Aller au contenu

Manu87

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Manu87

  1. Manu87
    Bonsoir, j'ai moi aussi attrapé le Security Tool il y a une semaine. Je croyais l'avoir éliminé avec Malwarebytes' Anti-Malware mais il revient sans cesse. J'ai établit un rapport avec COMBOFIX. Je me permets de le poster, en espérant que quelqu'un puisse m'aider ! Merci d'avance ! ComboFix 09-11-11.02 - utilisateur 12/11/2009 18:22.4.1 - NTFSx86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.813 [GMT 1:00] Lancé depuis: c:\documents and settings\utilisateur\Mes documents\Téléchargements\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\utilisateur\Application Data\wiaserva.log c:\documents and settings\utilisateur\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\utilisateur\photo_id.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-12 au 2009-11-12 )))))))))))))))))))))))))))))))))))) . 2009-11-12 13:02 . 2009-11-12 13:02 -------- d-----w- c:\windows\LastGood 2009-11-12 13:00 . 2009-11-12 13:00 60003 ----a-w- c:\windows\system32\photo_id.exe 2009-11-08 21:04 . 2009-11-08 21:14 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\WMTools Downloaded Files 2009-11-08 11:46 . 2009-11-08 11:46 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Malwarebytes 2009-11-08 11:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-08 11:46 . 2009-11-09 18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-08 11:46 . 2009-11-08 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-08 11:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-06 20:16 . 2009-11-08 16:53 -------- d-----w- c:\program files\Enigma Software Group 2009-11-06 19:05 . 2009-11-08 16:47 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\ieodbc3D 2009-11-05 17:35 . 2009-11-05 17:35 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\ScreeNet iSaver 2009-11-05 17:35 . 2009-11-05 17:36 -------- d-----w- c:\documents and settings\utilisateur\Application Data\ScreeNet iSaver 2009-10-29 17:03 . 2009-10-29 17:18 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Winamp 2009-10-29 17:03 . 2009-10-29 17:04 -------- d-----w- c:\program files\Winamp 2009-10-28 18:19 . 2009-10-28 18:19 -------- d-----w- c:\documents and settings\utilisateur\Application Data\dvdcss 2009-10-20 19:43 . 2009-10-20 19:43 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\TVU Networks 2009-10-20 19:43 . 2009-10-20 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks 2009-10-20 19:42 . 2009-10-20 19:42 -------- d-----w- c:\documents and settings\utilisateur\LocalLow 2009-10-20 19:42 . 2009-10-20 19:43 -------- d-----w- c:\program files\TVUPlayer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-12 13:50 . 2009-08-09 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-09 19:33 . 2005-07-13 11:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-08 16:54 . 2005-07-13 02:50 534558 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-08 16:54 . 2005-07-13 02:50 96850 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-28 19:30 . 2009-09-21 21:14 -------- d-----w- c:\documents and settings\utilisateur\Application Data\vlc 2009-09-21 21:27 . 2009-09-08 16:51 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Azureus 2009-09-21 20:53 . 2009-09-21 20:53 -------- d-----w- c:\program files\VideoLAN 2009-09-17 09:54 . 2009-09-17 09:54 2491192 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\xr76f5um.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-09-13 19:16 . 2009-08-10 17:23 -------- d-----w- c:\documents and settings\utilisateur\Application Data\U3 2009-09-11 14:18 . 2005-07-13 02:50 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2005-07-13 02:50 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-02 13:33 . 2009-09-02 13:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-02 13:33 . 2009-09-02 13:33 152576 ----a-w- c:\documents and settings\utilisateur\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-08-29 07:56 . 2005-07-13 02:50 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2005-07-13 02:50 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 16:35 . 2009-08-09 21:20 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL . ((((((((((((((((((((((((((((( SnapShot@2009-11-08_16.48.35 ))))))))))))))))))))))))))))))))))))))))) . + 2005-07-13 02:50 . 2009-11-08 16:54 79728 c:\windows\system32\perfc009.dat - 2009-08-09 19:37 . 2009-10-14 20:09 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2009-08-09 19:37 . 2009-11-12 13:50 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2009-08-09 19:37 . 2009-11-12 13:50 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2009-08-09 19:37 . 2009-10-14 20:09 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2009-08-09 19:37 . 2009-10-14 20:09 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2009-08-09 19:37 . 2009-11-12 13:50 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2005-07-13 02:50 . 2009-11-08 16:54 461752 c:\windows\system32\perfh009.dat - 2005-07-13 11:56 . 2009-08-11 11:00 299640 c:\windows\system32\FNTCACHE.DAT + 2005-07-13 11:56 . 2009-11-12 17:17 299640 c:\windows\system32\FNTCACHE.DAT + 2009-08-09 19:37 . 2009-11-12 13:50 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2009-08-09 19:37 . 2009-10-14 20:09 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2009-08-09 19:37 . 2009-10-14 20:09 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2009-08-09 19:37 . 2009-11-12 13:50 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2009-08-09 19:37 . 2009-11-12 13:50 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2009-08-09 19:37 . 2009-10-14 20:09 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2009-08-09 19:37 . 2009-10-14 20:09 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2009-08-09 19:37 . 2009-11-12 13:50 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2009-08-09 19:37 . 2009-11-12 13:50 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2009-08-09 19:37 . 2009-10-14 20:09 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2009-08-09 19:37 . 2009-10-14 20:09 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2009-08-09 19:37 . 2009-11-12 13:50 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2005-07-13 02:50 . 2009-08-14 15:13 1850752 c:\windows\system32\win32k.sys + 2009-04-19 19:50 . 2009-08-14 15:13 1850752 c:\windows\system32\dllcache\win32k.sys + 2009-10-16 06:03 . 2009-10-16 06:03 5003776 c:\windows\Installer\2cebb0.msp + 2009-08-18 11:58 . 2009-08-18 11:58 8301056 c:\windows\Installer\2ceb9b.msp + 2009-08-18 11:57 . 2009-08-18 11:57 9122304 c:\windows\Installer\2ceb86.msp - 2009-08-09 19:37 . 2009-10-14 20:09 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2009-08-09 19:37 . 2009-11-12 13:50 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2009-08-09 19:37 . 2009-10-14 20:09 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2009-08-09 19:37 . 2009-11-12 13:50 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2009-08-09 20:12 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328] "VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "photo_id"="c:\windows\system32\photo_id.exe" [2009-11-12 60003] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\ iidwin32.exe [2008-4-14 17408] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-8-14 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-09-23 13:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"= S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 03:47 98304] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/08/2009 22:20 108289] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 02:40 118784] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . uStart Page = uInternet Settings,ProxyOverride = local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\xr76f5um.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q= FF - plugin: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\xr76f5um.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-photo_id - c:\documents and settings\utilisateur\photo_id.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-12 18:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spie.sys >>UNKNOWN [0x8678D938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF769DB40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF769DB40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF769DB40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF769DB40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF769DB40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF769DB40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(1352) c:\windows\system32\eappprxy.dll . Heure de fin: 2009-11-12 18:31 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-12 17:31 ComboFix2.txt 2009-11-09 18:53 Avant-CF: 19 644 002 304 octets libres Après-CF: 19 661 352 960 octets libres - - End Of File - - 6DF9EFBC0125BA26F908AC23D88979C3
×
×
  • Créer...