Forum Clubic

System32/services.exe doit s'arreter..1mn

Bonsoir ,

Je pense etre infecté par une cochonnerie car parfois quand j’ouvre Internet Explorer un message s’affiche "…System32/services.exe) me laissant 1 mn avant redemarage.

D’apres l’utilitaire Microsoft"Baseline security analyzer" ,il y a un risque potentiel, ce virus reduirait à néant la sécurité d’Explorer (options d’internet).En attendant de trouver ,je change la date du pc (pour stoper le chrono) et retablie par defaut la sécurité d’explorer…

Ce que j’ai fait:

Restauration systeme bloqué et mode sans echec.
Analyse minutieuse avec Avast 4.8 . Resultat 198 fichiers suspects ,dont 4 Temporaires ,impossible a reparer,mettre en quarantaine ou supprimer.Et en resultat d’Avast 0 infections!

Analyse avec Malwarebytes 0 infections
Analyse avec ad aware 0 infections

j’ai fait un HJT en mode sans echec (le 1er rapport) et l’autre en normal (2e)… Pouvez vous m’aider ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:25, on 02/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
H:\ad aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
H:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - H:\igraal\iGraal.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - H:\Free Download Manager\iefdm2.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - H:\igraal\iGraal.dll
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [SoundMax] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [UnlockerAssistant] “H:\unlocker\UnlockerAssistant.exe”
O4 - HKLM…\Run: [Ad-Watch] H:\ad aware\Ad-Watch2007.exe
O4 - HKLM…\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Fraps] H:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: tout télécharger avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dlall.htm
O8 - Extra context menu item: télécharger avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dllink.htm
O8 - Extra context menu item: télécharger la sélection avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dlselected.htm
O8 - Extra context menu item: télécharger la vidéo avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dlfvideo.htm
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - H:\igraal\iGraal.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - express.foto.com…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [b?1223712702714]www.update.microsoft.com…](http://www.update.microsoft.com/win…)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [ash/swflash.cab]fpdownload2.macromedia.com…

O17 - HKLM\System\CCS\Services\Tcpip…{FB8AAE37-54C8-45CC-BA5B-9A48EE1B2753}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\ad aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe


End of file - 5957 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:46, on 02/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\ad aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
H:\ad aware\Ad-Watch2007.exe
H:\FRAPS\FRAPS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - H:\igraal\iGraal.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - H:\Free Download Manager\iefdm2.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - H:\igraal\iGraal.dll
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [SoundMax] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [UnlockerAssistant] “H:\unlocker\UnlockerAssistant.exe”
O4 - HKLM…\Run: [Ad-Watch] H:\ad aware\Ad-Watch2007.exe
O4 - HKLM…\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Fraps] H:\FRAPS\FRAPS.EXE
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: tout télécharger avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dlall.htm
O8 - Extra context menu item: télécharger avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dllink.htm
O8 - Extra context menu item: télécharger la sélection avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dlselected.htm
O8 - Extra context menu item: télécharger la vidéo avec free download manager - [H:\Free…](file://H:\Free) Download Manager\dlfvideo.htm
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - H:\igraal\iGraal.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - express.foto.com…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [b?1223712702714]www.update.microsoft.com…](http://www.update.microsoft.com/win…)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [ash/swflash.cab]fpdownload2.macromedia.com…

O17 - HKLM\System\CCS\Services\Tcpip…{FB8AAE37-54C8-45CC-BA5B-9A48EE1B2753}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\ad aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe


End of file - 6570 bytes

Lance combofix, laisse travailler et post le rapport

ok je le fais ,merci !

voila le rapport

ComboFix 08-12-02.02 - flo 2008-12-03 17:59:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.640 [GMT 1:00]
Lancé depuis: F:\ComboFix.exe

  • Un nouveau point de restauration a été créé
    .

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.

2008-12-02 16:54 . 2008-12-02 21:42 d-------- c:\documents and settings\flo\SecurityScans
2008-12-01 07:15 . 2008-12-01 07:15 244 --ah----- C:\sqmnoopt01.sqm
2008-12-01 07:15 . 2008-12-01 07:15 232 --ah----- C:\sqmdata01.sqm
2008-11-29 14:46 . 2008-11-29 14:46 d-------- c:\documents and settings\flo\Application Data\TomTom
2008-11-29 14:46 . 2008-11-29 14:46 d-------- c:\documents and settings\All Users\Application Data\TomTom
2008-11-29 14:42 . 2008-11-29 14:42 d-------- c:\program files\TomTom DesktopSuite
2008-11-29 14:37 . 2008-04-13 11:45 26,368 --a–c— c:\windows\system32\dllcache\usbstor.sys
2008-11-27 18:42 . 2008-11-27 18:42 244 --ah----- C:\sqmnoopt00.sqm
2008-11-27 18:42 . 2008-11-27 18:42 232 --ah----- C:\sqmdata00.sqm
2008-11-24 19:35 . 2008-11-24 19:35 d-------- c:\documents and settings\All Users\Application Data\Alexandra Ledermann 8
2008-11-24 06:23 . 2008-11-24 06:23 2,511,872 --a------ c:\windows\WD120OBJ.DLL
2008-11-24 06:23 . 2008-11-24 06:23 1,745,408 --a------ c:\windows\SP12.DLL
2008-11-24 06:23 . 2008-11-24 06:23 901,120 --a------ c:\windows\SP25.DLL
2008-11-24 06:23 . 2008-11-24 06:23 856,064 --a------ c:\windows\SP53.DLL
2008-11-24 06:23 . 2008-11-24 06:23 675,840 --a------ c:\windows\SP96.DLL
2008-11-24 06:23 . 2008-11-24 06:23 496,640 --a------ c:\windows\SP45.DLL
2008-11-24 06:23 . 2008-11-24 06:23 397,312 --a------ c:\windows\SP88.DLL
2008-11-24 06:23 . 2008-11-24 06:23 364,544 --a------ c:\windows\SP86.DLL
2008-11-24 06:23 . 2008-11-24 06:23 116,224 --a------ c:\windows\SP44.DLL
2008-11-24 06:23 . 2008-11-24 06:23 110,592 --a------ c:\windows\WD120OLE.DLL
2008-11-23 14:17 . 2008-11-23 14:17 5,208 --a------ c:\windows\system32\pid.PNF
2008-11-20 09:32 . 2008-12-03 18:00 79,570 --a------ c:\windows\system32\drivers\b7dcd6cc.sys
2008-11-19 06:15 . 2008-11-19 06:15 d-------- c:\documents and settings\flo\Application Data\CyberLink
2008-11-19 06:15 . 2008-11-19 06:25 d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-11-19 06:13 . 2008-11-19 06:13 29,480 --a------ c:\windows\system32\msxml3a.dll
2008-11-16 21:27 . 2008-11-16 21:27 d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-14 23:36 . 2007-09-15 16:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-11-14 23:11 . 2004-08-10 15:35 4,142,592 --a------ c:\windows\system32\qtintf.dll
2008-11-12 07:55 . 2008-09-04 18:16 1,106,944 -----c— c:\windows\system32\dllcache\msxml3.dll
2008-11-12 07:55 . 2008-10-24 12:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 15:04 . 2008-11-11 23:05 4,096 --a------ c:\windows\system32\crash
2008-11-06 21:10 . 2008-11-09 07:34 26,502 --a------ C:\logfile
2008-11-06 21:08 . 2008-11-06 21:08 d-------- c:\windows\system32\BWKDLogs
2008-11-06 21:08 . 2008-11-06 21:08 d-------- c:\program files\Fichiers communs\Kodak
2008-11-06 21:07 . 2008-11-06 21:08 d-------- c:\program files\Kodak
2008-11-06 21:00 . 2008-11-06 21:08 d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-11-04 17:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-03 14:02 . 2008-11-03 14:02 d-------- c:\documents and settings\flo\Application Data\Malwarebytes
2008-11-03 14:02 . 2008-11-03 14:02 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-03 14:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-03 02:20 . 2008-08-12 17:02 2,097,152 --a------ c:\windows\P5E-ASUS-0903.ROM
2008-11-03 02:19 . 2008-11-03 02:20 1,304,051 --a------ c:\windows\P5E-ASUS-0903.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 16:56 --------- d—a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-03 16:32 --------- d-----w c:\documents and settings\flo\Application Data\Free Download Manager
2008-12-01 22:00 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-16 12:59 94,208 ----a-w c:\windows\DUMP171d.tmp
2008-11-14 22:33 6,656 ----a-w c:\windows\system32\lpcio.dll
2008-11-06 21:12 --------- d-----w c:\documents and settings\flo\Application Data\Bioshock
2008-10-31 17:43 --------- d-----w c:\program files\Windows Live
2008-10-31 17:40 --------- dcsh–w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-10-31 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-29 17:45 --------- d-----w c:\documents and settings\flo\Application Data\FMZilla
2008-10-29 17:12 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 11:26 --------- d-----w c:\program files\Analog Devices
2008-10-29 08:57 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-25 19:48 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 19:36 --------- d-----w c:\program files\Electronic Arts
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 17:35 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-22 17:35 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-10-16 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-16 20:29 --------- d-----w c:\program files\ATI Technologies
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-14 19:05 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-12 04:51 --------- d-----w c:\documents and settings\flo\Application Data\Media Player Classic
2008-10-11 15:34 --------- d-----w c:\program files\Fichiers communs\EZB Systems
2008-10-11 14:33 --------- d-----w c:\program files\Fichiers communs\DirectX
2008-10-11 14:12 --------- d–h--r c:\documents and settings\flo\Application Data\SecuROM
2008-10-11 12:10 --------- d-----w c:\documents and settings\flo\Application Data\Lexmark Productivity Studio
2008-10-11 12:03 --------- d-----w c:\program files\Lexmark 3500-4500 Series
2008-10-11 11:21 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-11 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-10-11 11:04 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-11 10:53 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-10-11 10:53 --------- d-----w c:\program files\Ahead
2008-10-11 10:21 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-11 10:21 262,144 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-11 09:58 --------- d-----w c:\documents and settings\flo\Application Data\ATI
2008-10-11 08:32 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-11 07:56 --------- d-----w c:\program files\Alwil Software
2008-10-11 07:54 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-11 07:51 --------- d-----w c:\program files\Marvell
2008-10-11 07:51 --------- d-----w c:\documents and settings\flo\Application Data\TMP
2008-10-11 07:45 --------- d-----w c:\program files\Intel
2008-10-11 07:45 --------- d-----w c:\documents and settings\flo\Application Data\InstallShield
2008-10-11 07:22 558,142 ----a-w c:\windows\java\Packages\GU1FBBJJ.ZIP
2008-10-11 07:22 155,995 ----a-w c:\windows\java\Packages\ZP7BPRHR.ZIP
2008-10-11 07:22 --------- d-----w c:\program files\microsoft frontpage
2008-10-11 07:20 --------- d-----w c:\program files\Services en ligne
2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll
2008-09-23 19:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-13 15360]
“Fraps”=“h:\fraps\FRAPS.EXE” [2008-10-03 1027752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UserFaultCheck”=“c:\windows\system32\dumprep 0 -u” [X]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-08-01 61440]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2007-10-09 1036288]
“UnlockerAssistant”=“h:\unlocker\UnlockerAssistant.exe” [2008-05-02 15872]
“Ad-Watch”=“h:\ad aware\Ad-Watch2007.exe” [2007-11-07 4579328]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-13 15360]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 21:16 39792 h:\acrobat pdf\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
–a------ 2008-02-25 20:17 2465839 h:\free download manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
–a------ 2007-03-21 12:00 174872 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
–a------ 2007-07-16 11:54 25264 h:\lexmark\Lexmark 3500-4500 Series\lxdiamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
–a------ 2007-07-16 11:54 434864 h:\lexmark\Lexmark 3500-4500 Series\lxdimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2006-01-12 14:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
–a------ 2007-10-08 07:47 864256 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
–a------ 2007-10-09 03:02 1036288 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\lxdicoms.exe”=
“h:\lexmark\Lexmark 3500-4500 Series\lxdimon.exe”=
“c:\WINDOWS\system32\lxdicfg.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe”=
“e:\flat out 3\FlatOut Ultimate Carnage\Fouc.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“h:\kodack\Kodak EasyShare software\bin\EasyShare.exe”=
“e:\vegas\Binaries\R6Vegas_Game.exe”=
“e:\vegas\Binaries\R6Vegas_Launcher.exe”=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-04 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-04 20560]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service []
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe [2008-10-11 99248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cfa7a7e2-be1a-11dd-9385-001fc64eff3b}]
\shell\autorun\command - I:\InstallTomTomHOME.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = google.fr…
IE: tout télécharger avec free download manager - [h:\free…](file://h:\free) download manager\dlall.htm
IE: télécharger avec free download manager - [h:\free…](file://h:\free) download manager\dllink.htm
IE: télécharger la sélection avec free download manager - [h:\free…](file://h:\free) download manager\dlselected.htm
IE: télécharger la vidéo avec free download manager - [h:\free…](file://h:\free) download manager\dlfvideo.htm
TCP: {FB8AAE37-54C8-45CC-BA5B-9A48EE1B2753} = 212.27.54.252,212.27.53.252

O16 -: DirectAnimation Java Classes - [c:\windows\Java\classes\dajava.cab…](file://c:\windows\Java\classes\dajava.cab)
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - [c:\windows\Java\classes\xmldso.cab…](file://c:\windows\Java\classes\xmldso.cab)
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
express.foto.com…
c:\windows\Downloaded Program Files\ImageUploader5.inf
.


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-12-03 18:00:04
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ad-watch real-time scanner]
“ImagePath”="??\c:\windows\system32\drivers\AWRTPD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b7dcd6cc]
“ImagePath”="\SystemRoot\System32\drivers\b7dcd6cc.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘winlogon.exe’(760)
                c:\windows\system32\Ati2evxx.dll
                .
                Heure de fin: 2008-12-03 18:00:18
                ComboFix-quarantined-files.txt 2008-12-03 17:00:16

Avant-CF: 9 121 280 000 octets libres
Après-CF: 9,184,935,936 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP dition familiale” /fastdetect /NoExecute=AlwaysOff

255 — E O F — 2008-11-12 06:57:24

Fait un scan avec Dr Cureit


[tutorial](http://guigui14100.web.officelive.com/tutorialdrcureit.aspx)

Que penses tu du log de combofix ?..
je vais executer Dr Web…merci

Je viens d’effectuer un scan complet de Dr Web et figure toi qu’il vient de trouver 2 virus (1 suspect et 1 riskware (?)) …le plus bizarre c’est qu’il les a trouver dans …Combofix !!!

Les 2 virus sont Combofix.exe/ batch.virus et Combofix.exe/program.PSexec.171
Je ne comprend pas tres bien ce que vient faire combofix dans tout ça ! il y a un rapport?

Re- Désolé j’était parti

C’est rien c’est normal ce sont juste des risktool .Pour le rapport combofix, je vait l’analyser la je te dit ce que je découvre :wink:


Jai rien trouver de concluant :neutre:

Fait un scan Bitdefender

En fait j’ai fait un 2e scan chez Dr web et , miracle , il me trouve ce coup çi :
Processus en mémoire: C:\WINDOWS\system32\services.exe:584;;Trojan.Spambot.4117;Eradiqué.; !!

a Ok, tu avait juste laisser faire le premier scan et pas relancer un scan complet juste après?

Sinon tu a un encore un problème de ralentissement ou autre?

Je n’ai pu de probleme, lr virus est eradiqué et le pc tourne comme sur des roulettes.
Une grand merci a toi guigui14100 pour tes precieux conseils!!! Affaire Resolu!

De rien :jap:
Bonne journée