toulouse

Infecté par le virus ANTIVIRUS XP 2008, après utilisation de Combofix, il m'a été demandé de poster le rapport "Combofix.txt" - chose faite. ComboFix 08-08-08.02 - Compaq_Propriétaire 2008-08-08 19:05:38.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.403 [GMT 2:00] Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\MENDE 2007\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\annulation\001#14.12.2007___12.13.50\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\annulation\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\data\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\deleted\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\deleted\vignettes deleted\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\images\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\sons\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\vignettes\Desktop_.ini C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Marc\Csp MENDE\Temp\REPAS DE GARDE PROJET\xtras\Desktop_.ini C:\Documents and Settings\Compaq_Propriétaire\Application Data\rhcgprj0er6o C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\iicgwcq.dat C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\iicgwcq.exe C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\iicgwcq_nav.dat C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\iicgwcq_navps.dat C:\Documents and Settings\LocalService\Application Data\629315082.exe C:\Documents and Settings\LocalService\Application Data\rhcgprj0er6o C:\Program Files\rhcgprj0er6o C:\setup.exe C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\5.tmp C:\WINDOWS\system32\blphclprj0er6o.scr C:\WINDOWS\system32\lphclprj0er6o.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\phclprj0er6o.bmp C:\WINDOWS\system32\pphclprj0er6o.exe D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))))))) . 2008-07-22 21:29 . 2008-07-22 21:29 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2008-07-22 12:55 . 2008-08-08 19:12 77,498 --a------ C:\WINDOWS\system32\drivers\40e63434.sys 2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-08 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-22 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-22 19:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-07-14 17:26 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 21:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 19:46 147456] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 06:00 98304] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 22:05 344064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-11 01:10 188416] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-07 13:11 1836544] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 13:32 185632] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-12-03 01:41 25472] "RTHDCPL"="RTHDCPL.EXE" [2006-01-23 12:53 15969280 C:\WINDOWS\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 06:00] R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a7ed024-da28-11db-b9a8-0060b3e32640}] \shell\auto\command - setup.exe \shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-07-14 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job - C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe [2007-12-19 15:26] . - - - - ORPHANS REMOVED - - - - HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-iicgwcq - c:\documents and settings\compaq_propriétaire\local settings\application data\iicgwcq.exe HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe HKLM-Run-PCDrProfiler - (no file) MSConfigStartUp-lphclprj0er6o - C:\WINDOWS\system32\lphclprj0er6o.exe MSConfigStartUp-smrhcgprj0er6o - C:\Program Files\rhcgprj0er6o\rhcgprj0er6o.exe MSConfigStartUp-spyware-secure - C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\73h7s0ud.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-08 19:12:01 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe C:\Program Files\HP\hpcoretech\soln\HPOSM.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-08 19:16:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-08 17:16:19 Pre-Run: 232,408,465,408 octets libres Post-Run: 232,653,443,072 octets libres 176 --- E O F --- 2008-08-08 04:42:27 En attendant votre aide Merci