alou

Membres

Afficher le profil Afficher son activité

Compteur de contenus
23
Inscription
le 24 septembre 2009
Dernière visite
le 8 octobre 2009

Autres informations

Mes langues
français

alou's Achievements

Member (4/12)

Réputation sur la communauté

probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

ok, ça marche, je fais passer le mot. encore un grand merci à vous.
- le 7 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

PROBLEME EXOCLICK RESOLU
- le 7 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

Hug Grand Manitou ! Encore merci pour tout, et bravo la communauté ! Je vais prendre le temps de faire du propre pour ne plus avoir de souci. bonne continuation, pour le sauvetage des internautes.. :P :P Alou.
- le 7 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

Bonjour, j' ai fais le scann avec ESET, et il n' a pas trouvé d' infection. Je n' ai pas eu de rapport. Donc je pense que tout est clean ! Bonne journée. oup's ! j' ai oublié le rapport Tcleaner : @+ [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\Combofix: trouvé ! C:\_OTM: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\ALI\Bureau\Gmer.zip: trouvé ! C:\Documents and Settings\ALI\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\ALI\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\ALI\Bureau\Rsit.exe: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\ALI\Bureau\Gmer.zip: supprimé ! C:\Documents and Settings\ALI\Bureau\OTM.exe: supprimé ! C:\Documents and Settings\ALI\Bureau\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Documents and Settings\ALI\Bureau\Rsit.exe: supprimé ! C:\Combofix: supprimé ! C:\_OTM: supprimé ! C:\Rsit: supprimé ! Fichiers temporaires nettoyés ! Corbeille vidée! Restauration annulée !
- le 6 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

Salut, le scann Kapersky ne fonctionne pas, mise à jour impossible...(??) .Dois-je faire le scann avec un autre anti virus.. Bien à toi.
- le 5 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

bonjour; voilà le rapport : All processes killed ========== FILES ========== C:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\update moved successfully. C:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe moved successfully. C:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr moved successfully. C:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96 moved successfully. C:\windows\$hf_mig$\KB941644\update moved successfully. C:\windows\$hf_mig$\KB941644\SP2QFE moved successfully. C:\windows\$hf_mig$\KB941644 moved successfully. C:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\update moved successfully. C:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe moved successfully. C:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr moved successfully. C:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967 moved successfully. C:\windows\$hf_mig$\KB938828\update moved successfully. C:\windows\$hf_mig$\KB938828\SP2QFE moved successfully. C:\windows\$hf_mig$\KB938828 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: ALI File delete failed. C:\Documents and Settings\ALI\Local Settings\Temp\MAR1.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 203390 bytes ->Temporary Internet Files folder emptied: 55715648 bytes ->Java cache emptied: 0 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.AUTORITE NT ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.AUTORITE NT ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 49152 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 53,44 mb OTM by OldTimer - Version 3.0.0.6 log created on 10052009_075919 Files moved on Reboot... C:\Documents and Settings\ALI\Local Settings\Temp\MAR1.tmp moved successfully. Registry entries deleted on Reboot...
- le 5 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

ello ! voilà c fait, je n' ai pas eu la demande de validation par OK lors du Double clique sur fix.bat. Une fenêtre s 'est bien ouverte mais rien de plus.. Ensuite j' ai fais la manip avec Combofix et ça donne ça : ComboFix 09-09-30.05 - ALI 04/10/2009 10:14.9.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.171 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\combofix.exe Commutateurs utilisés :: c:\documents and settings\ALI\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\system32\dllcache\wscntfy.exe --> c:\windows\system32\wscntfy.exe c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys c:\windows\system32\dllcache\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-04 au 2009-10-04 )))))))))))))))))))))))))))))))))))) . 2009-10-04 08:05 . 2004-08-19 14:10 13824 -c----w- c:\windows\system32\dllcache\wscntfy.exe 2009-10-03 05:46 . 2004-08-19 14:09 1548288 -c----w- c:\windows\system32\dllcache\sfcfiles.dll 2009-10-03 05:46 . 2004-08-19 14:10 57856 -c----w- c:\windows\system32\dllcache\spoolsv.exe 2009-10-03 05:46 . 2004-08-19 14:10 14336 -c----w- c:\windows\system32\dllcache\svchost.exe 2009-10-03 05:46 . 2004-08-19 14:09 1036288 -c----w- c:\windows\system32\dllcache\Explorer.EXE 2009-10-03 05:46 . 2004-08-19 14:10 108544 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-03 05:46 . 2004-08-19 14:09 13312 -c----w- c:\windows\system32\dllcache\lsass.exe 2009-10-02 14:48 . 2009-10-04 08:10 -------- d-----w- C:\FR-files 2009-10-02 14:41 . 2009-10-02 15:03 -------- d-----w- C:\WinFileReplace 2009-09-30 14:15 . 2009-09-30 14:28 -------- d-----w- C:\bibitte 2009-09-30 14:05 . 2004-08-19 14:10 13824 ----a-w- c:\windows\system32\wscntfy.exe 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-10-03 07:49 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-04 07:48 . 2009-10-04 07:48 16384 c:\windows\Temp\Perflib_Perfdata_300.dat + 2008-05-03 14:42 . 2004-08-19 14:10 14336 c:\windows\system32\svchost.exe + 2008-05-03 14:42 . 2004-08-19 14:10 57856 c:\windows\system32\spoolsv.exe + 2008-05-03 14:40 . 2004-08-19 14:09 13312 c:\windows\system32\lsass.exe + 2008-05-03 14:43 . 2004-08-19 14:10 506368 c:\windows\system32\winlogon.exe + 2008-05-03 14:41 . 2004-08-19 14:10 108544 c:\windows\system32\services.exe + 2009-04-13 15:54 . 2009-10-04 07:48 214880 c:\windows\system32\inetsrv\MetaBase.bin + 2008-05-03 14:43 . 2004-08-19 14:10 506368 c:\windows\system32\dllcache\winlogon.exe + 2008-05-03 14:43 . 2004-08-03 21:14 359040 c:\windows\system32\dllcache\tcpip.sys + 2008-05-03 14:39 . 2004-08-19 14:09 1036288 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-03 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-04 10:26 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(748) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Heure de fin: 2009-10-04 10:29 ComboFix-quarantined-files.txt 2009-10-04 08:29 ComboFix2.txt 2009-10-03 10:18 ComboFix3.txt 2009-10-03 06:09 ComboFix4.txt 2009-09-30 05:26 ComboFix5.txt 2009-10-04 08:11 Avant-CF: 53 094 268 928 octets libres Après-CF: 53 094 744 064 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 227 --- E O F --- 2008-05-04 06:01
- le 4 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

je crois ce coup-ci tout va bien, je n' ai plus d 'alerte virus. Un grand MERCI !! à toi je te joints les rapports, et enfin, peux-tu me dire quels outils je dois à l' avenir utiliser pour me protéger, changer ma version IE 7 en 8 ?, et nettoyer mon PC. à bientôt. Rapport Combofix: : ComboFix 09-09-30.05 - ALI 03/10/2009 12:03.8.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.176 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\combofix.exe Commutateurs utilisés :: c:\documents and settings\ALI\Bureau\CFScript.txt FILE :: "c:\windows\Temp\Perflib_Perfdata_3a4.dat" "c:\windows\Temp\Perflib_Perfdata_5b4.dat" "c:\windows\Temp\Perflib_Perfdata_5f8.dat" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Temp\Perflib_Perfdata_3a4.dat c:\windows\Temp\Perflib_Perfdata_5f8.dat . --------------- FCopy --------------- c:\windows\system32\dllcache\winlogon.exe --> c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-03 au 2009-10-03 )))))))))))))))))))))))))))))))))))) . 2009-10-03 05:46 . 2004-08-19 14:09 1548288 -c--a-w- c:\windows\system32\dllcache\sfcfiles.dll 2009-10-03 05:46 . 2004-08-03 21:14 359040 -c--a-w- c:\windows\system32\dllcache\tcpip.sys 2009-10-03 05:46 . 2004-08-19 14:10 57856 -c----w- c:\windows\system32\dllcache\spoolsv.exe 2009-10-03 05:46 . 2004-08-19 14:10 14336 -c----w- c:\windows\system32\dllcache\svchost.exe 2009-10-03 05:46 . 2004-08-19 14:09 1036288 -c----w- c:\windows\system32\dllcache\Explorer.EXE 2009-10-03 05:46 . 2004-08-19 14:10 108544 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-03 05:46 . 2004-08-19 14:09 13312 -c----w- c:\windows\system32\dllcache\lsass.exe 2009-10-02 14:48 . 2009-10-02 15:07 -------- d-----w- C:\FR-files 2009-10-02 14:41 . 2009-10-02 15:03 -------- d-----w- C:\WinFileReplace 2009-09-30 14:15 . 2009-09-30 14:28 -------- d-----w- C:\bibitte 2009-09-30 14:05 . 2009-09-30 14:02 13824 ----a-w- c:\windows\system32\wscntfy.exe 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-10-03 07:49 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys [-] 2009-09-30 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [7] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-03 09:57 . 2009-10-03 09:57 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat + 2008-05-03 14:42 . 2004-08-19 14:10 14336 c:\windows\system32\svchost.exe + 2008-05-03 14:42 . 2004-08-19 14:10 57856 c:\windows\system32\spoolsv.exe + 2008-05-03 14:40 . 2004-08-19 14:09 13312 c:\windows\system32\lsass.exe + 2008-05-03 14:41 . 2004-08-19 14:10 108544 c:\windows\system32\services.exe + 2009-04-13 15:54 . 2009-10-03 09:57 214881 c:\windows\system32\inetsrv\MetaBase.bin + 2008-05-03 14:43 . 2004-08-19 14:10 506368 c:\windows\system32\dllcache\winlogon.exe + 2008-05-03 14:39 . 2004-08-19 14:09 1036288 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-03 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-03 12:15 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Heure de fin: 2009-10-03 12:18 ComboFix-quarantined-files.txt 2009-10-03 10:18 ComboFix2.txt 2009-10-03 06:09 ComboFix3.txt 2009-09-30 05:26 ComboFix4.txt 2009-09-30 04:55 ComboFix5.txt 2009-10-03 10:02 Avant-CF: 53 082 910 720 octets libres Après-CF: 53 086 789 632 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 234 --- E O F --- 2008-05-04 06:01 rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19:40, on 03/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\ALI\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7309 bytes
- le 3 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

bonjour, j' ai effectué les tâches demandées et je crois que Combofix a fait un peu de ménage , il y a du changement : en effet, NoD 32 a apparemment supprimé quelques fichiers infectés, sauf Winlogon .exe qui revient en alerte. @+ Voici les rapports: ComboFix 09-09-30.05 - ALI 03/10/2009 7:46.7.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.169 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\combofix.exe Commutateurs utilisés :: c:\documents and settings\ALI\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . Une copie infectée de c:\windows\system32\lsass.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\system32\dllcache\lsass.exe Une copie infectée de c:\windows\system32\services.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\system32\dllcache\services.exe Une copie infectée de c:\windows\system32\svchost.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\system32\dllcache\svchost.exe Une copie infectée de c:\windows\system32\spoolsv.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\system32\dllcache\spoolsv.exe Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\system32\dllcache\Explorer.EXE . --------------- FCopy --------------- c:\fr-files\lsass.exe --> c:\windows\system32\dllcache\lsass.exe c:\fr-files\services.exe --> c:\windows\system32\dllcache\services.exe c:\fr-files\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe c:\fr-files\svchost.exe --> c:\windows\system32\dllcache\svchost.exe c:\fr-files\spoolsv.exe --> c:\windows\system32\dllcache\spoolsv.exe c:\fr-files\Explorer.EXE --> c:\windows\system32\dllcache\Explorer.EXE c:\fr-files\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys c:\fr-files\sfcfiles.dll --> c:\windows\system32\dllcache\sfcfiles.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-03 au 2009-10-03 )))))))))))))))))))))))))))))))))))) . 2009-10-03 05:46 . 2004-08-19 14:09 1548288 -c--a-w- c:\windows\system32\dllcache\sfcfiles.dll 2009-10-03 05:46 . 2004-08-03 21:14 359040 -c--a-w- c:\windows\system32\dllcache\tcpip.sys 2009-10-03 05:46 . 2004-08-19 14:10 57856 -c----w- c:\windows\system32\dllcache\spoolsv.exe 2009-10-03 05:46 . 2004-08-19 14:10 14336 -c----w- c:\windows\system32\dllcache\svchost.exe 2009-10-03 05:46 . 2004-08-19 14:09 1036288 -c----w- c:\windows\system32\dllcache\Explorer.EXE 2009-10-03 05:46 . 2004-08-19 14:10 506368 -c--a-w- c:\windows\system32\dllcache\winlogon.exe 2009-10-03 05:46 . 2004-08-19 14:10 108544 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-03 05:46 . 2004-08-19 14:09 13312 -c----w- c:\windows\system32\dllcache\lsass.exe 2009-10-02 14:48 . 2009-10-02 15:07 -------- d-----w- C:\FR-files 2009-10-02 14:41 . 2009-10-02 15:03 -------- d-----w- C:\WinFileReplace 2009-09-30 14:15 . 2009-09-30 14:28 -------- d-----w- C:\bibitte 2009-09-30 14:05 . 2009-09-30 14:02 13824 ----a-w- c:\windows\system32\wscntfy.exe 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-09-21 14:14 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys [-] 2004-08-19 17:10 . !HASH: COULD NOT OPEN FILE !!!!! . 510464 . . [------] . . c:\windows\system32\winlogon.exe [7] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe [-] 2009-09-30 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [7] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-03 06:01 . 2009-10-03 06:01 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat + 2009-10-03 05:26 . 2009-10-03 05:26 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat + 2009-10-03 06:00 . 2009-10-03 06:00 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat + 2008-05-03 14:42 . 2004-08-19 14:10 14336 c:\windows\system32\svchost.exe + 2008-05-03 14:42 . 2004-08-19 14:10 57856 c:\windows\system32\spoolsv.exe + 2008-05-03 14:40 . 2004-08-19 14:09 13312 c:\windows\system32\lsass.exe + 2008-05-03 14:41 . 2004-08-19 14:10 108544 c:\windows\system32\services.exe + 2009-04-13 15:54 . 2009-10-03 06:01 214880 c:\windows\system32\inetsrv\MetaBase.bin + 2008-05-03 14:39 . 2004-08-19 14:09 1036288 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-30 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-03 08:00 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(912) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(3716) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\snmp.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-10-03 8:09 - La machine a redémarré ComboFix-quarantined-files.txt 2009-10-03 06:09 ComboFix2.txt 2009-09-30 05:26 ComboFix3.txt 2009-09-30 04:55 ComboFix4.txt 2009-09-29 17:06 Avant-CF: 53 118 214 144 octets libres Après-CF: 53 114 363 904 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 274 --- E O F --- 2008-05-04 06:01 Rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:13:55, on 03/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\ALI\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7655 bytes
- le 3 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

salut le sioux, bon apparemment ça n' a pas marché je te laisse juger par toi-même : rapport Winfile replace : WinFileReplace - ver : 1.1.0 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 2 Fran‡ais --------------------------- Contrôle du fichier téléchargé : MD5 recherchée : 3d69b05e454ff7fce91670d4e3e9f473 sp2.000 MD5 : 3d69b05e454ff7fce91670d4e3e9f473 --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers "C:\WINDOWS\system32\lsass.exe" MD5 : Unable to open "C:\WINDOWS\system32\lsass.exe" MD5 : Unable to open et "C:\FR-files\lsass.exe" MD5 : 259af82a0932eea4f316f92db94707b6 "C:\FR-files\lsass.exe" MD5 : 259af82a0932eea4f316f92db94707b6 sont différents... ----------- Les fichiers "C:\WINDOWS\system32\services.exe" MD5 : Unable to open "C:\WINDOWS\system32\services.exe" MD5 : Unable to open et "C:\FR-files\services.exe" MD5 : 63dcde1a0d86eeb8924d6738ff616ead "C:\FR-files\services.exe" MD5 : 63dcde1a0d86eeb8924d6738ff616ead sont différents... ----------- Les fichiers "C:\WINDOWS\system32\winlogon.exe" MD5 : Unable to open "C:\WINDOWS\system32\winlogon.exe" MD5 : Unable to open et "C:\FR-files\winlogon.exe" MD5 : 123eea158f74d0f67a51dcdf065d1091 "C:\FR-files\winlogon.exe" MD5 : 123eea158f74d0f67a51dcdf065d1091 sont différents... ----------- Les fichiers "C:\WINDOWS\system32\svchost.exe" MD5 : Unable to open "C:\WINDOWS\system32\svchost.exe" MD5 : Unable to open et "C:\FR-files\svchost.exe" MD5 : 2979b03d5382a602623c0535b16ab9c0 "C:\FR-files\svchost.exe" MD5 : 2979b03d5382a602623c0535b16ab9c0 sont différents... ----------- Les fichiers "C:\WINDOWS\system32\spoolsv.exe" MD5 : abcde04f13cd6dd777684ec34815ed5f "C:\WINDOWS\system32\spoolsv.exe" MD5 : abcde04f13cd6dd777684ec34815ed5f et "C:\FR-files\spoolsv.exe" MD5 : df9fc62ad51cb082b0ae371919a232cb "C:\FR-files\spoolsv.exe" MD5 : df9fc62ad51cb082b0ae371919a232cb sont différents... ----------- Les fichiers "C:\WINDOWS\Explorer.EXE" MD5 : 321456be8df9da4acd2306a09549541f "C:\WINDOWS\Explorer.EXE" MD5 : 321456be8df9da4acd2306a09549541f et "C:\FR-files\Explorer.EXE" MD5 : 2a7bd330924252a2fd80344fc949bb72 "C:\FR-files\Explorer.EXE" MD5 : 2a7bd330924252a2fd80344fc949bb72 sont différents... ----------- Les fichiers "C:\WINDOWS\system32\drivers\tcpip.sys" MD5 : 8d8949936913b041c6a0e184fbf1030b "C:\WINDOWS\system32\drivers\tcpip.sys" MD5 : 8d8949936913b041c6a0e184fbf1030b et "C:\FR-files\tcpip.sys" MD5 : 9f4b36614a0fc234525ba224957de55c "C:\FR-files\tcpip.sys" MD5 : 9f4b36614a0fc234525ba224957de55c sont différents... ----------- Les fichiers "C:\WINDOWS\system32\sfcfiles.dll" MD5 : 0cef991c04073f5ec8bfd65b961705f1 "C:\WINDOWS\system32\sfcfiles.dll" MD5 : 0cef991c04073f5ec8bfd65b961705f1 et "C:\FR-files\sfcfiles.dll" MD5 : 6d8f3ac555e3f8a569aa9b2a817698c1 "C:\FR-files\sfcfiles.dll" MD5 : 6d8f3ac555e3f8a569aa9b2a817698c1 sont différents... ----------- Les fichiers "C:\WINDOWS\system32\ctfmon.exe" MD5 : 64e41e8fee655b03e3f19ded21ba5118 et "C:\FR-files\ctfmon.exe" MD5 : 64e41e8fee655b03e3f19ded21ba5118 sont identiques... ----------- ============ Comparaison des fichiers après remplacement ============ ----------- Les fichiers "C:\WINDOWS\system32\lsass.exe" MD5 = dcac82b62c56c277f3b050be9bf14e31 et "C:\FR-files\lsass.exe" MD5 = 259af82a0932eea4f316f92db94707b6 sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\services.exe" MD5 = a431a9194f2bbf4896d1ab0e7048fb3e et "C:\FR-files\services.exe" MD5 = 63dcde1a0d86eeb8924d6738ff616ead sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\winlogon.exe" MD5 = 9c15284a3b98aa421597492cf3fc636e et "C:\FR-files\winlogon.exe" MD5 = 123eea158f74d0f67a51dcdf065d1091 sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\svchost.exe" MD5 = 31b708976ccd24becb9ffc4d6c13c509 et "C:\FR-files\svchost.exe" MD5 = 2979b03d5382a602623c0535b16ab9c0 sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\spoolsv.exe" MD5 = abcde04f13cd6dd777684ec34815ed5f et "C:\FR-files\spoolsv.exe" MD5 = df9fc62ad51cb082b0ae371919a232cb sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\Explorer.EXE" MD5 = 321456be8df9da4acd2306a09549541f et "C:\FR-files\Explorer.EXE" MD5 = 2a7bd330924252a2fd80344fc949bb72 sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\drivers\tcpip.sys" MD5 = 8d8949936913b041c6a0e184fbf1030b et "C:\FR-files\tcpip.sys" MD5 = 9f4b36614a0fc234525ba224957de55c sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\sfcfiles.dll" MD5 = 0cef991c04073f5ec8bfd65b961705f1 et "C:\FR-files\sfcfiles.dll" MD5 = 6d8f3ac555e3f8a569aa9b2a817698c1 sont différents... Echec du remplacement ----------- Les fichiers "C:\WINDOWS\system32\ctfmon.exe" MD5 : 64e41e8fee655b03e3f19ded21ba5118 et "C:\FR-files\ctfmon.exe" MD5 : 64e41e8fee655b03e3f19ded21ba5118 sont identiques... "C:\WINDOWS\system32\ctfmon.backup" absent... Cela peut indiquer un problème pendant la proc‚dure ----------- ======= Fin du rapport ======= rapport Combofix : ComboFix 09-09-30.05 - ALI 02/10/2009 17:14.6.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.172 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\combofix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsass.exe . . . est infecté!! c:\windows\system32\services.exe . . . est infecté!! c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 )))))))))))))))))))))))))))))))))))) . 2009-10-02 14:48 . 2009-10-02 15:07 -------- d-----w- C:\FR-files 2009-10-02 14:41 . 2009-10-02 15:03 -------- d-----w- C:\WinFileReplace 2009-09-30 14:15 . 2009-09-30 14:28 -------- d-----w- C:\bibitte 2009-09-30 14:05 . 2009-09-30 14:02 13824 ----a-w- c:\windows\system32\wscntfy.exe 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-09-21 14:14 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2004-08-19 . DCAC82B62C56C277F3B050BE9BF14E31 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-19 . A431A9194F2BBF4896D1AB0E7048FB3E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe [-] 2006-12-13 . ABCDE04F13CD6DD777684EC34815ED5F . 58368 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2004-08-19 . 31B708976CCD24BECB9FFC4D6C13C509 . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-19 . 9C15284A3B98AA421597492CF3FC636E . 510464 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe [-] 2006-11-18 . 321456BE8DF9DA4ACD2306A09549541F . 1037312 . . [6.00.2900.2649] . . c:\windows\Explorer.EXE [-] 2009-09-30 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-02 15:04 . 2009-10-02 15:04 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat + 2009-04-13 15:54 . 2009-10-02 15:08 214880 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-30 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-02 17:26 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(3052) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2009-10-02 17:32 ComboFix-quarantined-files.txt 2009-10-02 15:32 ComboFix2.txt 2009-09-30 05:26 ComboFix3.txt 2009-09-30 04:55 ComboFix4.txt 2009-09-29 17:06 Avant-CF: 53 153 742 848 octets libres Après-CF: 53 169 946 624 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 227 --- E O F --- 2008-05-04 06:01
- le 2 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

salut, voici les rapports, apparemment les fichiers n 'ont pas été accepté par VIRUS TOTAL. à bientôt, et encore merci pour ton aide... rapport GMER : GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-10-01 18:18:05 Windows 5.1.2600 Service Pack 2 Running: gmer.exe; Driver: C:\DOCUME~1\ALI\LOCALS~1\Temp\pxtdrpog.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xF86410B0] SSDT sptd.sys ZwEnumerateKey [0xF864684E] SSDT sptd.sys ZwEnumerateValueKey [0xF8646BEE] SSDT sptd.sys ZwOpenKey [0xF8641090] SSDT sptd.sys ZwQueryKey [0xF8646CC6] SSDT sptd.sys ZwQueryValueKey [0xF8646B46] SSDT sptd.sys ZwSetValueKey [0xF8646D58] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. .text USBPORT.SYS!DllUnload F760162C 5 Bytes JMP 82D88960 ? System32\Drivers\acjycx5j.SYS Le chemin d'accès spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\winlogon.exe[808] C:\WINDOWS\system32\winlogon.exe section is executable [0x01076000, 0xC000, 0x60000060] .rsrc C:\WINDOWS\system32\winlogon.exe[808] C:\WINDOWS\system32\winlogon.exe entry point in ".rsrc" section [0x01081000] .rsrc C:\WINDOWS\system32\services.exe[884] C:\WINDOWS\system32\services.exe section is executable [0x0101B000, 0x2000, 0x60000060] .rsrc C:\WINDOWS\system32\services.exe[884] C:\WINDOWS\system32\services.exe entry point in ".rsrc" section [0x0101C000] .rsrc C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060] .rsrc C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000] .rsrc C:\WINDOWS\system32\svchost.exe[1196] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060] .rsrc C:\WINDOWS\system32\svchost.exe[1196] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000] .rsrc C:\WINDOWS\System32\svchost.exe[1296] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060] .rsrc C:\WINDOWS\System32\svchost.exe[1296] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x01006000] .rsrc C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060] .rsrc C:\WINDOWS\system32\svchost.exe[1340] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000] .rsrc C:\WINDOWS\system32\svchost.exe[1432] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060] .rsrc C:\WINDOWS\system32\svchost.exe[1432] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000] .reloc C:\WINDOWS\Explorer.EXE[1764] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x5000, 0x62000060] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!DialogBoxIndirectParamW 77D3204B 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!MessageBoxIndirectA 77D3A062 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!DialogBoxParamA 77D3B124 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!MessageBoxExW 77D50540 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!MessageBoxExA 77D50564 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!DialogBoxIndirectParamA 77D56CB5 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2204] USER32.dll!MessageBoxIndirectW 77D6609B 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8655480] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F865542C] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F866FAB8] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8655480] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8641ABA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8641C00] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8641B82] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F864272E] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8642604] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8654A9A] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WININET.dll [uSER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82F671D8 AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) Device \Driver\NetBT \Device\NetBT_Tcpip_{3F94A333-DBE7-47E6-98A6-4353B5580B32} 829E2878 Device \Driver\usbuhci \Device\USBPDO-0 82D7D1D8 Device \Driver\00000047 \Device\00000044 sptd.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 82FD71D8 Device \Driver\dmio \Device\DmControl\DmConfig 82FD71D8 Device \Driver\dmio \Device\DmControl\DmPnP 82FD71D8 Device \Driver\dmio \Device\DmControl\DmInfo 82FD71D8 Device \Driver\usbuhci \Device\USBPDO-1 82D7D1D8 Device \Driver\usbuhci \Device\USBPDO-2 82D7D1D8 Device \Driver\usbuhci \Device\USBPDO-3 82D7D1D8 Device \Driver\usbehci \Device\USBPDO-4 82D501D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 82F691D8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Ftdisk \Device\HarddiskVolume2 82F691D8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom0 82CA2980 Device \Driver\Cdrom \Device\CdRom1 82CA2980 Device \Driver\atapi \Device\Ide\IdePort0 82F681D8 Device \Driver\atapi \Device\Ide\IdePort1 82F681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82F681D8 Device \Driver\atapi \Device\Ide\IdePort2 82F681D8 Device \Driver\atapi \Device\Ide\IdePort3 82F681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82F681D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 82F681D8 Device \Driver\NetBT \Device\NetBt_Wins_Export 829E2878 Device \Driver\NetBT \Device\NetbiosSmb 829E2878 Device \Driver\usbuhci \Device\USBFDO-0 82D7D1D8 Device \Driver\usbuhci \Device\USBFDO-1 82D7D1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82C328B0 Device \Driver\usbuhci \Device\USBFDO-2 82D7D1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 82C328B0 Device \Driver\usbuhci \Device\USBFDO-3 82D7D1D8 Device \Driver\usbehci \Device\USBFDO-4 82D501D8 Device \Driver\Ftdisk \Device\FtControl 82F691D8 Device \Driver\acjycx5j \Device\Scsi\acjycx5j1Port4Path0Target0Lun0 82DB2478 Device \Driver\acjycx5j \Device\Scsi\acjycx5j1 82DB2478 Device \FileSystem\Cdfs \Cdfs 82C09460 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxckyxmbfamrqhemovhemqeltwbeeveohxr.sys Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxckyxmbfamrqhemovhemqeltwbeeveohxr.sys Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfskpmbpdxlllnrjftmgvxfuxptofjefv.dll Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0x29 0xB4 0x70 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0x2A 0x0F 0xA4 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0xB0 0xD1 0x4D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0x29 0xB4 0x70 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0x2A 0x0F 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0xCB 0xE1 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1947596920 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1554747531 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0x29 0xB4 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0x2A 0x0F 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0xB0 0xD1 0x4D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x85 0x29 0xB4 0x70 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0x2A 0x0F 0xA4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0xB0 0xD1 0x4D ... ---- EOF - GMER 1.0.15 ---- rapport VIRUS TOTAL : 0 bytes size received / Se ha recibido un archivo vacio 0 bytes size received / Se ha recibido un archivo vacio
- le 1 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

ello ! j' ai refait la manip, un petit détail, le combofix est toujours enregistré sous Bibitte.exe est-ce un probléme quand je fais travailler combofix ? Pas de souci particulier lors de sa mise en application. bien à toi.. rapport ComboFix 09-09-30.05 - ALI 01/10/2009 6:41.5.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.184 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\bibitte.exe Commutateurs utilisés :: c:\documents and settings\ALI\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsass.exe . . . est infecté!! c:\windows\system32\services.exe . . . est infecté!! c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-01 au 2009-10-01 )))))))))))))))))))))))))))))))))))) . 2009-09-30 14:15 . 2009-09-30 14:28 -------- d-----w- C:\bibitte 2009-09-30 14:05 . 2009-09-30 14:02 13824 ----a-w- c:\windows\system32\wscntfy.exe 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-09-21 14:14 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2004-08-19 17:09 . 2008-05-03 14:40 343040 --sha-w- c:\windows\system32\msvcrt.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2004-08-19 . DCAC82B62C56C277F3B050BE9BF14E31 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-19 . A431A9194F2BBF4896D1AB0E7048FB3E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe [-] 2006-12-13 . ABCDE04F13CD6DD777684EC34815ED5F . 58368 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2004-08-19 . 31B708976CCD24BECB9FFC4D6C13C509 . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-19 . 9C15284A3B98AA421597492CF3FC636E . 510464 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe [-] 2006-11-18 . 321456BE8DF9DA4ACD2306A09549541F . 1037312 . . [6.00.2900.2649] . . c:\windows\Explorer.EXE [-] 2009-09-30 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-01 04:00 . 2009-10-01 04:00 16384 c:\windows\Temp\Perflib_Perfdata_514.dat + 2009-04-13 15:54 . 2009-10-01 04:00 214881 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-30 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-01 06:53 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(1564) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Heure de fin: 2009-10-01 6:56 ComboFix-quarantined-files.txt 2009-10-01 04:56 ComboFix2.txt 2009-09-30 05:26 ComboFix3.txt 2009-09-30 04:55 ComboFix4.txt 2009-09-29 17:06 Avant-CF: 53 480 992 768 octets libres Après-CF: 53 480 697 856 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 227 --- E O F --- 2008-05-04 06:01 rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:58:14, on 01/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\ALI\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: wscsvc - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe -- End of file - 12761 bytes
- le 1 octobre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

re.. voilà c fait ! voici les rapports : @ suivre ... ComboFix 09-09-29.02 - ALI 30/09/2009 16:17.4.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.291 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\bibitte.exe Commutateurs utilisés :: c:\documents and settings\ALI\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ctfmon .exe c:\windows\system32\nerocheck .exe c:\windows\system32\lsass.exe . . . est infecté!! c:\windows\system32\services.exe . . . est infecté!! c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . --------------- SCopy --------------- \RP279\A0046707.exe --> c:\windows\system32\ctfmon .exe \RP279\A0046715.exe --> c:\windows\system32\nerocheck .exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 )))))))))))))))))))))))))))))))))))) . 2009-09-30 14:05 . 2009-09-30 14:02 13824 ----a-w- c:\windows\system32\wscntfy.exe 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-09-21 14:14 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2004-08-19 17:09 . 2008-05-03 14:40 343040 --sha-w- c:\windows\system32\msvcrt.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2004-08-19 . DCAC82B62C56C277F3B050BE9BF14E31 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-19 . A431A9194F2BBF4896D1AB0E7048FB3E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe [-] 2006-12-13 . ABCDE04F13CD6DD777684EC34815ED5F . 58368 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2004-08-19 . 31B708976CCD24BECB9FFC4D6C13C509 . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-19 . 9C15284A3B98AA421597492CF3FC636E . 510464 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe [-] 2006-11-18 . 321456BE8DF9DA4ACD2306A09549541F . 1037312 . . [6.00.2900.2649] . . c:\windows\Explorer.EXE [-] 2009-09-30 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 13:31 . 2009-09-30 13:31 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat + 2009-04-13 15:54 . 2009-09-30 13:31 214889 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-30 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 16:25 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Heure de fin: 2009-09-30 16:28 ComboFix-quarantined-files.txt 2009-09-30 14:28 ComboFix2.txt 2009-09-30 05:26 ComboFix3.txt 2009-09-30 04:55 ComboFix4.txt 2009-09-29 17:06 Avant-CF: 53 537 267 712 octets libres Après-CF: 53 516 222 464 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 229 --- E O F --- 2008-05-04 06:01 rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:10, on 30/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ALI\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: wscsvc - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe -- End of file - 13093 bytes
- le 30 septembre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

bonjour, j' ai collé la citation dans Combofix, [/u]mais pas de fenêtre bleue[/u] qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide .. J' ai tenté deux fois en vain. Les virus sont toujours présents, des messages NOD 32 apparaissent, il me propose la suppression à chaque fois et me dit que la suppression sera effective dès le prochain démarrage, mais rien... salutations .. voici les rapports : ComboFix 09-09-29.02 - ALI 30/09/2009 7:12.3.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.179 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\bibitte.exe Commutateurs utilisés :: c:\documents and settings\ALI\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsass.exe . . . est infecté!! c:\windows\system32\services.exe . . . est infecté!! c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 )))))))))))))))))))))))))))))))))))) . 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-09-21 14:14 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2004-08-19 17:09 . 2008-05-03 14:40 343040 --sha-w- c:\windows\system32\msvcrt.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) c:\windows\system32\ctfmon .exe [x] [7] 64E41E8FEE655B03E3F19DED21BA5118 15360 \RP279\A0046707.exe c:\windows\system32\nerocheck .exe [x] [-] 3E4C03CEFAD8DE135263236B61A49C90 155648 \RP279\A0046715.exe . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2004-08-19 . DCAC82B62C56C277F3B050BE9BF14E31 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-19 . A431A9194F2BBF4896D1AB0E7048FB3E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe [-] 2006-12-13 . ABCDE04F13CD6DD777684EC34815ED5F . 58368 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2004-08-19 . 31B708976CCD24BECB9FFC4D6C13C509 . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-19 . 9C15284A3B98AA421597492CF3FC636E . 510464 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe [-] 2006-11-18 . 321456BE8DF9DA4ACD2306A09549541F . 1037312 . . [6.00.2900.2649] . . c:\windows\Explorer.EXE [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\wscntfy.exe ... manque !! . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_16.58.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 05:04 . 2009-09-30 05:04 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat + 2009-04-13 15:54 . 2009-09-30 05:04 214881 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-29 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 07:23 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(896) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(776) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Heure de fin: 2009-09-30 7:26 ComboFix-quarantined-files.txt 2009-09-30 05:25 ComboFix2.txt 2009-09-30 04:55 ComboFix3.txt 2009-09-29 17:06 Avant-CF: 53 565 841 408 octets libres Après-CF: 53 537 345 536 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 230 --- E O F --- 2008-05-04 06:01 rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:27:09, on 30/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\ALI\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: wscsvc - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe -- End of file - 12794 bytes
- le 30 septembre 2009
- 46 réponses
probléme exoclick RESOLU

alou a répondu à un(e) sujet de alou dans Analyses et éradication malwares

hug ! bon, encore du mieux, je navigue normalement sans être redirigé intenpestivement ( exoclik mouru ??). J' ai bien suivi tes recommandations, mais j' ai encore des fichiers infectés et verrouillés voici ce que ça donne : à bientôt. rapport Combofix : ComboFix 09-09-28.01 - ALI 29/09/2009 18:46.1.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.163 [GMT 2:00] Lancé depuis: c:\documents and settings\ALI\Bureau\bibitte.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ALI\Application Data\Microsoft\Clip Organizer\mstore10.mgc c:\documents and settings\ALI\Application Data\Microsoft\Clip Organizer\Offic10.MGC c:\recycler\S-1-5-21-1644491937-113007714-725345543-500 c:\windows\Downloaded Program Files\bdcore.dll c:\windows\Downloaded Program Files\libfn.dll c:\windows\Installer\192bc9.msi c:\windows\system32\Cache c:\windows\system32\ctfmon .exe c:\windows\system32\images c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR' c:\windows\system32\images\1.ico c:\windows\system32\images\2.ico c:\windows\system32\images\3.ico c:\windows\system32\images\4.ico c:\windows\system32\images\5.ico c:\windows\system32\images\Flèche bas.ico c:\windows\system32\images\Flèche haut.ico c:\windows\system32\nerocheck .exe c:\windows\system32\test.ttt c:\windows\system32\lsass.exe . . . est infecté!! c:\windows\system32\services.exe . . . est infecté!! c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-29 )))))))))))))))))))))))))))))))))))) . 2009-09-25 07:38 . 2009-09-25 07:38 -------- d-----w- C:\rsit 2009-09-25 07:34 . 2009-09-25 07:34 -------- d-----w- C:\_OTM 2009-09-24 15:35 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\program files\Panda Security 2009-09-22 16:35 . 2009-09-22 16:35 -------- d-----w- c:\documents and settings\ALI\Tracing 2009-09-22 16:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-21 12:18 . 2009-09-21 12:18 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple 2009-09-16 17:11 . 2009-09-16 17:11 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-09-15 04:45 . 2009-09-15 04:44 502208 ----a-w- c:\windows\system32\drivers\amon.sys 2009-09-15 04:45 . 2009-09-15 04:44 270336 ----a-w- c:\windows\system32\imon.dll 2009-09-11 06:07 . 2009-09-21 14:14 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-11 06:06 . 2009-09-11 06:06 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-09 05:51 . 2009-09-09 05:51 -------- d-----w- c:\documents and settings\ALI\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-28 16:11 . 2008-02-22 17:28 -------- d-----w- c:\program files\Eset 2009-09-27 07:17 . 2008-02-17 07:20 -------- d-----w- c:\program files\CCleaner 2009-09-27 06:56 . 2009-08-25 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 16:34 . 2008-05-11 15:33 60240 ----a-w- c:\documents and settings\ALI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 12:54 . 2009-08-25 13:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-08-25 13:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 12:39 . 2008-12-21 18:00 -------- d-----w- c:\documents and settings\ALI\Application Data\Apple Computer 2009-09-01 16:24 . 2008-05-28 09:52 -------- d-----w- c:\documents and settings\ALI\Application Data\Canon 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iTunes 2009-08-25 14:31 . 2009-08-25 14:31 -------- d-----w- c:\program files\iPod 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 14:30 . 2009-08-25 14:30 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-25 11:25 . 2008-12-02 19:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 08:37 . 2009-08-25 08:37 0 ----a-w- c:\windows\nsreg.dat 2009-08-24 16:56 . 2009-08-24 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 05:21 . 2009-08-19 05:21 -------- d-----w- c:\program files\MSSOAP 2009-08-19 05:20 . 2009-08-19 05:20 -------- d-----w- c:\program files\Webroot 2009-07-09 10:16 . 2009-08-25 14:30 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-08-25 14:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2006-03-27 17:49 . 2008-04-30 07:32 3809280 ----a-w- c:\program files\Guitools.exe 2006-12-13 12:54 . 2008-05-03 14:38 617472 --sha-w- c:\windows\system32\comctl32.dll 2004-08-19 17:09 . 2008-05-03 14:40 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-09-06 20:59 . 2008-05-03 14:40 57344 --sha-w- c:\windows\system32\mfc42loc.dll 1995-09-20 14:16 . 2008-07-05 14:43 35088 --sha-w- c:\windows\system32\msjint32.dll 1995-09-20 14:13 . 2008-07-05 14:43 977680 --sha-w- c:\windows\system32\msjt3032.dll 1995-09-20 14:16 . 2008-07-05 14:43 23824 --sha-w- c:\windows\system32\msjter32.dll 2004-08-19 17:09 . 2008-05-03 14:40 413696 --sha-w- c:\windows\system32\msvcp60.dll 2004-08-19 17:09 . 2008-05-03 14:40 343040 --sha-w- c:\windows\system32\msvcrt.dll 2002-09-06 20:59 . 2008-05-03 14:40 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2004-08-19 17:09 . 2008-05-03 14:41 553472 --sha-w- c:\windows\system32\oleaut32.dll 2004-08-19 17:09 . 2008-05-03 14:41 83456 --sha-w- c:\windows\system32\olepro32.dll 2004-08-19 17:09 . 2008-05-03 14:43 30749 --sha-w- c:\windows\system32\vbajet32.dll 1995-09-24 09:02 . 2008-07-05 14:43 243472 --sha-w- c:\windows\system32\vbar2232.dll 1998-05-18 01:06 . 2008-07-05 14:43 368912 --sha-w- c:\windows\system32\vbar332.dll . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys [-] 2006-11-11 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2004-08-19 17:09 . !HASH: COULD NOT OPEN FILE !!!!! . 14848 . . [------] . . c:\windows\system32\lsass.exe [-] 2004-08-19 17:10 . !HASH: COULD NOT OPEN FILE !!!!! . 110592 . . [------] . . c:\windows\system32\services.exe [-] 2006-12-13 . ABCDE04F13CD6DD777684EC34815ED5F . 58368 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2004-08-19 17:10 . !HASH: COULD NOT OPEN FILE !!!!! . 17408 . . [------] . . c:\windows\system32\svchost.exe [-] 2004-08-19 17:10 . !HASH: COULD NOT OPEN FILE !!!!! . 510464 . . [------] . . c:\windows\system32\winlogon.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe [-] 2006-11-18 . 321456BE8DF9DA4ACD2306A09549541F . 1037312 . . [6.00.2900.2649] . . c:\windows\Explorer.EXE [-] 2006-12-13 . 0CEF991C04073F5EC8BFD65B961705F1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\wscntfy.exe ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-02-04 437675] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-02-04 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\ALI\Menu D‚marrer\Programmes\D‚marrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-4-30 112128] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-4-30 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GT2002\\gpstrack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19793:TCP"= 19793:TCP:BitComet 19793 TCP "19793:UDP"= 19793:UDP:BitComet 19793 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/09/2009 17:35 28544] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/04/2008 10:12 6400] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/03/2009 12:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/03/2009 12:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/03/2009 12:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/03/2009 12:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/03/2009 12:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/03/2009 12:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/03/2009 12:14 115752] . Contenu du dossier 'Tâches planifiées' 2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-27 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: imon.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-NWEReboot - (no file) HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll AddRemove-eMule - c:\program files\eMule\Uninstall.exe AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 18:57 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c0,d7,08,f9,31,8e,b0,1c,9a,2e,00,5c,4c,75,7e,de,43,a2,85,b5,f3,b9,51, f0,6f,a7,97,36,c9,e4,1f,81,fe,af,18,db,6d,92,73,80,eb,f6,70,64,14,33,75,52,\ "??"=hex:9c,d9,e4,f4,dd,c3,5d,1d,ea,4c,fa,e2,06,f7,3d,8c [HKEY_USERS\S-1-5-21-57989841-1767777339-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,9b,67,be,f7,4d,c0,6b,40,27,b8,b2,cf,b5,5e,04,c4,ad,d2,a8,bf, e5,5c,47,a8,1c,d9,62,87,f1,23,08,66,e6,50,e5,3e,13,01,80,22,12,4a,0c,b0,43,\ "rkeysecu"=hex:c8,9d,f3,27,d6,13,ee,5b,0c,3f,42,18,e6,bb,ee,f4 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(896) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(2200) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\snmp.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-09-29 19:06 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-29 17:06 Avant-CF: 53 692 624 896 octets libres Après-CF: 53 596 880 896 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /bootlogo Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 268 --- E O F --- 2008-05-04 06:01 rapport RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by ALI at 2009-09-29 19:16:00 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 51 GB (67%) free of 76 GB Total RAM: 510 MB (32% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:16:02, on 29/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\IcoSauve.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\ALI\Bureau\RSIT.exe C:\Documents and Settings\ALI\Bureau\ALI.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Accès à distance au Registre (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Téléphonie (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: wscsvc - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe -- End of file - 12954 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\HPpromotions journeysoftware.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "Cloneur Expert Monitor"=C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe [2009-02-04 437675] "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2009-02-04 61440] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-09-15 917504] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312] C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Documents and Settings\ALI\Menu Démarrer\Programmes\Démarrage IcoSauve.lnk - C:\WINDOWS\system32\IcoSauve.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SynchronousMachineGroupPolicy"=0 "SynchronousUserGroupPolicy"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoStrCmpLogical"=0 "LockTaskbar"=0 "NoResolveTrack"=0 "NoResolveSearch"=0 "NoSMMyPictures"=0 "NoStartMenuMFUprogramsList"=0 "NoUserNameInStartMenu"=0 "MaxRecentDocs"=15 "NoInstrumentation"=0 "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=0 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSimpleStartMenu"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\GT2002\gpstrack.exe"="C:\Program Files\GT2002\gpstrack.exe:*:Enabled:Gpstrack" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 3 months====== 2009-09-29 19:09:25 ----SHD---- C:\RECYCLER 2009-09-29 19:06:24 ----A---- C:\ComboFix.txt 2009-09-29 18:43:45 ----A---- C:\Boot.bak 2009-09-29 18:43:36 ----RASHD---- C:\cmdcons 2009-09-29 18:41:43 ----A---- C:\WINDOWS\zip.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\SWSC.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\SWREG.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\sed.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\PEV.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-29 18:41:43 ----A---- C:\WINDOWS\grep.exe 2009-09-29 18:41:37 ----D---- C:\WINDOWS\ERDNT 2009-09-29 18:41:11 ----D---- C:\Qoobox 2009-09-27 09:19:02 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-25 09:38:41 ----D---- C:\rsit 2009-09-25 09:34:23 ----D---- C:\_OTM 2009-09-24 17:35:12 ----D---- C:\Program Files\Panda Security 2009-09-22 18:33:36 ----D---- C:\WINDOWS\system32\DirectX 2009-09-22 18:33:36 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-09-22 18:33:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$ 2009-09-16 19:11:15 ----D---- C:\Program Files\Fichiers communs\Windows Live 2009-09-15 06:45:02 ----A---- C:\WINDOWS\system32\imon.dll 2009-09-11 08:07:09 ----D---- C:\Program Files\IKEA HomePlanner 2009-09-11 08:06:36 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-08-25 16:31:23 ----D---- C:\Program Files\iPod 2009-08-25 16:31:20 ----D---- C:\Program Files\iTunes 2009-08-25 16:30:55 ----D---- C:\Program Files\Apple Software Update 2009-08-25 16:30:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2009-08-25 16:30:22 ----D---- C:\Program Files\Fichiers communs\Apple 2009-08-25 13:33:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-25 13:30:34 ----SHD---- C:\WINDOWS\CSC 2009-08-25 11:47:41 ----A---- C:\Documents and Settings\ALI\Application Data\install.txt 2009-08-25 09:01:44 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-25 08:34:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-24 18:56:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla! 2009-08-19 07:21:41 ----D---- C:\Program Files\MSSOAP 2009-08-19 07:20:29 ----D---- C:\Program Files\Webroot ======List of files/folders modified in the last 3 months====== 2009-09-29 19:09:38 ----D---- C:\WINDOWS\Prefetch 2009-09-29 19:06:29 ----D---- C:\WINDOWS\system32\drivers 2009-09-29 19:06:29 ----D---- C:\WINDOWS\system32 2009-09-29 19:06:27 ----D---- C:\WINDOWS\Temp 2009-09-29 19:02:33 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-29 18:58:14 ----D---- C:\WINDOWS 2009-09-29 18:58:14 ----A---- C:\WINDOWS\system.ini 2009-09-29 18:56:23 ----D---- C:\WINDOWS\system32\config 2009-09-29 18:55:08 ----SHD---- C:\WINDOWS\Installer 2009-09-29 18:55:08 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-29 18:50:38 ----D---- C:\WINDOWS\AppPatch 2009-09-29 18:50:20 ----D---- C:\Program Files\Fichiers communs 2009-09-29 18:43:45 ----RASH---- C:\boot.ini 2009-09-29 18:32:56 ----A---- C:\WINDOWS\winamp.ini 2009-09-29 17:49:14 ----D---- C:\WINDOWS\system32\NtmsData 2009-09-28 18:11:34 ----D---- C:\Program Files\Eset 2009-09-27 09:27:08 ----D---- C:\WINDOWS\Debug 2009-09-27 09:26:36 ----D---- C:\WINDOWS\ehome 2009-09-27 09:17:20 ----D---- C:\Program Files\CCleaner 2009-09-26 12:01:33 ----RD---- C:\Program Files 2009-09-24 17:35:12 ----HD---- C:\WINDOWS\inf 2009-09-22 20:39:22 ----D---- C:\WINDOWS\Minidump 2009-09-22 20:34:36 ----D---- C:\Config.Msi 2009-09-22 18:50:57 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2009-09-22 18:50:57 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-09-22 18:48:32 ----RSD---- C:\WINDOWS\assembly 2009-09-22 18:46:51 ----D---- C:\WINDOWS\WinSxS 2009-09-22 18:30:40 ----RSD---- C:\WINDOWS\Fonts 2009-09-04 14:39:22 ----D---- C:\Documents and Settings\ALI\Application Data\Apple Computer 2009-09-01 18:26:01 ----A---- C:\WINDOWS\CSTBox.INI 2009-09-01 18:24:04 ----D---- C:\Documents and Settings\ALI\Application Data\Canon 2009-08-27 20:13:50 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt 2009-08-25 16:31:00 ----SD---- C:\WINDOWS\Tasks 2009-08-25 16:30:45 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-25 14:03:42 ----D---- C:\WINDOWS\security 2009-08-25 13:25:52 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2009-08-25 13:23:42 ----D---- C:\Program Files\Mozilla Firefox 2009-08-25 09:02:46 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-25 08:00:12 ----D---- C:\WINDOWS\Registration 2009-08-19 18:02:13 ----D---- C:\Documents and Settings 2009-08-19 07:22:43 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-12-13 40320] R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-06 12032] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868] R2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\WINDOWS\system32\DRIVERS\rob_a.sys [2003-02-10 17664] R2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\WINDOWS\system32\drivers\rob_v.sys [2003-04-11 125568] R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-02-04 28768] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-12-13 60800] R3 catchme;catchme; \??\C:\bibitte\catchme.sys [] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-12-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-17 14604] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-12-13 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-12-13 57600] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-12-13 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 ahum2u14;ahum2u14; C:\WINDOWS\system32\drivers\ahum2u14.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-08-01 8320] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-12-13 10880] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-12-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-12-13 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-13 26496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2009-02-04 151552] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-09-15 495616] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872] R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2004-08-19 32768] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056] R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-19 8704] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF-----------------
- le 29 septembre 2009
- 46 réponses

Connexion

alou

Compteur de contenus

Inscription

Dernière visite

Autres informations

alou's Achievements

Member (4/12)

Réputation sur la communauté

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

probléme exoclick RESOLU

Zebulon

Outils en ligne

Naviguer