[RESOLU]Désinfection Boaxe.E avec logs HijackThis + ComboFix

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

Toutatis
Messages : 3
Inscription : 31 oct. 2010 22:22

[RESOLU]Désinfection Boaxe.E avec logs HijackThis + ComboFix

Message par Toutatis »

Bonjour,

Je suis sous XP ed.Familiale SP3 sur un Netbook Toshiba NB200

L'utilisateur m'a demandé de désinfecter sa machine.
En mode sans échec j'ai passé CCleaner, Spybot et Malwarebyte ainsi que Microsoft Security Essential.
Un grand nombre de spywares, trojans et autres rogues ont été supprimés.

Toutefois il en reste un seul de récalcitrant: Trojan Win32/Boaxe.M que MSE détecte mais ne supprime pas. Il semble changer de nom à chaque scan de MSE.
J'ai essayé l'AV en ligne de Secuser qui ne trouve rien.

Comme je l'ai lu ici :trojan-win-boaxxe-t26409.html j'ai lancé ComboFix.
Je pense qu'il a commencé à nettoyer mais je ne sais pas interpréter le log du résultat que je joins ici ainsi que le log de HijackThis :

Code : Tout sélectionner

ComboFix 10-10-30.09 - quentin xxxx 31/10/2010  20:58:46.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1014.368 [GMT 1:00]
Lancé depuis: c:\documents and settings\quentin xxxx\Bureau\COlaF.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\xp
c:\documents and settings\quentin xxxx\Application Data\chrtmp
c:\documents and settings\quentin xxxx\mdsys.s
c:\documents and settings\quentin xxxx\mdusys.s
c:\windows\system32\drivers\nxrljjyd.sys
c:\windows\system32\drivers\xmfrvoly.sys
c:\windows\system32\lmdmuzg.dll
c:\windows\system32\xfegfwp.dll
D:\AUTORUN.INF

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LHGPJTXZ
-------\Legacy_NXRLJJYD
-------\Legacy_SSHNAS
-------\Service_lhgpjtxz
-------\Service_nxrljjyd


(((((((((((((((((((((((((((((   Fichiers créés du 2010-09-28 au 2010-10-31  ))))))))))))))))))))))))))))))))))))
.

2010-10-31 19:41 . 2010-10-31 19:41	--------	d-----w-	c:\program files\Trend Micro
2010-10-31 18:38 . 2010-10-31 19:43	--------	d-----w-	c:\program files\Unlocker
2010-10-31 17:07 . 2010-10-07 15:21	6146896	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{765216FD-6386-49FE-87E1-4D798A0EA6A0}\mpengine.dll
2010-10-31 17:05 . 2010-10-31 17:06	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-10-31 16:45 . 2010-10-31 16:45	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2010-10-31 15:03 . 2010-09-18 06:53	954368	-c----w-	c:\windows\system32\dllcache\mfc40.dll
2010-10-31 15:03 . 2010-09-18 06:53	953856	-c----w-	c:\windows\system32\dllcache\mfc40u.dll
2010-10-31 15:03 . 2010-09-18 06:53	974848	-c----w-	c:\windows\system32\dllcache\mfc42.dll
2010-10-31 15:02 . 2010-09-10 05:50	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-10-31 15:02 . 2010-09-10 05:50	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-10-31 15:02 . 2010-09-10 05:50	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-10-31 15:02 . 2010-08-23 16:12	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll
2010-10-31 14:58 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-10-31 14:48 . 2010-10-31 14:48	--------	d-----w-	c:\program files\RogueRemover FREE
2010-10-31 14:46 . 2009-02-20 07:21	252928	----a-w-	c:\windows\system32\drivers\etc\RHosts.exe
2010-10-31 14:30 . 2010-10-31 14:30	--------	d-sh--w-	c:\documents and settings\quentin xxxx\PrivacIE
2010-10-31 14:23 . 2010-10-31 14:23	4224	----a-w-	c:\windows\system32\drivers\RDPCDD.SYS
2010-10-31 14:08 . 2010-10-31 14:08	--------	d-----r-	c:\documents and settings\LocalService\Favoris
2010-10-31 14:08 . 2010-10-31 14:08	--------	d-sh--w-	c:\documents and settings\quentin xxxx\IECompatCache
2010-10-31 13:41 . 2010-10-31 13:41	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2010-10-31 13:38 . 2010-10-31 13:38	--------	d-sh--w-	c:\documents and settings\quentin xxxx\IETldCache
2010-10-31 13:12 . 2010-10-31 13:14	--------	dc-h--w-	c:\windows\ie8
2010-10-31 13:08 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-31 10:18 . 2010-10-31 10:18	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-10-31 00:19 . 2010-10-31 00:19	--------	d--h--w-	c:\windows\PIF
2010-10-30 10:02 . 2010-10-31 13:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-30 10:02 . 2010-10-30 10:05	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-10-30 09:56 . 2010-10-30 09:56	--------	d-----w-	c:\program files\CCleaner
2010-10-30 09:54 . 2010-10-30 09:54	--------	d-----w-	c:\documents and settings\quentin xxxx\Application Data\Malwarebytes
2010-10-30 09:54 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 09:54 . 2010-10-30 09:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 09:54 . 2010-10-30 09:54	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-30 09:54 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-04-06 12:39	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-04-06 12:39	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-04-06 12:39	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-04-06 12:39	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2009-04-06 12:39	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2009-04-06 12:39	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2009-04-06 12:39	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2009-04-06 12:39	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2009-04-06 12:39	1852928	----a-w-	c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-04-06 12:39	119808	----a-w-	c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2009-04-06 12:39	99840	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2009-04-06 12:39	357248	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2009-04-06 12:39	617472	----a-w-	c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-04-06 12:39	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2009-04-06 12:39	590848	----a-w-	c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-02 73728]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-03-19 90112]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]
c:\windows\system32\thpsrv [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2009-03-18 19:10	417792	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-09-10 09:07	143360	----a-w-	c:\program files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAccessibility]
2009-02-25 08:50	110592	----a-w-	c:\program files\Toshiba\Accessibility\TAccessibility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-01 16:48	210232	----a-w-	c:\windows\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-10 17:45	202256	----a-w-	c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2009-03-18 09:51	266240	----a-w-	c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TUSBSleepChargeSrv]
2009-03-27 20:40	252288	----a-w-	c:\program files\Toshiba\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 08:58	24576	----a-w-	c:\windows\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdate1ca827d92914fc0"=2 (0x2)
"CFSvcs"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [21/08/2008 09:35 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 09:14 6528]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [17/08/2009 10:52 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [12/11/2009 18:15 48176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [09/04/2009 06:11 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [09/04/2009 06:13 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [14/11/2009 21:58 11520]
S4 gupdate1ca827d92914fc0;Service Google Update (gupdate1ca827d92914fc0);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 21:38 133104]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NXRLJJYD
*Deregistered* - nxrljjyd
.
Contenu du dossier 'Tâches planifiées'

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 20:37]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 20:37]

2010-10-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3586533485-997917433-220073534-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3586533485-997917433-220073534-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{744F2A03-89EF-45C8-86D3-D8951E065FD8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-Ameyewah - c:\windows\msirvfi.dll
MSConfigStartUp-Firevall Administrating - rndll.exe
MSConfigStartUp-Firewall Administrating - infocard.exe
MSConfigStartUp-Firewall Aliase - c:\windows\mdm.exe
MSConfigStartUp-Java developer Script Browse - c:\windows\jusched.exe
MSConfigStartUp-M5T8QL3YW3 - c:\docume~1\QUENTI~1\LOCALS~1\Temp\Pml.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Microsoft Update checker - c:\windows\rundll32.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-Protection Center - c:\program files\Protection Center\cntprot.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]
Rootkit scan 2010-10-31 21:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(4000)
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\acs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Heure de fin: 2010-10-31  21:20:52 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-10-31 20:20

Avant-CF: 59 493 588 992 octets libres
Après-CF: 59 415 453 696 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect /forceresetreg

- - End Of File - - 8710B2BCC1559716A16F272A137C483D



Je joins aussi le log de HijackThis v2.0.2 que j'ai passé après Combofix:

Code : Tout sélectionner

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:26, on 31/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.fr/]Google[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN : Hotmail, Messenger, Bing, Actualité et Sport[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN : Hotmail, Messenger, Bing, Actualité et Sport[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 6958 bytes


Je vous remercie d'avance de vos conseils pour terminer le nettoyage
Dernière modification par Toutatis le 01 nov. 2010 09:16, modifié 2 fois.

Toutatis
Messages : 3
Inscription : 31 oct. 2010 22:22

Re: Désinfection Boaxe.E avec logs de HijackThis + ComboFix

Message par Toutatis »

Problème résolu grace à Virus Removal Tool de Kaspersky que l'on m'a conseillé sur le forum de Zebulon.fr

Répondre

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »