Maldagar

Membres

Afficher le profil Afficher son activité

Compteur de contenus
28
Inscription
le 28 décembre 2008
Dernière visite
le 12 décembre 2012

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Maldagar

Ananlyse HijackThis

Maldagar a répondu à un(e) sujet de Maldagar dans Analyses et éradication malwares

Voila le rapport :P ComboFix 08-12-28.01 - Maxime 2008-12-28 19:59:17.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.388 [GMT 1:00] Lancé depuis: c:\documents and settings\Maxime\Bureau\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Outdated) AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Maxime\LOCALS~1\Temp\tmp1.tmp c:\docume~1\Maxime\LOCALS~1\Temp\tmp2.tmp D:\Autorun.inf D:\resycled d:\resycled\boot.com K:\Autorun.inf K:\resycled k:\resycled\boot.com L:\Autorun.inf L:\resycled l:\resycled\boot.com M:\Autorun.inf M:\resycled m:\resycled\boot.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 )))))))))))))))))))))))))))))))))))) . 2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ c:\windows\system32\LXBOUSCI.INI 2008-12-28 19:39 . 2008-12-28 19:39 <REP> d-------- c:\program files\NOS 2008-12-28 19:39 . 2008-12-28 19:39 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-12-28 19:09 . 2008-12-28 19:09 <REP> d-------- c:\windows\LastGood 2008-12-28 17:19 . 2008-12-28 17:19 <REP> d-------- c:\documents and settings\Maxime\Application Data\Malwarebytes 2008-12-28 17:18 . 2008-12-28 17:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-28 17:18 . 2008-12-28 17:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-28 17:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-28 17:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-28 16:30 . 2008-12-28 16:30 <REP> d-------- c:\program files\Trend Micro 2008-12-28 16:03 . 2008-12-28 16:03 <REP> d-------- c:\program files\LiveUpdate Administration 2008-12-28 16:03 . 2002-01-09 01:53 306,688 --a------ c:\windows\IsUninst.exe 2008-12-28 15:20 . 2008-12-28 15:19 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-27 18:12 . 2008-12-27 18:12 <REP> d--hs---- C:\FOUND.008 2008-12-27 16:41 . 2008-12-27 16:41 <REP> dr------- c:\program files\Norton Support 2008-12-27 15:43 . 2008-12-27 15:43 <REP> d-------- c:\windows\system32\drivers\NAV 2008-12-27 15:43 . 2008-12-27 15:43 <REP> d-------- c:\program files\Symantec 2008-12-27 15:43 . 2008-12-27 15:43 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared 2008-12-27 15:43 . 2008-12-27 15:43 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-27 15:43 . 2008-12-27 15:43 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2008-12-27 15:43 . 2008-12-27 15:43 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-27 15:43 . 2008-12-27 15:43 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-27 15:43 . 2008-12-27 15:43 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-27 15:42 . 2008-12-27 15:43 <REP> d-------- c:\program files\Windows Sidebar 2008-12-27 15:41 . 2008-12-27 15:41 <REP> d-------- c:\program files\NortonInstaller 2008-12-25 22:47 . 2008-12-25 22:47 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-12-25 22:22 . 2008-12-25 22:22 <REP> d-------- c:\program files\Fichiers communs\Control Panels 2008-12-25 22:18 . 2008-12-25 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ALM 2008-12-25 21:42 . 2008-12-25 21:42 <REP> d-------- c:\program files\QuickTime 2008-12-25 21:16 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll 2008-12-25 21:16 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe 2008-12-25 21:00 . 2008-12-25 21:00 <REP> d-------- c:\program files\Bonjour 2008-12-25 20:36 . 2008-12-25 20:36 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared 2008-12-20 19:53 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll 2008-12-20 19:53 . 2008-12-20 19:53 385 --a------ c:\windows\ODBC.INI 2008-12-20 19:48 . 2008-12-20 19:48 <REP> d-------- c:\windows\SHELLNEW 2008-12-20 19:47 . 2008-12-20 19:47 <REP> d-------- c:\program files\Microsoft.NET 2008-12-20 12:17 . 2008-12-20 12:17 <REP> d-------- c:\documents and settings\Maxime\Application Data\gtk-2.0 2008-12-20 12:15 . 2008-12-20 12:15 <REP> d-------- c:\documents and settings\Maxime\.thumbnails 2008-12-20 11:31 . 2008-12-20 11:31 <REP> d-------- c:\documents and settings\Maxime\.gimp-2.6 2008-12-20 11:31 . 2008-12-20 11:31 <REP> d-------- c:\documents and settings\Maxime\.gegl-0.0 2008-12-19 11:09 . 2008-12-19 11:09 <REP> d--hs---- C:\FOUND.007 2008-12-15 15:27 . 2008-12-15 15:27 <REP> d--hs---- C:\FOUND.006 2008-12-10 12:12 . 2008-12-10 12:12 <REP> d--hs---- C:\FOUND.005 2008-12-08 21:21 . 2008-12-08 21:21 <REP> d--hs---- C:\FOUND.004 2008-12-05 19:50 . 2008-12-05 19:50 <REP> d--hs---- C:\FOUND.003 2008-12-04 20:27 . 2008-12-04 20:27 <REP> d--hs---- C:\FOUND.002 2008-12-04 19:20 . 2008-12-04 19:20 <REP> d--hs---- C:\FOUND.001 2008-12-04 18:46 . 2008-12-04 18:46 <REP> d--hs---- C:\FOUND.000 2008-11-30 21:19 . 2008-11-30 21:19 <REP> d--hs---- C:\FOUND.019 2008-11-30 20:08 . 2008-11-30 20:08 <REP> d--hs---- C:\FOUND.018 2008-11-30 10:53 . 2008-11-30 10:53 <REP> d-------- c:\documents and settings\Maxime\Application Data\LimeWire 2008-11-30 10:52 . 2008-11-30 10:52 <REP> d-------- c:\program files\LimeWire 2008-11-29 23:32 . 2008-11-29 23:32 268 --ah----- C:\sqmdata14.sqm 2008-11-29 23:32 . 2008-11-29 23:32 244 --ah----- C:\sqmnoopt14.sqm 2008-11-29 20:11 . 2008-11-29 20:11 <REP> d--hs---- C:\FOUND.017 2008-11-28 22:21 . 2008-11-28 22:21 268 --ah----- C:\sqmdata13.sqm 2008-11-28 22:21 . 2008-11-28 22:21 244 --ah----- C:\sqmnoopt13.sqm 2008-11-28 19:56 . 2008-11-28 19:56 <REP> d--hs---- C:\FOUND.016 2008-11-28 19:45 . 2008-11-30 18:32 20 --a------ c:\windows\ACMonitor_X84-X85.ini 2008-11-28 19:24 . 2008-11-28 19:24 268 --ah----- C:\sqmdata12.sqm 2008-11-28 19:24 . 2008-11-28 19:24 244 --ah----- C:\sqmnoopt12.sqm 2008-11-28 19:20 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-11-28 19:20 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-27 20:13 --------- d-----w c:\program files\LexmarkX84-X85 2008-11-20 15:36 --------- d-----w c:\program files\Fichiers communs\Vbox 2008-11-19 16:32 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys 2008-11-19 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Zabersoft 2008-11-19 11:45 --------- d-----w c:\program files\WinHTTrack 2008-11-19 11:17 --------- d-----w c:\program files\i-Media 2008-11-19 11:17 --------- d-----w c:\program files\Goto 2008-11-16 18:49 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2008-11-13 21:07 --------- d-----w c:\program files\MSXML 4.0 2008-11-09 19:54 --------- d-----w c:\program files\Sony Ericsson 2008-11-09 19:54 --------- d-----w c:\program files\Fichiers communs\Teleca Shared 2008-11-09 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson 2008-11-04 18:01 --------- d-----w c:\program files\cafe Anagrammeur 2008-11-04 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\cafe Anagrammeur 2008-11-04 15:04 --------- d-----w c:\documents and settings\Maxime\Application Data\System 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-04-23 13:21 269,824 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys 2007-04-23 13:11 224,896 ----a-w c:\windows\inf\WG111v3\wg111v3.sys 2006-12-15 10:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe 2006-12-15 10:30 66,048 ----a-w c:\windows\inf\WG111v3\EAPPkt.sys 2006-12-15 10:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe 2006-12-15 10:30 28,672 ----a-w c:\windows\inf\WG111v3\SetDrv.exe 2006-12-15 10:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe 2006-12-15 10:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe 2006-12-15 10:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-03-18 106496] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600] "OPTENET_GUI"="c:\progra~1\CONTRO~1\bin\optgui.exe" [2008-05-06 424608] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-18 185872] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 36864] "Acrobat Assistant 8.0"="m:\installations\CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "Adobe_ID0EYTHM"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SoundMan"="SOUNDMAN.EXE" [2005-03-18 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-07-15 01:07 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\Norton AntiVirus\\Norton AntiVirus\\Engine\\16.0.0.125\\ccSvcHst.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\Metin 2\\metin2.bin"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "m:\\installations\\TMNF\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-12-27 309296] R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-12-27 254512] R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-12-27 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-28 274808] R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [] R2 OPTENET_FILTER;Orange Contrôle Parental;c:\program files\Controle Parental\bin\optproxy.exe [2008-10-17 649168] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-27 99376] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896] S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [] S3 CrystalSysInfo;CrystalSysInfo;\??\m:\installations\MediaCoder\SysInfo.sys [2007-09-25 15152] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-28 33752] S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2005-05-11 52384] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2005-05-11 87456] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2005-05-11 77072] S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-19 27904] S3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);c:\windows\system32\DRIVERS\zd1211u.sys [2008-10-17 247296] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\c:\windows\system32\ZDBRGSYS.SYS [2008-10-17 19200] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{785d0ed7-9c15-11dd-a998-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d: \Shell\Open\command - d:\resycled\boot.com d: *Newly Created Service* - CATCHME *Newly Created Service* - GETPLUS®_HELPER *Newly Created Service* - PROCEXP90 . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe MSConfigStartUp-Lexmark X84-X85 Button Manager - l:\AcBtnMgr_X84-X85.exe MSConfigStartUp-Lexmark X84-X85 Button Monitor - l:\ACMonitor_X84-X85.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ IE: Ajouter au fichier PDF existant - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - m:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - m:\instal~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Controle Parental\bin\lsp.dll FF - ProfilePath - c:\documents and settings\Maxime\Application Data\Mozilla\Firefox\Profiles\cvwda1b2.default\ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-28 20:03:52 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2008-12-28 20:05:33 ComboFix-quarantined-files.txt 2008-12-28 19:05:30 Avant-CF: 17ÿ580ÿ359ÿ680 octets libres AprÞs-CF: 20,685,029,376 octets libres 259 --- E O F --- 2008-11-13 21:09:34
- le 28 décembre 2008
- 19 réponses
Ananlyse HijackThis

Maldagar a répondu à un(e) sujet de Maldagar dans Analyses et éradication malwares

Voila le nouveau rapport hijackthis après avoir supprimer avec MBAM Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:27, on 28/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\Program Files\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe M:\installations\CS3\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\installations\CS3\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\installations\CS3\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [C:\WINDOWS\system32\kduez.exe] C:\WINDOWS\system32\kduez.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [EdenFlirt] C:\Program Files\Eden Flirt\EdenFlirt.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\installations\CS3\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ? O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://M:\INSTAL~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\INSTAL~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe -- End of file - 10610 bytes
- le 28 décembre 2008
- 19 réponses
Ananlyse HijackThis

Maldagar a posté un sujet dans Analyses et éradication malwares

Voila mon analyse HijackThis Aidé moi please Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:48, on 28/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\Program Files\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe M:\installations\CS3\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\installations\CS3\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\installations\CS3\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [C:\WINDOWS\system32\kduez.exe] C:\WINDOWS\system32\kduez.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [EdenFlirt] C:\Program Files\Eden Flirt\EdenFlirt.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\installations\CS3\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ? O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://M:\installations\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://M:\INSTAL~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\INSTAL~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{1B77FCB7-AECA-41BC-889B-60BED961D534}: NameServer = 85.255.112.169;85.255.112.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{AB88B339-6F2C-44AC-AB54-5430656CBEF9}: NameServer = 85.255.112.169;85.255.112.84 O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe -- End of file - 11388 bytes J'ai également fait une analyse avec malwarebyte et m'indique : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1550 Windows 5.1.2600 Service Pack 3 28/12/2008 17:44:20 mbam-log-2008-12-28 (17-44-11).txt Type de recherche: Examen rapide Eléments examinés: 52854 Temps écoulé: 16 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 11 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kduez.exe -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1b77fcb7-aeca-41bc-889b-60bed961d534}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ab88b339-6f2c-44ac-ab54-5430656cbef9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ab88b339-6f2c-44ac-ab54-5430656cbef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1b77fcb7-aeca-41bc-889b-60bed961d534}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ab88b339-6f2c-44ac-ab54-5430656cbef9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ab88b339-6f2c-44ac-ab54-5430656cbef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1b77fcb7-aeca-41bc-889b-60bed961d534}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1b77fcb7-aeca-41bc-889b-60bed961d534}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ab88b339-6f2c-44ac-ab54-5430656cbef9}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ab88b339-6f2c-44ac-ab54-5430656cbef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.169;85.255.112.84 -> No action taken. Dossier(s) infecté(s): C:\resycled (Trojan.DNSChanger) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\kduez.exe (Rootkit.DNSChanger.H) -> No action taken. C:\WINDOWS\Temp\tmp57.tmp (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\Temp\tmp3.tmp (Trojan.DNSChanger) -> No action taken. C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\Temp\tempo-BB.tmp (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\Temp\tempo-C25.tmp (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\Temp\tempo-D83.tmp (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\Temp\tempo-8B7.tmp (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\Temp\tempo-351.tmp (Trojan.DNSChanger) -> No action taken.
- le 28 décembre 2008
- 19 réponses

Connexion

Maldagar

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Maldagar

Ananlyse HijackThis

Ananlyse HijackThis

Ananlyse HijackThis

Zebulon

Outils en ligne

Naviguer