Aller au contenu

janpolo

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par janpolo

  1. janpolo
    Bonjour à tous, je montre mon rapport d'analyse suite à l'utilisation de combofix Les deux virus à l'origine de son utilisation sont éliminés...merci Zebulon. Cependant j'ai installé AVAST et AVG à côté de l'antivirus NOD 32 (que j'avais déjà et qui a laissé passer les virus à l'origine de mes pbms), et depuis impossible de me connecter avec Internet explorer. A l'évidence c'est AVG qui bloque la connexion, seulement impossible de le supprimer (AVG). Si quequ'un a une idée...merci d'avance. Toutefois j'ai rien compris je peux à nouveau me connecter sur IE malgré la présence de AVG. Rappel merci de commenter mo rapport d'analyse. Hé je suis content d'être parmis vous! ComboFix 09-05-20.04 - utilisateur 20/05/2009 17:03.1 - NTFSx86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2047.1065 [GMT -4,5:30] Lancé depuis: E:\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\IEToolbar c:\program files\runit c:\program files\runit\config.txt c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\utilisateur\AppData\Local\smqwi.dat c:\users\utilisateur\AppData\Local\smqwi.exe c:\users\utilisateur\AppData\Local\smqwi_nav.dat c:\users\utilisateur\AppData\Local\smqwi_navps.dat c:\users\utilisateur\AppData\Roaming\0200000042b6adce579C.manifest c:\users\utilisateur\AppData\Roaming\0200000042b6adce579O.manifest c:\users\utilisateur\AppData\Roaming\0200000042b6adce579P.manifest c:\users\utilisateur\AppData\Roaming\0200000042b6adce579S.manifest c:\windows\ksrdo1023.exe c:\windows\st_1242594462.exe c:\windows\st_1242611102.exe c:\windows\system32\acovcnt.exe c:\windows\system32\ak1.exe c:\windows\system32\bozakita.exe c:\windows\system32\drivers\ovfsthxtkkomoqi.sys c:\windows\system32\GroupPolicy000.dat c:\windows\system32\nehakite.dll c:\windows\system32\ovfsthxiplsramv.dat c:\windows\system32\ovfsthxlog.dat c:\windows\system32\ovfsthxotvieiti.dat c:\windows\system32\PAUL.DLL c:\windows\system32\powenewe.dll c:\windows\system32\smkxpconqjt.exe c:\windows\system32\yojonaso.dll c:\windows\vgep4557.exe c:\windows\vmqq64240.exe c:\windows\xwisf2457.exe ----- BITS: Il y a peut-être des sites infectés ----- hxxp://83.149.105.228 hxxp://62.4.83.201 . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-20 au 2009-05-20 )))))))))))))))))))))))))))))))))))) . 2009-05-20 19:52 . 2009-02-05 21:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-05-20 19:52 . 2009-05-20 19:52 -------- d-----w c:\program files\Alwil Software 2009-05-20 19:38 . 2009-05-20 19:38 -------- d-----w c:\programdata\Yahoo! Companion 2009-05-20 19:38 . 2009-05-20 19:38 -------- d-----w c:\users\All Users\Yahoo! Companion 2009-05-20 19:38 . 2009-05-20 19:38 -------- d-----w c:\users\utilisateur\AppData\Roaming\Yahoo! 2009-05-20 19:38 . 2009-05-20 19:38 -------- d-----w c:\program files\Yahoo! 2009-05-20 19:38 . 2009-05-20 19:38 -------- d-----w c:\program files\CCleaner 2009-05-20 19:36 . 2009-05-20 19:36 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-20 19:35 . 2009-05-20 19:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-20 19:35 . 2009-05-20 19:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-20 19:35 . 2009-05-20 19:35 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-20 19:35 . 2009-05-20 19:35 -------- d-----w c:\program files\AVG 2009-05-20 19:35 . 2009-05-20 19:35 -------- d-----w c:\programdata\avg8 2009-05-20 19:35 . 2009-05-20 19:35 -------- d-----w c:\users\All Users\avg8 2009-05-20 01:15 . 2009-05-20 01:15 36864 ----a-w c:\windows\system32\glsetup.exe 2009-05-17 21:06 . 2009-05-17 21:06 190 ----a-w C:\43214354.bat 2009-05-17 21:06 . 2009-05-17 22:38 102400 ----a-w c:\windows\system32\vp_setup.exe 2009-05-15 00:43 . 2009-05-15 00:43 33352 ----a-w c:\program files\pspv.zip 2009-05-14 23:28 . 2009-05-14 23:28 -------- d-----w c:\program files\PasswordTools 2009-04-27 12:09 . 2009-04-27 14:20 2364 ----a-w c:\windows\system32\loader266.exe 2009-04-24 01:47 . 2009-04-24 18:24 -------- d-sh--w c:\windows\system32\NetworkService32 2009-04-22 14:33 . 2009-04-22 14:33 -------- d-----w c:\program files\AAALOGO2008 2009-04-22 14:27 . 2009-04-22 14:27 -------- d-----w c:\program files\AAALOGO 2009-04-22 13:15 . 2009-04-24 00:44 -------- d-----w c:\users\utilisateur\Incomplete 2009-04-22 12:44 . 2009-05-16 21:08 -------- d-----w c:\programdata\yozogate 2009-04-22 12:44 . 2009-05-16 21:08 -------- d-----w c:\users\All Users\yozogate 2009-04-22 12:44 . 2009-05-16 21:08 -------- d-----w c:\programdata\satevowa 2009-04-22 12:44 . 2009-05-16 21:08 -------- d-----w c:\users\All Users\satevowa 2009-04-22 12:44 . 2009-04-27 12:35 -------- d-----w c:\programdata\valahedo 2009-04-22 12:44 . 2009-04-27 12:35 -------- d-----w c:\users\All Users\valahedo 2009-04-22 12:43 . 2009-04-24 17:32 -------- d-sh--w c:\users\utilisateur\' 2009-04-22 12:43 . 2009-04-24 01:37 147456 ----a-w c:\users\utilisateur\vbzip10.dll 2009-04-22 12:39 . 2009-05-16 21:08 -------- d-----w c:\programdata\noyutumi 2009-04-22 12:39 . 2009-05-16 21:08 -------- d-----w c:\users\All Users\noyutumi 2009-04-22 12:39 . 2009-05-16 21:08 -------- d-----w c:\programdata\mohureha 2009-04-22 12:39 . 2009-05-16 21:08 -------- d-----w c:\programdata\zakawuli 2009-04-22 12:39 . 2009-05-16 21:08 -------- d-----w c:\users\All Users\mohureha 2009-04-22 12:39 . 2009-05-16 21:08 -------- d-----w c:\users\All Users\zakawuli 2009-04-22 11:28 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-22 11:28 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe 2009-04-22 11:28 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll 2009-04-22 11:28 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll 2009-04-22 11:28 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll 2009-04-22 11:28 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll 2009-04-22 11:28 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll 2009-04-22 11:22 . 2008-10-16 18:08 162064 ----a-w c:\windows\system32\wuwebv.dll 2009-04-22 11:22 . 2008-10-16 17:56 31232 ----a-w c:\windows\system32\wuapp.exe 2009-04-22 03:15 . 2009-04-22 03:15 -------- d-----w c:\users\utilisateur\AppData\Roaming\Uniblue 2009-04-22 01:04 . 2009-04-22 01:04 1372 ----a-w c:\windows\system32\2pm4z.vbs 2009-04-22 01:04 . 2009-04-22 01:04 1372 ----a-w c:\windows\system32\81ad9.vbs 2009-04-22 01:03 . 2009-04-22 01:03 716925 ----a-w c:\windows\cqsaf75382.exe 2009-04-22 01:03 . 2009-04-22 01:04 716925 ----a-w c:\windows\hjpug20488.exe 2009-04-22 01:03 . 2009-04-22 01:03 1372 ----a-w c:\windows\system32\DCKYz.vbs 2009-04-21 04:42 . 2009-04-21 05:14 -------- d-----w c:\program files\SmartDB_V34G . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-20 21:41 . 2008-10-31 07:00 194997 ----a-w c:\users\All Users\nvModes.dat 2009-05-20 21:41 . 2008-10-31 07:00 194997 ----a-w c:\programdata\nvModes.dat 2009-05-20 21:39 . 2008-10-30 18:22 12 ----a-w c:\windows\bthservsdp.dat 2009-05-20 21:33 . 2006-11-02 16:03 672334 ----a-w c:\windows\system32\perfh00C.dat 2009-05-20 21:33 . 2006-11-02 16:03 124434 ----a-w c:\windows\system32\perfc00C.dat 2009-05-20 21:27 . 2007-06-26 07:09 94 ----a-w c:\users\utilisateur\AppData\Local\owauw.bat 2009-05-20 01:07 . 2009-04-17 01:17 2828 --sha-w c:\users\All Users\KGyGaAvL.sys 2009-05-20 01:07 . 2009-04-17 01:17 2828 --sha-w c:\programdata\KGyGaAvL.sys 2009-05-18 02:41 . 2009-04-19 20:11 -------- d-----w c:\program files\LimeWire 2009-05-18 02:41 . 2007-06-25 09:14 -------- d-----w c:\program files\Incomplete 2009-05-14 23:07 . 2007-06-26 06:38 -------- d-----w c:\program files\Pvm 2009-04-20 12:55 . 2008-11-24 00:10 -------- d-----w c:\program files\Common Files\Adobe 2009-04-19 20:11 . 2009-04-19 20:11 4900376 ----a-w C:\LimeWireWin.exe 2009-04-17 01:17 . 2009-04-17 01:17 8 --sh--r c:\users\All Users\790FFBE21C.sys 2009-04-17 01:17 . 2009-04-17 01:17 8 --sh--r c:\programdata\790FFBE21C.sys 2009-04-17 00:51 . 2009-04-17 00:51 -------- d-----w c:\program files\Common Files\Protexis 2009-04-17 00:45 . 2009-04-17 00:45 -------- d-----w c:\program files\Common Files\Corel 2009-04-17 00:42 . 2009-04-17 00:42 -------- d-----w c:\program files\Corel 2009-04-16 23:29 . 2009-04-16 23:29 -------- d-----w c:\program files\eMule 2009-04-16 23:27 . 2009-04-16 23:27 3342809 ----a-w C:\eMule0.49c-Installer.exe 2009-04-16 18:42 . 2009-04-16 18:42 -------- d-----w c:\program files\My Company Name 2009-04-16 17:49 . 2009-04-16 17:49 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-04-15 22:53 . 2009-04-15 22:53 -------- d-----w c:\program files\Bonjour 2009-04-15 22:40 . 2009-04-15 22:40 -------- d-----w c:\program files\Common Files\Macrovision Shared 2009-04-10 01:42 . 2008-10-31 05:26 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-09 18:22 . 2008-10-31 01:19 -------- d-----w c:\program files\PowerForPhone 2009-04-09 18:22 . 2008-10-31 00:00 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-09 18:21 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-09 18:21 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-09 18:21 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-04-09 18:20 . 2008-12-02 11:57 -------- d-----w c:\program files\Common Files\Ahead 2009-04-09 18:00 . 2009-04-09 18:00 2560 ----a-w c:\windows\_MSRSTRT.EXE 2009-03-26 16:35 . 2009-03-26 16:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2009-03-26 16:34 . 2009-03-26 16:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-03-25 05:38 . 2008-10-31 01:03 -------- d-----w c:\program files\DIFX 2009-02-26 18:25 . 2009-02-26 18:25 1700352 ----a-w c:\windows\system32\gdiplus.dll 2009-02-26 18:25 . 2009-02-26 18:25 1060864 ----a-w c:\windows\system32\mfc71.dll 2008-02-22 20:28 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini 2009-01-25 22:56 . 2009-01-25 22:56 2724 --sh--w c:\windows\System32\moharira.exe 2007-06-25 06:03 . 2007-03-25 06:03 80384 --sha-w c:\windows\System32\nijonina.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77AB5974-55A3-4737-9FD5-B93C64307F79}] 2007-06-25 06:03 80384 --sha-w c:\windows\System32\nijonina.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-20 1947928] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^utilisateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1518118197-2507700620-464224144-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{6BE0A5C9-BBD5-47D5-A460-D2521014B1B5}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{22095D1A-47A8-41DD-9313-8D3F8D9630E8}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{3FEF139D-E4C5-4A44-9868-864B0E5686EA}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{45191C49-62EC-4577-B104-E4A8CD0681D4}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{8BBA24DF-530A-4DAD-AA61-5C8E1F593EA1}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{AF0EE537-A910-45B5-BC11-E1ADBE25E92F}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{973156EE-ADA7-48EB-8AE4-B43968D7C9D6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{844D8C82-CC6C-4DDA-BEFD-844AF5A7A705}"= UDP:990:LocalSubnet:LocalSubnet|IF={122F15E4-1F63-4709-A418-5BF74412B5D6}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{1BB86453-5748-4CF8-ABAD-435DD4A87DA6}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{FFC0FF22-21C1-4A63-A616-39676E25FD2B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{32036CE4-36EA-454B-B191-35FC419AA35F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{38B2C936-AD8B-432E-8686-F845DC2CFA4A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{9CE4D2F4-FDBC-4376-A090-20647DAF68BA}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™ "{11057B0D-C721-42E5-B1D5-578C6B715BCD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™ "{71BB4378-4BDA-4202-B9BC-94B7869E1903}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™ "{9181AFF1-9270-4AA2-BFA6-070DA43A3FD8}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™ "{555E9C0B-28F5-47B0-A86B-7799E9AA101D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{08EA6E59-18A8-47CC-B0F4-B2ECC76C1C8C}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™ "{CD01738B-5ED3-4B94-ACAE-E96F0D3CC73F}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™ "{BB79A2ED-DB32-4A41-8CCE-78F4C8A45D54}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™ "{8CC63B95-173A-4804-964A-2D9A429C1499}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™ "{5A776812-F36B-45C6-9A28-E4E477F3914E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{284E8675-D48C-45A2-9ADD-A7111261726E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{E01D5695-13A1-4C9E-AD44-46148C868F0E}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{490344CA-09A7-4E37-8A9B-15A62D5262DD}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{259D684E-D072-4161-917F-D1DA7C6DFA4D}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{72134223-6BBF-41B0-9C4F-EE0A95D026AE}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{60CF46DE-A9D9-403D-BC04-745477F8CD1E}"= UDP:5353:Adobe CSI CS4 "{EC1A5E96-F482-40BF-99EC-A91088BEA591}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{D3B901B2-C5AD-462C-BE81-BB378014B7A4}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "TCP Query User{36CCAFB3-58B0-48FE-B222-B31EC5E9FAB0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{754D78E4-3881-4997-BCFE-829037464A50}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{CD0A61BD-B3ED-4372-9795-A812DE3C86B3}"= Disabled:UDP:c:\program files\eMule\emule.exe:eMule "{F4BFE108-2D9B-48A8-9E31-160B7CBB1B8A}"= Disabled:TCP:c:\program files\eMule\emule.exe:eMule "{9C2368B9-120C-4C01-B1C9-68A1B4AFB278}"= Disabled:UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer "{1732C5E5-B6DE-43F0-8AD7-06D6EFEEE30C}"= Disabled:TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer "{11FAD935-B341-43CD-90B4-9795DBEAF560}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{57B6A364-814C-429F-81A9-474BDDB189BB}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{5A427784-6E0E-4D17-90C7-50AB68439F7E}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= Disabled:UDP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld "UDP Query User{80BEC025-BB2E-4C6B-B195-C9ED9344B938}c:\\program files\\easyphp 3.0\\mysql\\bin\\mysqld.exe"= Disabled:TCP:c:\program files\easyphp 3.0\mysql\bin\mysqld.exe:mysqld "{83720B67-81C2-4136-9D16-700E0477B2D8}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI "{A5E28E45-4DB7-4017-91F1-28EF0DD56955}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI "{70D6BCAA-0104-4E84-AE36-D186160D2AFF}"= UDP:c:\windows\System32\wininit.exe:wininit "{6023146D-5A64-4DAA-9F8A-DD1EB8A726FF}"= TCP:c:\windows\System32\wininit.exe:wininit "{15CD9841-C1F6-4C08-A4CF-09038D52850B}"= UDP:c:\windows\System32\wininit.exe:wininit "{C1D7CC62-747C-42DE-B206-37D570B53535}"= UDP:c:\windows\System32\wininit.exe:wininit "{AFF1220B-7B12-420C-9EF9-BB674F4E5EC8}"= TCP:c:\windows\System32\wininit.exe:wininit "{2A7F6C27-8565-4C70-8C4B-63498E6FE420}"= TCP:c:\windows\System32\wininit.exe:wininit "{1179E605-63BB-4CC8-8CE8-B83441B3A4AA}"= UDP:c:\windows\explorer.exe:Explorer "{E68D5A71-6E8F-46F6-853D-4571341F4867}"= TCP:c:\windows\explorer.exe:Explorer "{CC0C922F-4506-46DB-99FF-38BCC9754E38}"= UDP:c:\windows\explorer.exe:Explorer "{CC4D30EC-B1B2-42FB-A7BA-99A9ABC4F868}"= TCP:c:\windows\explorer.exe:Explorer "{497C50DA-03E5-4D19-BD65-B74F8FF4B265}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse "{73C39090-9198-4B93-A0F0-2B514A3DDAD1}"= TCP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse "{2EF76C5A-0A2A-4984-841C-0AB75E3480C5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{7515E8BF-4329-49C3-80D6-CF785B5CE29C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{F6B2B963-556A-4025-83FB-24FD52AB08BE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{955BA0D7-E976-46CC-A0EC-0842FBD83DB5}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 0 (0x0) R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [30/10/2008 20:28 209408] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [20/05/2009 15:22 114768] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [20/05/2009 15:05 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [20/05/2009 15:05 108552] R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [10/06/2008 18:26 34312] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [20/05/2009 15:22 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [20/05/2009 15:22 51792] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/05/2009 15:05 298776] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/06/2008 18:23 468224] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [30/10/2008 20:04 48128] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [30/10/2008 20:33 47616] R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\System32\drivers\Ltn_hyd7700pc.sys [10/01/2009 11:23 373888] S2 EsetNod32Fix;Nod32 AV;c:\windows\regedit.exe [22/02/2008 15:24 134656] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [02/11/2006 06:02 1083520] S3 pnetmdm;PdaNet Modem;c:\windows\System32\drivers\pnetmdm.sys [13/02/2009 21:39 9472] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . - - - - ORPHELINS SUPPRIMES - - - - BHO-{3d6bc48e-381c-4a94-8c8c-843f4f6ea0e8} - c:\windows\system32\jepewosi.dll BHO-{71825A08-7366-9BB3-E3D2-050076F1EBF7} - (no file) HKCU-Run-smqwi - c:\users\utilisateur\appdata\local\smqwi.exe HKLM-Run-schwjomkkarummfy - c:\windows\system32\ibwvealwutpalaad.dll HKLM-Run-cc3e9511 - c:\windows\system32\pozofohu.dll HKLM-Run-tiyumutale - c:\windows\system32\pusogumu.dll HKU-Default-Run-InetChk - c:\windows\TEMP\ms1183089072.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ uInternet Settings,ProxyOverride = 192.*;*.local;<local> uInternet Settings,ProxyServer = proxy:8080 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-20 17:11 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1518118197-2507700620-464224144-1000\Software\SecuROM\License information*] "datasecu"=hex:20,f1,9b,3a,8f,98,61,65,ae,34,35,31,34,c6,32,e8,fc,b3,d4,f2,43, d2,76,9d,6e,9f,f1,11,3b,8d,5c,be,5b,7f,f4,ea,c9,1e,8d,d0,38,1e,e1,3b,cb,d3,\ "rkeysecu"=hex:37,a1,c6,9d,f5,42,8d,8a,a4,15,ba,4f,b1,1b,5c,8f [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\program files\ATK Hotkey\AsLdrSrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\windows\System32\wlanext.exe c:\windows\System32\rundll32.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\ASUS\Splendid\ACMON.exe c:\program files\P4G\BatteryLife.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\System32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\System32\WUDFHost.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\ehome\ehsched.exe c:\windows\ehome\ehrecvr.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\VSSVC.exe . ************************************************************************** . Heure de fin: 2009-05-20 17:18 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-20 21:48 Avant-CF: 110 283 341 824 octets libres Après-CF: 110 079 242 240 octets libres 352
×
×
  • Créer...