05-24 23:20 --------- d-----w C:\Documents and Settings\dan\Application Data\Grisoft
2008-05-23 22:54 --------- d-----w C:\Documents and Settings\dan\Application Data\QA International
2008-05-23 22:52 --------- d-----w C:\Program Files\QA International
2008-05-23 22:27 --------- d-----w C:\Program Files\Druide
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-21 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\tpfmon
2008-05-21 17:41 --------- d-----w C:\Program Files\Avanquest update
2008-05-21 17:41 --------- d-----w C:\Documents and Settings\dan\Application Data\InstallShield
2008-05-21 17:35 24,192 ----a-w C:\Documents and Settings\dan\usbsermptxp.sys
2008-05-21 17:35 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-05-21 17:35 22,768 ----a-w C:\Documents and Settings\dan\usbsermpt.sys
2008-05-21 17:35 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-05-21 02:05 0 —ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-21 02:05 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-05-21 02:02 92,064 ----a-w C:\Documents and Settings\dan\mqdmmdm.sys
2008-05-21 02:02 9,232 ----a-w C:\Documents and Settings\dan\mqdmmdfl.sys
2008-05-21 02:02 79,328 ----a-w C:\Documents and Settings\dan\mqdmserd.sys
2008-05-21 02:02 66,656 ----a-w C:\Documents and Settings\dan\mqdmbus.sys
2008-05-21 02:02 6,208 ----a-w C:\Documents and Settings\dan\mqdmcmnt.sys
2008-05-21 02:02 5,936 ----a-w C:\Documents and Settings\dan\mqdmwhnt.sys
2008-05-21 02:02 4,048 ----a-w C:\Documents and Settings\dan\mqdmcr.sys
2008-05-21 02:02 --------- d-----w C:\Program Files\Fichiers communs\Motorola Shared
2008-05-07 17:43 47,360 ----a-w C:\Documents and Settings\dan\Application Data\pcouffin.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 22:43 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-21_14.36.49.21 )))))))))))))))))))))))))))))))))))))))))
.

  • 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
  • 2008-07-21 18:51:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 11:34 5724184]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2002-12-31 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HPLJ Config”=“C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe” [2003-03-31 18:32 28672]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“StatusClient”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe” [2002-12-16 16:51 36864]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-05-14 13:41 81920]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-05-14 13:41 3784704]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-06-06 11:45 155648]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-06-06 11:41 118784]
“Adobe Acrobat Speed Launcher”=“C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe” [2007-05-11 02:59 46200]
“Acrobat Assistant 8.0”=“C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2008-01-11 19:54 623992]
“SBCSTray”=“C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe” [2007-12-21 15:30 698864]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-05-27 10:50 413696]
“TomcatStartup”=“C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [2003-03-31 19:28 155648]
“SpySweeper”=“C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe” [2007-07-19 22:54 5361464]
“SoundMan”=“SOUNDMAN.EXE” [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
“nwiz”=“nwiz.exe” [2004-05-14 13:41 831488 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2002-12-31 08:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.VP40”= vp4vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]
–a------ 2008-05-10 14:09 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
–a------ 2008-07-10 09:47 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 12:51 25088 C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
–a------ 2007-07-19 22:54 5361464 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
–a------ 2008-06-28 23:02 1817600 C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
–a------ 2008-06-18 21:44 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Google\Google SketchUp 6\SketchUp.exe”=
“C:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe”=
“C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
“C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe”=
“C:\Program Files\Autodesk\3dsMax8\3dsmax.exe”=
“C:\WINDOWS\system32\fxsclnt.exe”=
“C:\Program Files\eMule\eMule0.49a\emule.exe”=
“C:\Program Files\iTunes\iTunes.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“135:TCP”= 135:TCP:Port DCOM (135)
“2528:TCP”= 2528:TCP:messenger

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-07-16 21:22]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-28 23:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 BvrpKrnl;BvrpKrnl;C:\Program Files\WinFax eXPert\BVRPKrnl.exe []
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-05-19 10:01]

Newly Created Service - SBAPIFS
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’
“2008-07-17 13:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    “2008-07-21 06:01:14 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job”
  • C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
  • C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
  • C:
    .

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-21 15:31:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0

.
Temps d’accomplissement: 2008-07-21 15:32:21
ComboFix-quarantined-files.txt 2008-07-21 19:32:18
ComboFix2.txt 2008-07-21 19:08:52
ComboFix3.txt 2008-07-21 19:04:40
ComboFix4.txt 2008-07-21 18:37:18

Pre-Run: 258,915,479,552 octets libres
Post-Run: 258,911,809,536 octets libres

289 — E O F — 2008-07-11 05:32:25

46

Met a jour malwarebytes antimalware et refait un scan complet en suppriment les objet detecter

47

Bonsoir

Comme dis au paravant un bon scan avec Malwarebytes fera l affaire Version 1.22 et je salue en passant le bon travail de guigui14100
Dan_distributeck et Proximodu51
:clap:
:hello:

[/quote]

48

Re bonsoir

vous pouvez aussi pour contrôle aller a

Kaspersky Online Scanner

www.kaspersky.com…

:hello:

[/quote]

49

+1:super:

50

Bon me revoila le scan de malwarebytes donne ceci et j’ai corrigé les problème

Malwarebytes’ Anti-Malware 1.22
Version de la base de données: 976
Windows 5.1.2600 Service Pack 2

16:44:23 2008-07-21
mbam-log-7-21-2008 (16-44-23).txt

Type de recherche: Examen complet (C:|F:|)
Eléments examinés: 141963
Temps écoulé: 33 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
F:\adobe 3d\Keygen\Keygen.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Nouveau dossier\programme\copy to dvd the vso+photo dvd +convert divixto dvd\vso convertxtodvd v2.1.8.193\convertxtodvd. generic.141206 -patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Install (Rogue.Multiple) -> Quarantined and deleted successfully.

après j’ai fait un scan avec conterspy et ma donné ceci

celui ci est dans HKEY_USER s-1-5-21-134024091-789336058-72534543-1003/software/wget

Bifrost
Type Malware
Type Description Malware (“malicious software”) consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Backdoor
Category Description A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user’s knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
Description Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Add. Description Some features of Bifrost: Cam capture, file manager, file search, offline/online keylogger, password list (protected storage, cached passwords, ICQ, CD keys), polymorphic plugin, process list, remote shell, screen capture, system info, and windows list.
Author EvilEyeSoftware.com
Author URL evileyesoftware.com/ees/request.php?10
Release Date
Last updated on Jul 1 2008
File Traces
%DESKTOPDIRECTORY%\ Bifros tv[1].1.1- Chinese version\ Bifrost.exe
%system%\ server.exe
Bifrost Tutorial.exe
Bifrost.exe

et celui la est dans c:/windows/swxcacls.exe

Trojan-Downloader.Win32.Agent.aww
Type Malware
Type Description Malware (“malicious software”) consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan Downloader
Category Description A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim’s PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
Release Date
Last updated on Jul 20 2008
File Traces
%local_settings%\ temp\ 1017.exe
%system%\ NTProStorage.dll
%system%\ reinetinfo.dll
2200.exe
msgsvc32.dll

et veut avoir le scan de spysweeper aussi . Et mon antivirus ,Avast je suis toujours pas capable de le metre en service

51

Re Salut Guigui bon j’ai fait un scan avec Kaspersky Online Scanner et il a détecté 1 virus et je l’ai supprimé , mes je suis toujours pas capable d’ ouvrir le panneau de configuration dison que j’ai réussi une fois et j’ai esseyer d ouvrir le centre de sécurité et ca ne marche pas il me dise ceci :une exeption s’est produite lors de la tentative d’exécution de ‘‘C:/Windows/système32/shell32.dll,control,rundll’‘C:/windows/système32/wscui.cpl’’,centre de sécurité’’

et exuse moi pour les / il sont pas du bon côté mes je ne le trouve plus sur mon clavier

Et jai toujours le même problème de explorer.exe
je crois que j’aurai pas le choix de formaté
Edité le 22/07/2008 à 17:48

52

Salut au cas
Prends ça
www.sophos.com…
essaye
a+

53

j’aimerais remercié tous le monde guigui pour sa patience et cricri58 et Proximodu51 vôtre aide a été tres appréciés mes je crois que je vais formaté cars je suis aboute et en même temps je crois que je vais changé de main board et de carte video , mes après ceci j’aimerais savoir ce qui ce fait de mieux pour avoir une bonne protection comme qu’elle anti virus le qu’elle anti spyware trojan et c’est quoi u anti rootkit.
pour l’instant j’ai avast pro 4.8 , conter spy v2 et bien sur maintenant malwarebites.

Alors je vous remercie tous encore pour votre généreuse

Cordialement
dandistributeck

54

Je suis de la veille ecole
j ai essayer un grand nombre de Logiciel a mon avis et j y reviens

tu investis Kaspersky Internet Security 2009 +malwarebytes a jour version 1.22

ou GRATOS

Pare-feu PS Tools firewall Plus +Avira Antivir +Malwarebytes avenir assuré pour un moment du moins

:hello:

55

Je te remercie bcp cricri58 mes que j’ais fait mes changement je reviendrai vous voir merci bcp encore de vos conseille et une PTITE question c’est quoi un anti rootkit et quant je recois ici un nouveau message peut tont avoir une avertissement par email .Et aurais tu un truc pour réactivé avast en n’attendant que je reformate

merci
Cordailement
dandistributeck
Edité le 22/07/2008 à 23:43

56

Bonjour

Regarde ceci

www.libellules.ch…

:hello:

57

Bonjour

Un Rootkit c est

De la lecture ici et Bonne Journée!
thoms.free.fr…

:hello: