Aller au contenu

Africa Jack

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Africa Jack

  1. Africa Jack
    Re-bonjour dans le précédent post, le log de ComboFix a été créé sous une session Administrateur. Je n'avais pas bien lu la réponse de Le Sioux. Voici un autre log log créé sous ma session habituelle (désolé...) : ComboFix 09-09-08.06 - Lucille Fabre 09/09/2009 10:50.2.1 - FAT32x86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.831 [GMT 2:00] Lancé depuis: c:\documents and settings\Lucille Fabre\Bureau\titi.com AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\mafo.com c:\documents and settings\All Users\Application Data\sifigyhat._sy c:\documents and settings\All Users\Application Data\zyvut.dll c:\documents and settings\All Users\Documents\dyqidifoxo.scr c:\documents and settings\All Users\Documents\supal._dl c:\documents and settings\All Users\Documents\uhades.dl c:\documents and settings\Lucille Fabre\Application Data\ebanotuj.lib c:\documents and settings\Lucille Fabre\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\Lucille Fabre\Application Data\wiaserva.log c:\documents and settings\Lucille Fabre\Cookies\iwyxaqege.bin c:\documents and settings\Lucille Fabre\Local Settings\Application Data\iganajuv.sys c:\documents and settings\Lucille Fabre\Local Settings\Application Data\ozirupev.bin c:\documents and settings\Lucille Fabre\Local Settings\Application Data\tifybusir.pif c:\documents and settings\Lucille Fabre\Local Settings\Application Data\tuba.com c:\documents and settings\Lucille Fabre\Local Settings\Application Data\vucanypo.bat c:\documents and settings\Lucille Fabre\Local Settings\Application Data\zipeponup.pif c:\documents and settings\Lucille Fabre\Local Settings\Temporary Internet Files\orejomu.sys c:\documents and settings\Lucille Fabre\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\Fichiers communs\fadu.inf c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\donisyzun._dl c:\windows\ewevuz.vbs c:\windows\iboteveba.bat c:\windows\osiwebidyx.exe c:\windows\system32\_scui.cpl c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\dllcache\beep.sys c:\windows\system32\dunisudyd.vbs c:\windows\system32\jepemymiry.scr c:\windows\system32\wisdstr.exe c:\windows\vyjowaky._dl c:\windows\waqanyny.dl c:\windows\zuvato.ban Une copie infectée de c:\windows\system32\drivers\beep.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\beep.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-09 au 2009-09-09 )))))))))))))))))))))))))))))))))))) . 2009-09-09 07:29 . 2009-09-09 07:29 17453 ----a-w- c:\windows\system32\avyco.dat 2009-09-09 07:29 . 2009-09-09 07:29 10977 ----a-w- c:\windows\iwunyro.com 2009-09-09 07:29 . 2009-09-09 07:29 17261 ----a-w- c:\windows\syqy.dat 2009-09-09 07:28 . 2009-09-09 07:28 -------- d-----w- c:\program files\AntivirusPro_2010 2009-09-09 07:20 . 2009-09-09 08:58 62976 ----a-w- c:\windows\system32\usbctl.exe 2009-09-09 06:44 . 2009-09-09 06:44 -------- d-s---w- c:\documents and settings\Administrateur\UserData 2009-08-18 21:26 . 2009-08-18 21:26 116080 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 18:38 . 2009-09-09 08:59 47744 ----a-w- c:\windows\system32\drivers\becd72ca.sys 2009-08-15 18:38 . 2009-08-15 18:38 26686 ----a-w- c:\documents and settings\Lucille Fabre\msword98.exe 2009-08-15 18:38 . 2009-08-15 18:38 26686 ----a-w- c:\windows\system32\msword98.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 05:57 . 2009-09-09 05:57 11579 ----a-w- c:\program files\Fichiers communs\ezaxo.lib 2009-09-09 05:57 . 2009-09-09 05:57 10831 ----a-w- c:\documents and settings\All Users\Application Data\oqofan.dat 2009-08-15 18:38 . 2005-03-30 21:21 619072 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-07-25 20:37 . 2009-07-25 20:37 -------- d-----w- c:\program files\D-Link 2009-07-23 16:50 . 2009-07-23 16:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-07-23 16:50 . 2009-07-23 16:50 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-07-23 16:50 . 2009-07-23 16:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-07-23 16:50 . 2009-07-23 16:50 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-07-23 16:50 . 2009-07-23 16:50 -------- d-----w- c:\program files\Symantec 2009-07-23 16:50 . 2009-07-23 16:50 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-07-23 16:47 . 2009-07-23 16:47 -------- d-----w- c:\program files\Norton Internet Security 2009-07-23 16:47 . 2009-07-23 16:47 -------- d-----w- c:\program files\Windows Sidebar 2009-07-23 16:47 . 2009-07-23 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-23 16:38 . 2009-07-23 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2009-07-23 16:37 . 2009-07-23 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-07-23 16:36 . 2009-07-23 16:36 -------- d-----w- c:\program files\NortonInstaller 2009-07-23 16:36 . 2009-07-23 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-26 16:18 . 2005-03-30 21:22 663552 ------w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2005-03-30 21:21 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-16 14:54 . 2005-03-30 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:54 . 2005-03-30 21:21 82432 ----a-w- c:\windows\system32\fontsub.dll . ------- Sigcheck ------- [-] 2009-08-15 18:38 . 35C73882A19DBD5B924C8347B923DD8F . 619072 . . [------] . . c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-15 18:38 . 35C73882A19DBD5B924C8347B923DD8F . 619072 . . [------] . . c:\windows\system32\drivers\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys [7] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [7] 2004-08-05 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "msword98"="c:\documents and settings\Lucille Fabre\msword98.exe" [2009-08-15 26686] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218] "PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416] "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488] "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "msword98"="c:\windows\system32\msword98.exe" [2009-08-15 26686] "Antivirus Pro 2010"="c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe" [2009-09-08 589824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\Lucille Fabre\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 24064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [23/07/2009 18:50 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [23/07/2009 18:50 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [23/07/2009 18:50 482352] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [23/07/2009 18:50 115560] R2 usbctl;Microsoft USB Bus Controller;c:\windows\system32\usbctl.exe [09/09/2009 09:20 62976] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys [28/07/2009 08:05 276344] S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?] S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [28/11/2007 18:49 26656] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - usbctl . Contenu du dossier 'Tâches planifiées' 2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com FF - ProfilePath - c:\documents and settings\Lucille Fabre\Application Data\Mozilla\Firefox\Profiles\dytsqxc1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-braviax - (no file) HKLM-Run-braviax - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-09 10:58 Windows 5.1.2600 Service Pack 2 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\becd72ca] "ImagePath"="\SystemRoot\System32\drivers\becd72ca.sys" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1292) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2492) c:\program files\CyberLink\Shared Files\CLRCEngine.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\SYSTEM32\ATI2EVXX.EXE c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE c:\windows\SYSTEM32\ATI2EVXX.EXE c:\acer\EMANAGER\ANBMSERV.EXE c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE c:\program files\BONJOUR\MDNSRESPONDER.EXE c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\braviax.exe . ************************************************************************** . Heure de fin: 2009-09-09 11:02 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-09 09:02 ComboFix2.txt 2009-09-09 07:23 Avant-CF: 35 568 353 280 octets libres Après-CF: 34 511 749 120 octets libres 226 --- E O F --- 2009-07-30 17:43 Dans les deux cas, lors du redémarrage après le scan de ComboFix, j'ai laissé la machine redémarrer en mode normal, est-ce que cela pose un problème ? A bientôt Africa Jack
  2. Africa Jack
    Bonjour j'ai lu le post de platinium et j'ai suivi les instructions données par Le Sioux. Voici le log de ComboFix : ComboFix 09-09-08.05 - Administrateur 09/09/2009 9:10.1.1 - FAT32x86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.835 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\toto.com AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\17294214 c:\documents and settings\All Users\Application Data\17294214\17294214 c:\documents and settings\All Users\Application Data\17294214\17294214.exe c:\documents and settings\All Users\Application Data\17294214\pc17294214ins c:\documents and settings\All Users\Application Data\baneh._sy c:\documents and settings\All Users\Application Data\befo.bat c:\documents and settings\All Users\Application Data\ipumaj._dl c:\documents and settings\All Users\Application Data\moqicubari.vbs c:\documents and settings\All Users\Application Data\nogocu.pif c:\documents and settings\All Users\Application Data\rirukapa.vbs c:\documents and settings\All Users\Application Data\tisituk._dl c:\documents and settings\All Users\Application Data\vofuxiw._dl c:\documents and settings\All Users\Application Data\xuqol.pif c:\documents and settings\All Users\Documents\bizofiqy.dll c:\documents and settings\All Users\Documents\opyjyjiz.inf c:\documents and settings\All Users\Documents\rafoh.reg c:\documents and settings\Lucille Fabre\Application Data\avyn.dll c:\documents and settings\Lucille Fabre\Application Data\bacilutune.bin c:\documents and settings\Lucille Fabre\Application Data\olipagaso.sys c:\documents and settings\Lucille Fabre\Application Data\rydyw.scr c:\documents and settings\Lucille Fabre\Application Data\wiaserva.log c:\documents and settings\Lucille Fabre\Application Data\xysavu.scr c:\documents and settings\Lucille Fabre\Cookies\gureloh.bat c:\documents and settings\Lucille Fabre\Cookies\nabecezudo.reg c:\documents and settings\Lucille Fabre\Cookies\surujiwu.bin c:\documents and settings\Lucille Fabre\delself.bat c:\documents and settings\Lucille Fabre\Local Settings\Application Data\ifazora.reg c:\documents and settings\Lucille Fabre\Local Settings\Application Data\kazu.com c:\documents and settings\Lucille Fabre\Local Settings\Application Data\udorusypaq.bin c:\documents and settings\Lucille Fabre\Local Settings\Application Data\xotukin.scr c:\documents and settings\Lucille Fabre\Local Settings\Application Data\ybipec.bat c:\documents and settings\Lucille Fabre\Local Settings\Temporary Internet Files\reqyhiva._dl c:\documents and settings\Lucille Fabre\Local Settings\Temporary Internet Files\yricutof.bin c:\documents and settings\Lucille Fabre\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\Fichiers communs\acoqyhoxe.scr c:\program files\Fichiers communs\finacojax.inf c:\program files\Fichiers communs\jukukupo.pif c:\program files\Fichiers communs\qaqu._dl c:\program files\Fichiers communs\xola.reg c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\windows\amiciku.sys c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\gasi.ban c:\windows\ixyrunexow.bat c:\windows\ovyxi.ban c:\windows\ozumu.bat c:\windows\system32\_scui.cpl c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\sany.ban c:\windows\system32\ucapyxi.inf c:\windows\system32\wisdstr.exe c:\windows\system32\wpcap.dll c:\windows\teki.bin c:\windows\tukywunyxy._dl D:\Autorun.inf Une copie infectée de c:\windows\system32\drivers\beep.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\system volume information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP184\A0019467.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-09 au 2009-09-09 )))))))))))))))))))))))))))))))))))) . 2009-09-09 06:44 . 2009-09-09 06:44 -------- d-s---w- c:\documents and settings\Administrateur\UserData 2009-08-18 21:26 . 2009-08-18 21:26 116080 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 18:38 . 2009-09-09 07:19 47744 ----a-w- c:\windows\system32\drivers\becd72ca.sys 2009-08-15 18:38 . 2009-08-15 18:38 26686 ----a-w- c:\documents and settings\Lucille Fabre\msword98.exe 2009-08-15 18:38 . 2009-08-15 18:38 26686 ----a-w- c:\windows\system32\msword98.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 05:57 . 2009-09-09 05:57 11579 ----a-w- c:\program files\Fichiers communs\ezaxo.lib 2009-09-09 05:57 . 2009-09-09 05:57 10831 ----a-w- c:\documents and settings\All Users\Application Data\oqofan.dat 2009-08-15 18:38 . 2005-03-30 21:21 619072 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-07-25 20:37 . 2009-07-25 20:37 -------- d-----w- c:\program files\D-Link 2009-07-23 16:50 . 2009-07-23 16:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-07-23 16:50 . 2009-07-23 16:50 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-07-23 16:50 . 2009-07-23 16:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-07-23 16:50 . 2009-07-23 16:50 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-07-23 16:50 . 2009-07-23 16:50 -------- d-----w- c:\program files\Symantec 2009-07-23 16:50 . 2009-07-23 16:50 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-07-23 16:47 . 2009-07-23 16:47 -------- d-----w- c:\program files\Norton Internet Security 2009-07-23 16:47 . 2009-07-23 16:47 -------- d-----w- c:\program files\Windows Sidebar 2009-07-23 16:47 . 2009-07-23 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-23 16:38 . 2009-07-23 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2009-07-23 16:37 . 2009-07-23 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-07-23 16:36 . 2009-07-23 16:36 -------- d-----w- c:\program files\NortonInstaller 2009-07-23 16:36 . 2009-07-23 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-26 16:18 . 2005-03-30 21:22 663552 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2005-03-30 21:21 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-16 14:54 . 2005-03-30 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:54 . 2005-03-30 21:21 82432 ----a-w- c:\windows\system32\fontsub.dll . ------- Sigcheck ------- [-] 2009-08-15 18:38 . 35C73882A19DBD5B924C8347B923DD8F . 619072 . . [------] . . c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-15 18:38 . 35C73882A19DBD5B924C8347B923DD8F . 619072 . . [------] . . c:\windows\system32\drivers\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys [7] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [7] 2004-08-05 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "msword98"="c:\documents and settings\Lucille Fabre\msword98.exe" [2009-08-15 26686] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218] "PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416] "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488] "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "msword98"="c:\windows\system32\msword98.exe" [2009-08-15 26686] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\Lucille Fabre\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 24064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [23/07/2009 18:50 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [23/07/2009 18:50 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [23/07/2009 18:50 482352] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [23/07/2009 18:50 115560] R2 usbctl;Microsoft USB Bus Controller;c:\windows\system32\usbctl.exe [09/09/2009 09:20 62976] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys [28/07/2009 08:05 276344] S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?] S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [28/11/2007 18:49 26656] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - usbctl [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{022777a2-3ec6-11de-b3d3-00c09febe86d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27fd1744-0afe-11de-b39a-00c09febe86d}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{444575ca-3b07-11de-b3cc-00c09febe86d}] \Shell\1\Command - f:\.\recycled\info.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ee7882-84a9-11dd-b322-00c09febe86d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e554682-f43a-11dd-b38a-00c09febe86d}] \Shell\AutoRun\command - gjn2pjlw.exe \Shell\explore\Command - gjn2pjlw.exe \Shell\open\Command - gjn2pjlw.exe . Contenu du dossier 'Tâches planifiées' 2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Active Web Reader - c:\program files\Deskshare\Active Web Reader\Active Web Reader.exe HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe HKLM-Run-17294214 - c:\documents and settings\All Users\Application Data\17294214\17294214.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com FF - ProfilePath - c:\documents and settings\Lucille Fabre\Application Data\Mozilla\Firefox\Profiles\dytsqxc1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-09 09:18 Windows 5.1.2600 Service Pack 2 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\becd72ca] "ImagePath"="\SystemRoot\System32\drivers\becd72ca.sys" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1292) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2268) c:\program files\CyberLink\Shared Files\CLRCEngine.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\SYSTEM32\ATI2EVXX.EXE c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE c:\windows\SYSTEM32\ATI2EVXX.EXE c:\acer\EMANAGER\ANBMSERV.EXE c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE c:\program files\BONJOUR\MDNSRESPONDER.EXE c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\braviax.exe . ************************************************************************** . Heure de fin: 2009-09-09 9:23 - La machine a redémarré [Lucille Fabre] ComboFix-quarantined-files.txt 2009-09-09 07:23 Avant-CF: 34 737 487 872 octets libres Après-CF: 34 558 738 432 octets libres 263 --- E O F --- 2009-07-30 17:43 Que faire maintenant ? Merci d'avance Africa Jack
×
×
  • Créer...