Aller au contenu

Tyxia

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Tyxia

  1. Tyxia
    voila par contre mon antivirus kaspersky a redemarrer apres et ma trouver découvert : application présentant un risque potentiel Invader Le processus: C:\ComboFix\Catchme.tmp non trouvé : virus Heur.Invader (modification) Le fichier: C:\ComboFix\Catchme.tmp non trouvé : virus Heur.Invader (modification) Le fichier: c:\documents and settings\mickael & nathalie\bureau\combofix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe voyant que c'etait lié a combofix j'ai cliqué sur ajouté a la zone de confiance "j'espere que je n'ai pas fait de boulette" ComboFix 09-08-01.06 - Mickael & Nathalie 02/08/2009 16:18.3.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1382 [GMT 2:00] Running from: c:\documents and settings\Mickael & Nathalie\Bureau\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\cj1m.com c:\documents and settings\Mickael & Nathalie\Bureau\spiritofwanderingdownload.exe C:\p.exe C:\r6d0.bat c:\windows\a3kebook.ini c:\windows\AhnRpta.exe c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\Ijl11.dll M:\Autorun.inf M:\cj1m.com M:\ix8bmwx.bat M:\r6d0.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 ))))))))))))))))))))))))))))))) . 2009-08-02 12:10 . 2009-08-02 12:11 -------- d-----w- C:\rsit 2009-08-01 15:39 . 2009-08-01 15:39 -------- d-----w- c:\program files\MSECache 2009-07-30 15:45 . 2009-07-30 15:45 112144 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys 2009-07-30 15:45 . 2009-07-30 15:45 25104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll 2009-07-30 15:45 . 2009-07-30 15:45 772624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll 2009-07-30 15:45 . 2009-07-30 15:45 354832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll 2009-07-30 15:45 . 2009-07-30 15:45 150032 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll 2009-07-30 15:16 . 2009-07-30 15:45 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-07-30 15:16 . 2009-07-30 15:45 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-07-30 15:15 . 2009-08-02 14:38 10950944 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-30 15:15 . 2009-08-02 14:37 49184 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-09 16:01 . 2002-01-13 15:12 188416 ----a-w- c:\windows\system32\CP30FW.DLL 2009-07-08 17:44 . 2009-07-08 17:44 -------- d-----w- c:\windows\system32\NtmsData 2009-07-06 13:38 . 2009-07-06 13:38 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\RTPlayer 2009-07-05 07:52 . 2009-07-05 07:52 -------- d-----w- C:\ProgramData 2009-07-05 07:52 . 2009-07-05 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-07-05 07:40 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll 2009-07-05 07:40 . 2009-07-05 07:40 10134 ----a-r- c:\documents and settings\Mickael & Nathalie\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-07-05 07:40 . 2009-07-05 07:40 -------- d-----w- c:\program files\Microsoft WSE 2009-07-04 12:03 . 2009-08-01 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download 2009-07-04 12:03 . 2009-07-04 12:03 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\SuperMP3Download 2009-07-04 12:03 . 2009-07-04 12:03 -------- d-----w- c:\program files\SuperMp3Download . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-02 14:35 . 2008-06-30 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-08-02 14:33 . 2007-12-27 16:35 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-08-02 14:31 . 2009-07-30 15:15 6632 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-08-02 14:31 . 2009-07-30 15:15 148568 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-08-02 08:12 . 2007-12-28 17:03 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub 2009-08-01 20:05 . 2007-12-27 22:05 -------- d-----w- c:\program files\eMule 2009-08-01 19:08 . 2008-06-10 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-01 17:30 . 2008-11-26 22:40 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\FileZilla 2009-07-30 15:46 . 2007-10-31 11:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-07-11 07:37 . 2009-02-08 10:37 -------- d-----w- c:\program files\CSV2ASC 2009-07-07 20:35 . 2008-08-18 12:20 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\GigaTribe 2009-07-06 13:41 . 2008-10-02 20:32 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\Tunebite 2009-07-05 07:57 . 2008-10-27 10:32 -------- d-----w- c:\program files\Electronic Arts 2009-07-05 07:57 . 2007-12-27 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-03 18:00 . 2008-05-26 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-03 18:00 . 2008-05-26 18:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-29 20:28 . 2009-06-29 20:28 10134 ----a-r- c:\documents and settings\Mickael & Nathalie\Application Data\Microsoft\Installer\{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}\ARPPRODUCTICON.exe 2009-06-29 20:28 . 2008-09-17 08:11 -------- d-----w- c:\program files\SweetIM 2009-06-29 20:27 . 2009-03-02 07:51 5021800 ----a-w- c:\documents and settings\All Users\Application Data\SweetIM\Messenger\update\sweetimsetup.exe 2009-06-26 09:06 . 2008-01-26 10:33 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\MegauploadToolbar 2009-06-23 11:01 . 2008-06-18 13:44 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\Sony 2009-06-23 09:32 . 2009-06-23 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-06-23 09:31 . 2008-04-28 12:54 -------- d-----w- c:\program files\Sony 2009-06-21 15:08 . 2004-08-05 12:00 87466 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-21 15:08 . 2004-08-05 12:00 521200 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-17 09:27 . 2009-03-04 19:33 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2008-05-26 18:51 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-13 18:39 . 2009-06-13 18:39 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\Carnival Software 2009-06-09 06:16 . 2009-06-08 12:12 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-06-08 14:54 . 2008-01-20 21:54 -------- d-----w- c:\program files\POI-Warner 3 GoPal Edition 2009-06-08 14:02 . 2009-06-08 12:47 -------- d-----w- c:\program files\E-LECLERC 2009-06-08 12:55 . 2009-06-08 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\hps 2009-06-08 12:16 . 2009-06-08 12:07 -------- d-----w- c:\documents and settings\Mickael & Nathalie\Application Data\DAEMON Tools Lite 2009-06-08 12:12 . 2009-06-08 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-06-08 12:12 . 2009-06-08 12:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-06-08 12:07 . 2008-01-11 19:57 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-06-26 12:17 . 2009-03-24 23:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2007-08-28 12:54 . 2008-02-13 17:24 237568 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 17:43 . 2008-02-13 17:24 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 13:41 . 2008-02-13 17:24 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 12:10 . 2008-02-13 17:24 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 11:19 . 2008-02-13 17:23 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 17:35 . 2008-02-13 17:24 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 10:10 . 2008-02-13 17:23 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 10:42 . 2008-02-13 17:23 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 10:22 . 2008-02-13 17:23 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 10:21 . 2008-02-13 17:23 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll 2008-02-14 18:13 . 2008-02-14 18:13 75 --sh--r- c:\windows\CT4SET.BIN 2007-12-28 23:08 . 2007-12-28 23:01 72 --sh--w- c:\windows\S966F7B49.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2008-02-28 132392] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 1694656] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-12 243072] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-24 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376] "Dit"="Dit.exe" - c:\windows\Dit.exe [2003-12-29 94208] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-24 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-01-24 2552320] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\Mickael & Nathalie\Menu D‚marrer\Programmes\D‚marrage\ GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-18 1071616] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-4-28 385024] c:\documents and settings\Mickael & Nathalie\Menu D‚marrer\Programmes\D‚marrage\ GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-18 1071616] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-4-28 385024] c:\documents and settings\Mickael & Nathalie\Menu D‚marrer\Programmes\D‚marrage\ GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-18 1071616] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-4-28 385024] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] c:\documents and settings\Mickael & Nathalie\Menu D‚marrer\Programmes\D‚marrage\ GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-18 1071616] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-4-28 385024] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\eMule\\emule.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\neuf Talk\\neuf Talk.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\EA Games\\Nightfire\\Bond.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\GigaTribe\\gigatribe.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Motorola\\Software Update\\msu.exe"= "c:\\Program Files\\Lauyan\\TOWeb V2\\TOWeb.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "26976:TCP"= 26976:TCP:BitComet 26976 TCP "26976:UDP"= 26976:UDP:BitComet 26976 UDP R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [27/12/2007 18:35 13440] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592] S1 hidfltr;HID Filter Driver;c:\windows\system32\drivers\MWhid.sys [03/11/2004 13:20 13332] S2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" --> c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [?] S3 cusbohcn;cusbohcn;\??\c:\docume~1\MICKAE~1\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\MICKAE~1\LOCALS~1\Temp\cusbohcn.sys [?] S3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [02/10/2008 10:46 23096] S3 DrmRVideo32;DrmRVideo32;c:\windows\system32\drivers\DrmRVideo32.sys [02/10/2008 10:46 3768] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Mickael & Nathalie\Bureau\Nouveau dossier (3)\kerneld.wnt --> c:\documents and settings\Mickael & Nathalie\Bureau\Nouveau dossier (3)\kerneld.wnt [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [27/08/2008 15:31 18176] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [27/08/2008 15:31 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [27/08/2008 15:31 42112] S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" --> c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-08-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-27 09:00] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe HKCU-Run-Widget Neuf - c:\program files\Neuf\Widget Neuf\9widget.exe HKCU-Run-Torrent2Exe[791b7bb5ea5a4277dc4a927f774c7b7fde9b6730] - c:\documents and settings\Mickael & Nathalie\Bureau\itz_Chess[PAL].exe HKCU-Run-Torrent2Exe[da3a0c425a5e3cbb0ca062842b587e12c0efd828] - c:\documents and settings\Mickael & Nathalie\Bureau\lien jeux\Mario & Sonic au Jeux Olympiques.exe HKCU-Run-Torrent2Exe[8d980ca91a45755cb191bde9dd06e9dd952f52b7] - c:\documents and settings\Mickael & Nathalie\Bureau\Trivial Pursuit.exe HKCU-Run-Torrent2Exe[2adb1fc5878f31577ad55e0416dc75e506c642ba] - c:\documents and settings\Mickael & Nathalie\Bureau\X-MEN_ORIGINSWOLVERINE_PAl(Fr) .exe HKCU-Run-neuf talk - (no file) HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Supplementary Scan ------- . uStart Page = hxxp://www.neufportail.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Mickael & Nathalie\Application Data\Mozilla\Firefox\Profiles\o3248dsr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - component: c:\documents and settings\Mickael & Nathalie\Application Data\Mozilla\Firefox\Profiles\o3248dsr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-02 16:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Mickael & Nathalie\Bureau\Nouveau dossier (3)\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,9e,2f,ee, 26,f9,f4,2d,20,77,25,95,bf,2e,62,f2,d5,61,71,2a,55,2f,60,4f,80,66,24,fe,ba,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,9d,c1,fb,21,6b, 4c,06,f3,c8,28,51,af,b0,29,a3,98,b0,56,31,2d,49,b2,7a,24,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,1b,47,ec,43,a9, 85,9d,45,71,3b,04,66,8b,46,0d,96,15,69,93,d5,e0,9e,19,ac,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,70,dc,70,de,91, 9d,0d,a7,25,da,ec,7e,55,20,c9,26,55,8f,36,de,ca,3b,07,03,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,11,92,87,39,7e, ec,89,b2,3e,1e,9e,e0,57,5a,93,61,f6,cf,e4,4d,a0,ad,f6,be,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,e8,69,b1,d7,94, 06,e0,27,cd,44,cd,b9,a6,33,6c,cd,56,2e,5d,42,48,4b,7a,dc,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,0f,c5,1d,5c,22, b7,99,35,b0,18,ed,a7,3f,8d,37,a4,79,04,83,20,65,ed,46,40,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e0,18,e4,86,ad, d0,36,2e,31,77,e1,ba,b1,f8,68,02,63,90,fd,5d,a1,c5,65,d7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BE08C2D3-409A-BA9A-CCC3BF5A93C4C5B2}\{31E0C4F5-10D2-2559-BD8FA6F8E4FD42BD}\{0C75E684-EF64-45D0-854DEF6D927DBB7D}*] "DPGKDNZNISSOBPLTVXN1JPL5VH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3, 6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,cc,06,9c,ff,fd, cc,ba,0a,83,6c,56,8b,a0,85,96,ab,2a,48,63,41,f8,02,ee,20,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,fd,6e,d1,bb,07, 27,55,c6,51,fa,6e,91,28,9e,14,cc,f9,22,0b,16,97,eb,b0,96,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,61,d4,54,7a,c5, 4f,04,a0,b1,cd,45,5a,a8,c4,f8,b9,cc,1e,fa,98,77,3a,5e,48,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,22,0c,aa,76,8c, 2b,92,c3,e3,0e,66,d5,eb,bc,2f,6b,bb,05,09,53,66,34,a2,21,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3a,94,e5,47,2b, b0,43,1b,fa,ea,66,7f,d4,3b,6b,70,20,97,10,da,1c,f9,b4,5c,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(936) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll - - - - - - - > 'explorer.exe'(3516) c:\program files\RocketDock\RocketDock.dll c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll c:\program files\IncrediMail\bin\B4ImApp.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\ATKKBService.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Brother\ControlCenter3\BrccMCtl.exe c:\windows\system32\rundll32.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\windows\system32\wscntfy.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe c:\program files\IncrediMail\bin\ImApp.exe c:\program files\MSN Messenger\usnsvc.exe c:\program files\MSN Messenger\livecall.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe . ************************************************************************** . Completion time: 2009-08-02 16:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-02 14:52 ComboFix2.txt 2008-06-01 15:57 ComboFix3.txt 2008-06-01 15:17 Pre-Run: 41 097 629 696 octets libres Post-Run: 41 964 896 256 octets libres 410
  2. Tyxia
    merci,je vais faire ca et je post le rapport
  3. Tyxia
    Bonjour a tous ,mon pc est infecté par trojan gamethief win32.magania et j'ai beau le supprimer il revient constament ,je pense qu'il est aussi sur mon dd externe.je sais plus quoi faire... je suis sous windows xp sp2 et j'ais kaspersky internet security 7 comme anti virus.Merci d'avance pour l'aide que vous pourrez m'apporté -------
×
×
  • Créer...