

lenab01
Membres-
Compteur de contenus
280 -
Inscription
-
Dernière visite
Tout ce qui a été posté par lenab01
-
en plus de O, ce soir j'ai messagebouncer comme programme à arrêter sans problème, je le fais demain matin il faut autre chose dans la foulée
-
voilà la trace ComboFix 08-10-02.04 - Maison 2008-10-02 23:24:31.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.218 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Maison\Bureau\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 )))))))))))))))))))))))))))))))))))) . 2008-09-30 23:29 . 2008-10-02 22:43 4,465 --a------ C:\WINDOWS\system32\Config.MPF 2008-09-30 23:17 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-09-30 23:17 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-09-30 23:17 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-09-30 23:16 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2008-09-30 23:11 . 2008-09-30 23:13 <REP> d-------- C:\Program Files\McAfee.com 2008-09-30 23:11 . 2008-09-30 23:17 <REP> d-------- C:\Program Files\Fichiers communs\McAfee 2008-09-30 23:10 . 2008-10-02 22:42 <REP> d-------- C:\Program Files\McAfee 2008-09-30 23:05 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2008-09-28 18:23 . 2008-10-01 22:07 250 --a------ C:\WINDOWS\gmer.ini 2008-09-28 11:21 . 2008-09-28 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-09-28 08:59 . 2008-09-28 08:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore 2008-09-27 17:04 . 2008-09-27 17:06 <REP> d-------- C:\rsit 2008-09-27 11:52 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-27 11:52 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-27 11:52 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-26 21:31 . 2008-09-26 21:31 <REP> d-------- C:\Utilitaires 2008-09-26 19:02 . 2008-09-26 19:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-26 19:01 . 2008-09-26 19:12 <REP> d-------- C:\Program Files\Windows Live 2008-09-26 18:57 . 2008-09-26 18:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-24 20:06 . 2007-07-20 20:08 3,049,097 --a------ C:\1-07 Satie_ Gymnop‚dies - 1. Lent Et.m4a 2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Program Files\iTunes 2008-09-20 08:45 . 2008-09-20 08:45 <REP> d-------- C:\Program Files\iPod 2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-20 08:43 . 2008-09-20 08:43 <REP> d-------- C:\Program Files\Bonjour 2008-09-20 08:41 . 2008-09-20 08:42 <REP> d-------- C:\Program Files\QuickTime 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-28 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-09-27 16:03 --------- d-----w C:\Program Files\SlySoft 2008-09-26 06:20 --------- d-----w C:\Documents and Settings\Maison\Application Data\OpenOffice.org2 2008-09-21 06:45 --------- d-----w C:\Program Files\Java 2008-09-20 06:41 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-23 14:24 --------- d-----w C:\Program Files\Apple Software Update 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-28_23.49.50.01 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-09-28 21:36:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-10-02 21:24:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-28 21:36:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-10-02 21:24:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codec"= l3codecp.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944] R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys [2002-05-03 21276] S3 ATICDSDr;ATICDSDr;C:\Dell\Drivers\R50874\bin\atiicdxx.sys [2002-03-11 5376] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Maison\Application Data\Mozilla\Firefox\Profiles\cw7yqx75.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-02 23:37:28 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll . Heure de fin: 2008-10-02 23:44:09 ComboFix-quarantined-files.txt 2008-10-02 21:43:56 ComboFix2.txt 2008-09-30 10:52:31 ComboFix3.txt 2008-09-29 21:00:19 ComboFix4.txt 2008-09-28 21:51:45 Avant-CF: 44ÿ538ÿ175ÿ488 octets libres Après-CF: 44,531,818,496 octets libres 142 --- E O F --- 2008-09-11 13:04:02 CPU tjs 100% voir 200% a+
-
je ne glisse rien dessus, direct combofix ?
-
ok, je désinstalle mcafee?
-
tu penses qu'il faudrait formater ?
-
oui je crois, 1/ 100% CPU en permanence 2/ impossible d'ouvrir la messagerie 3/ mystérieux programme O que je dois arrêter manuellement à l'arrêt de la machine ça m'inquiète qu'on ne trouve rien
-
bonjour le fichier spyl.sys est introuvable a+
-
rapport RSIT après je lance la recherche je suis hs, je ferai la suite demain A+ Logfile of random's system information tool 1.02 (written by random/random) Run by Maison at 2008-10-01 23:09:35 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 43 GB (56%) free of 76 GB Total RAM: 511 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:10:32, on 01/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\PerSono\perstray.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Maison\Bureau\RSIT.exe C:\Download\Maison.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Perstray.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- End of file - 8082 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-21 308856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-09 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-09 2436160] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-21 185896] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Perstray.lnk - C:\Program Files\PerSono\perstray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "c:\efes.exe"="c:\efes.exe:*:Enabled:Server" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-09-30 23:11:59 ----D---- C:\Program Files\Fichiers communs\McAfee 2008-09-30 23:11:38 ----D---- C:\Program Files\McAfee.com 2008-09-30 23:10:37 ----D---- C:\Program Files\McAfee 2008-09-30 12:52:50 ----D---- C:\WINDOWS\temp 2008-09-30 12:52:31 ----A---- C:\ComboFix.txt 2008-09-29 22:38:40 ----A---- C:\Boot.bak 2008-09-29 22:38:25 ----D---- C:\cmdcons 2008-09-28 23:40:58 ----D---- C:\WINDOWS\erdnt 2008-09-28 23:21:54 ----D---- C:\QooBox 2008-09-28 23:21:44 ----A---- C:\WINDOWS\zip.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\VFind.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\swxcacls.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\SWSC.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\swreg.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\sed.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\Nircmd.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\grep.exe 2008-09-28 23:21:44 ----A---- C:\WINDOWS\fdsv.exe 2008-09-28 18:23:46 ----A---- C:\WINDOWS\gmer.ini 2008-09-28 18:23:27 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-09-28 18:23:27 ----A---- C:\WINDOWS\gmer.dll 2008-09-28 18:23:26 ----A---- C:\WINDOWS\gmer.exe 2008-09-28 11:21:49 ----D---- C:\WINDOWS\BDOSCAN8 2008-09-27 17:04:55 ----D---- C:\rsit 2008-09-27 11:52:24 ----A---- C:\WINDOWS\system32\muweb.dll 2008-09-27 11:52:23 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-09-27 11:52:22 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-09-26 21:31:24 ----D---- C:\Utilitaires 2008-09-26 19:02:05 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-26 19:01:17 ----D---- C:\Program Files\Windows Live 2008-09-26 18:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-21 08:45:57 ----A---- C:\WINDOWS\system32\javaws.exe 2008-09-21 08:45:57 ----A---- C:\WINDOWS\system32\javaw.exe 2008-09-21 08:45:57 ----A---- C:\WINDOWS\system32\java.exe 2008-09-20 08:45:51 ----D---- C:\Program Files\iPod 2008-09-20 08:45:38 ----D---- C:\Program Files\iTunes 2008-09-20 08:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-20 08:43:24 ----D---- C:\Program Files\Bonjour 2008-09-20 08:41:14 ----D---- C:\Program Files\QuickTime 2008-09-11 15:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-11 15:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ ======List of files/folders modified in the last 1 months====== 2008-10-01 23:10:03 ----D---- C:\Download 2008-10-01 05:46:41 ----D---- C:\WINDOWS 2008-09-30 23:31:46 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-09-30 23:30:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-30 23:29:41 ----D---- C:\WINDOWS\system32 2008-09-30 23:27:54 ----HD---- C:\WINDOWS\inf 2008-09-30 23:19:51 ----D---- C:\WINDOWS\system32\drivers 2008-09-30 23:14:07 ----SD---- C:\WINDOWS\Tasks 2008-09-30 23:11:59 ----D---- C:\Program Files\Fichiers communs 2008-09-30 23:11:38 ----RD---- C:\Program Files 2008-09-30 23:05:14 ----D---- C:\WINDOWS\system32\CatRoot2 2008-09-30 12:45:16 ----A---- C:\WINDOWS\system.ini 2008-09-30 12:44:02 ----D---- C:\WINDOWS\system32\config 2008-09-30 12:43:33 ----D---- C:\WINDOWS\AppPatch 2008-09-29 22:39:56 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-09-29 22:38:41 ----RASH---- C:\boot.ini 2008-09-28 07:34:38 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-09-27 18:03:38 ----D---- C:\Program Files\SlySoft 2008-09-27 17:05:23 ----D---- C:\WINDOWS\Prefetch 2008-09-26 19:13:56 ----SHD---- C:\WINDOWS\Installer 2008-09-26 19:12:37 ----RSD---- C:\WINDOWS\Fonts 2008-09-26 19:05:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-09-26 19:05:27 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-09-26 08:20:19 ----D---- C:\Documents and Settings\Maison\Application Data\OpenOffice.org2 2008-09-24 20:14:11 ----D---- C:\WINDOWS\network diagnostic 2008-09-23 08:05:32 ----A---- C:\WINDOWS\NeroDigital.ini 2008-09-23 07:53:16 ----D---- C:\Films 2008-09-21 08:45:56 ----D---- C:\Program Files\Java 2008-09-20 08:46:24 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-09-20 08:41:24 ----D---- C:\Program Files\Fichiers communs\Apple 2008-09-20 08:26:26 ----D---- C:\Program Files\Adobe 2008-09-11 15:01:53 ----D---- C:\WINDOWS\WinSxS 2008-09-11 15:01:09 ----HD---- C:\WINDOWS\$hf_mig$ 2008-09-11 15:00:49 ----A---- C:\WINDOWS\imsins.BAK ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-20 40320] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136] R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632] R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver; C:\WINDOWS\system32\DRIVERS\uacflt.sys [2002-05-03 21276] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-09-25 531584] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-28 85969] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-17 9600] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 ar2kspxj;ar2kspxj; C:\WINDOWS\system32\drivers\ar2kspxj.sys [] S3 ATICDSDr;ATICDSDr; \??\C:\Dell\Drivers\R50874\bin\atiicdxx.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-09-25 147456] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-09 138168] S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-05-15 79400] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] -----------------EOF-----------------
-
avec sous répertoires ? on aura le résultat demain, vue l'allure de la bête!
-
aucun résultat dans les deux répertoires j'ai recherché spyl.sys, fichiers correspondant aux lignes restaurées
-
ok je lance
-
en faisant une nouvelle analyse, on a plus les lignes SSDT... pour faire la recherche, j'ai ouvert les répertoire et j'ai trié par nom chaque pagination prend bien 40 s
-
recherche du fichier infructueuse... est-ce que le restore n'a pas été fait trop longtemps après l'analyse gmer ? faut-il refaire un coup de gmer, pour restaurer les lignes SSDT dans la foulée ?
-
j'ai restauré les deux lignes spyl.sys j'ai recherché dans drivers sans succès dans system32 je ne vois pas de fichiers sys, mais je n'ai pas encore recherché correctement c'est possible de ne pas trouver le fichier? ou c'est moi qui recherche mal ?
-
je le recherche dans les répertoires dans lesquels on a déjà fait des recherches ? l'analyse, c'est via combofix ?
-
Bonsoir un ptit rapport GMER GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-01 19:58:38 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT spyl.sys ZwEnumerateKey [0xF8434CA2] SSDT spyl.sys ZwEnumerateValueKey [0xF8435030] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB6E079CA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB6E07978] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB6E0798C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB6E07A7B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB6E07AA7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB6E07A0A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB6E07B41] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB6E07950] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB6E07964] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB6E079DE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB6E07AE9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB6E07A91] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB6E07B69] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB6E07B55] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB6E079B6] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB6E079A2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB6E07A39] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB6E07B2B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB6E07A20] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB6E079F4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 823DE1F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\Fastfat \Fat 81DDD500 AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- EOF - GMER 1.0.14 ---- A+
-
Salut aucun zip en vue, même dans les sous-répertoires
-
rapport Combofix ComboFix 08-09-27.05 - Maison 2008-09-30 12:41:09.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.326 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Maison\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Maison\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . G:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_APPLICATION_LAYER_GATEWAY_SERVICES -------\Legacy_DLLHOST32 ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 )))))))))))))))))))))))))))))))))))) . 2008-09-28 18:23 . 2008-09-28 18:42 250 --a------ C:\WINDOWS\gmer.ini 2008-09-28 11:21 . 2008-09-28 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-09-28 08:59 . 2008-09-28 08:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore 2008-09-27 17:04 . 2008-09-27 17:06 <REP> d-------- C:\rsit 2008-09-27 11:52 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-27 11:52 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-27 11:52 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-26 21:31 . 2008-09-26 21:31 <REP> d-------- C:\Utilitaires 2008-09-26 19:02 . 2008-09-26 19:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-26 19:01 . 2008-09-26 19:12 <REP> d-------- C:\Program Files\Windows Live 2008-09-26 18:57 . 2008-09-26 18:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-24 20:06 . 2007-07-20 20:08 3,049,097 --a------ C:\1-07 Satie_ Gymnop‚dies - 1. Lent Et.m4a 2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Program Files\iTunes 2008-09-20 08:45 . 2008-09-20 08:45 <REP> d-------- C:\Program Files\iPod 2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-20 08:43 . 2008-09-20 08:43 <REP> d-------- C:\Program Files\Bonjour 2008-09-20 08:41 . 2008-09-20 08:42 <REP> d-------- C:\Program Files\QuickTime 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll 2008-08-27 09:15 . 2008-08-31 09:40 <REP> d-------- C:\Concerts Pleyel 2008-08-17 08:30 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-28 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-09-27 16:03 --------- d-----w C:\Program Files\SlySoft 2008-09-26 06:20 --------- d-----w C:\Documents and Settings\Maison\Application Data\OpenOffice.org2 2008-09-21 06:45 --------- d-----w C:\Program Files\Java 2008-09-20 06:41 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-08-23 14:24 --------- d-----w C:\Program Files\Apple Software Update . ((((((((((((((((((((((((((((( snapshot@2008-09-28_23.49.50.01 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-09-28 21:36:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-30 10:14:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-28 21:36:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-09-30 10:14:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codec"= l3codecp.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys [2002-05-03 21276] S3 ATICDSDr;ATICDSDr;C:\Dell\Drivers\R50874\bin\atiicdxx.sys [2002-03-11 5376] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 12:45:24 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PerSono\PersTray.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-09-30 12:52:26 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-30 10:52:14 ComboFix2.txt 2008-09-29 21:00:19 ComboFix3.txt 2008-09-28 21:51:45 Avant-CF: 44ÿ706ÿ070ÿ528 octets libres Après-CF: 44,700,200,960 octets libres 127 --- E O F --- 2008-09-11 13:04:02 Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:00:21, on 30/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\PerSono\perstray.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Download\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Perstray.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- End of file - 6369 bytes Voilà Salut A+
-
au fait Mcafee m'a signalé des changements de registres au cours de l'opération je ne savais pas trop quoi répondre
-
voilà c'est terminé ComboFix 08-09-27.05 - Maison 2008-09-29 22:39:14.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.219 [GMT 2:00]Lancé depuis: C:\Documents and Settings\Maison\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Maison\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_APPLICATION_LAYER_GATEWAY_SERVICES -------\Legacy_DLLHOST32 -------\Service_Application Layer Gateway Services ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 )))))))))))))))))))))))))))))))))))) . 2008-09-28 18:23 . 2008-09-28 18:42 250 --a------ C:\WINDOWS\gmer.ini 2008-09-28 18:00 . 2008-09-29 22:53 4,731 --a------ C:\WINDOWS\system32\Config.MPF 2008-09-28 17:43 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-09-28 17:43 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-09-28 17:43 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-09-28 17:42 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2008-09-28 17:38 . 2008-09-28 17:43 <REP> d-------- C:\Program Files\Fichiers communs\McAfee 2008-09-28 17:37 . 2008-09-28 17:39 <REP> d-------- C:\Program Files\McAfee.com 2008-09-28 17:36 . 2008-09-28 17:51 <REP> d-------- C:\Program Files\McAfee 2008-09-28 17:33 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2008-09-28 11:21 . 2008-09-28 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-09-28 08:59 . 2008-09-28 08:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore 2008-09-27 17:04 . 2008-09-27 17:06 <REP> d-------- C:\rsit 2008-09-27 11:52 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-27 11:52 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-27 11:52 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-26 21:31 . 2008-09-26 21:31 <REP> d-------- C:\Utilitaires 2008-09-26 19:02 . 2008-09-26 19:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-26 19:01 . 2008-09-26 19:12 <REP> d-------- C:\Program Files\Windows Live 2008-09-26 18:57 . 2008-09-26 18:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-24 20:06 . 2007-07-20 20:08 3,049,097 --a------ C:\1-07 Satie_ Gymnop‚dies - 1. Lent Et.m4a 2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Program Files\iTunes 2008-09-20 08:45 . 2008-09-20 08:45 <REP> d-------- C:\Program Files\iPod 2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-20 08:43 . 2008-09-20 08:43 <REP> d-------- C:\Program Files\Bonjour 2008-09-20 08:41 . 2008-09-20 08:42 <REP> d-------- C:\Program Files\QuickTime 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-28 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-09-27 16:03 --------- d-----w C:\Program Files\SlySoft 2008-09-26 06:20 --------- d-----w C:\Documents and Settings\Maison\Application Data\OpenOffice.org2 2008-09-21 06:45 --------- d-----w C:\Program Files\Java 2008-09-20 06:41 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-08-23 14:24 --------- d-----w C:\Program Files\Apple Software Update . ((((((((((((((((((((((((((((( snapshot@2008-09-28_23.49.50.01 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-09-28 21:36:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-29 18:38:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-28 21:36:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-09-29 18:38:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codec"= l3codecp.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112] R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys [2002-05-03 21276] S2 0324431222616506mcinstcleanup;McAfee Application Installer Cleanup (0324431222616506);C:\DOCUME~1\Maison\LOCALS~1\Temp\032443~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini [ ] S3 ATICDSDr;ATICDSDr;C:\Dell\Drivers\R50874\bin\atiicdxx.sys [2002-03-11 5376] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Maison\Application Data\Mozilla\Firefox\Profiles\cw7yqx75.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-29 22:51:08 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PerSono\PersTray.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Heure de fin: 2008-09-29 23:00:11 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-29 20:59:54 ComboFix2.txt 2008-09-28 21:51:45 Avant-CF: 44ÿ735ÿ561ÿ728 octets libres Après-CF: 44,657,446,912 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 166 --- E O F --- 2008-09-11 13:04:02 j'ai pas l'impression que le fichier porte le nom que tu indiques A+
-
le scan est différent de l'autre fois il en est à l'étape 48 c'est normal ?
-
ouais désolé je n'avais pas vu la console est installée et le scan continu je poste le rapport dès que c'est fini
-
ça s'installe comment cette console ?
-
Bonsoir tu vois quelque chose dans la trace ? Lenab01
-
juste une info supplémentaire hier, quand j'ai bloqué RemAdm-.... Une fenêtre de confirmation de suppression des programmes McAfee s'est affichée, à laquelle j'ai répondu non