Aller au contenu

nathanglass

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par nathanglass

  1. nathanglass
    ComboFix 09-12-31.A1 - negociateur 01/01/2010 23:52:55.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.894.320 [GMT 1:00] Lancé depuis: c:\documents and settings\negociateur\Mes documents\Téléchargements\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-01 au 2010-01-01 )))))))))))))))))))))))))))))))))))) . 2010-01-01 13:08 . 2010-01-01 13:08 -------- dc----w- c:\program files\MSBuild 2010-01-01 13:07 . 2010-01-01 13:07 -------- dc----w- c:\program files\Reference Assemblies 2010-01-01 13:06 . 2010-01-01 13:07 -------- dc----w- C:\3ce5a9798edba7c4588afd7ed8 2009-12-31 15:26 . 2009-12-31 15:26 -------- dc----w- c:\program files\MSXML 4.0 2009-12-30 20:50 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-30 20:50 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-30 20:50 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-30 20:50 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-30 20:50 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-30 20:50 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-30 20:50 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-30 20:50 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-30 20:45 . 2009-08-25 09:18 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll 2009-12-30 20:44 . 2009-08-13 15:20 512000 -c----w- c:\windows\system32\dllcache\jscript.dll 2009-12-30 00:52 . 2009-12-30 19:35 -------- dc----w- c:\program files\SpywareGuard 2009-12-29 23:27 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-29 23:26 . 2009-12-30 00:39 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 23:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-24 12:30 . 2009-12-24 12:30 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData 2009-12-22 13:49 . 2007-07-11 14:51 19840 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys 2009-12-22 13:49 . 2007-07-11 09:45 21632 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys 2009-12-22 13:49 . 2007-07-11 09:40 12416 ----a-w- c:\windows\system32\drivers\lgusbbus.sys 2009-12-12 23:18 . 2009-12-12 23:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-01 22:49 . 2007-05-02 11:22 -------- dc----w- c:\program files\Symantec AntiVirus 2010-01-01 22:44 . 2009-11-23 12:31 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 3 2010-01-01 13:09 . 2009-06-12 17:20 164896 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-01 13:03 . 2006-08-11 16:51 86712 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-01 13:03 . 2006-08-11 16:51 515286 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-31 02:11 . 2009-09-18 15:00 -------- dc----w- c:\documents and settings\negociateur\Application Data\vlc 2009-12-30 23:06 . 2008-06-09 21:39 -------- d-----w- c:\documents and settings\negociateur\Application Data\dvdcss 2009-12-30 18:46 . 2004-08-03 22:59 96512 -c----w- c:\windows\system32\drivers\atapi.sys 2009-12-30 18:40 . 2009-06-23 15:39 -------- dc----w- c:\documents and settings\negociateur\Application Data\HPAppData 2009-12-28 10:58 . 2009-12-02 14:15 -------- dc----w- c:\program files\BackgammonMasters 2009-12-25 16:30 . 2008-05-01 13:22 -------- d-----w- c:\documents and settings\negociateur\Application Data\Skype 2009-12-25 15:06 . 2008-05-01 13:28 -------- d-----w- c:\documents and settings\negociateur\Application Data\skypePM 2009-12-22 13:49 . 2006-08-11 08:21 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-12-02 14:17 . 2009-12-02 14:15 32854 ----a-w- c:\windows\iniLS.dat 2009-12-02 14:16 . 2009-12-02 14:16 14368 ----a-w- c:\windows\skype.dat 2009-11-30 16:16 . 2007-05-02 13:07 -------- dc----w- c:\program files\Fichiers communs\Adobe 2009-11-29 22:12 . 2008-08-18 10:43 -------- dc----w- c:\program files\IncrediMail 2009-11-27 11:08 . 2009-04-11 18:30 -------- dc----w- c:\documents and settings\negociateur\Application Data\uTorrent 2009-11-27 11:01 . 2007-05-02 13:05 -------- dc----w- c:\program files\Google 2009-11-13 09:51 . 2009-11-12 17:03 7 ----a-w- c:\windows\sbacknt.bin 2009-11-12 17:09 . 2009-11-12 17:01 152904 ----a-w- c:\windows\system32\vghd.scr 2009-10-31 16:12 . 2009-10-31 16:12 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-10-29 05:25 . 2006-08-11 16:50 671232 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2006-08-11 16:50 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2006-08-11 16:50 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2006-08-11 16:50 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2006-08-11 16:50 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2006-08-11 16:50 150528 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 -c--a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\negociateur\Menu D‚marrer\Programmes\D‚marrage\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2006-06-29 20:32 89541 -c--a-w- c:\windows\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 01:43 69632 -c--a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2006-03-24 15:14 53408 -c--a-w- c:\program files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 -csh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-04-05 00:44 16120832 -c--a-w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-12-07 21:44 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [11/08/2006 09:20 4300] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [01/08/2006 08:57 118928] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 19:03 102448] R3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [11/08/2006 09:28 470112] S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [23/08/2007 09:56 17152] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [23/08/2007 09:56 122240] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [23/08/2007 09:56 36992] S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [09/06/2009 14:48 61504] S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [09/06/2009 14:48 9328] S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [09/06/2009 14:48 97056] S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [09/06/2009 14:49 88560] S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [09/06/2009 14:49 86368] S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [02/07/2008 15:31 34136] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [02/05/2007 11:54 19840] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://google.fr/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\negociateur\Application Data\Mozilla\Firefox\Profiles\ahjkcvaz.default\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox 3.6 Beta 3\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-02 00:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}] @Denied: (Full) (Everyone) @="Printers" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}] @Denied: (Full) (Everyone) @="Tâches planifiées" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(432) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-01-02 00:07:26 ComboFix-quarantined-files.txt 2010-01-01 23:07 ComboFix2.txt 2009-12-30 19:46 Avant-CF: 56 157 241 344 octets libres Après-CF: 56 166 105 088 octets libres - - End Of File - - B86216D053BBDED607DFAA25F94DC9D0
  2. nathanglass
    Désolé, mon rapport est maintenant complet. Merci.... ComboFix 09-12-29.06 - negociateur 30/12/2009 20:25:07.1.2 - x86 Lancé depuis: c:\documents and settings\negociateur\Mes documents\Téléchargements\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1718973198-674694900-3878911448-500 c:\recycler\S-1-5-21-1993962763-963894560-682003330-500 c:\windows\system32\AutoRun.inf Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty ate it . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-30 )))))))))))))))))))))))))))))))))))) . 2009-12-30 00:52 . 2009-12-30 19:35 -------- dc----w- c:\program files\SpywareGuard 2009-12-29 23:27 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-29 23:26 . 2009-12-30 00:39 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 23:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-24 12:30 . 2009-12-24 12:30 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData 2009-12-22 13:49 . 2007-07-11 14:51 19840 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys 2009-12-22 13:49 . 2007-07-11 09:45 21632 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys 2009-12-22 13:49 . 2007-07-11 09:40 12416 ----a-w- c:\windows\system32\drivers\lgusbbus.sys 2009-12-22 13:49 . 2009-12-22 13:49 -------- dc----w- c:\program files\LG Electronics 2009-12-22 13:47 . 2009-12-22 13:48 -------- dc----w- c:\program files\LG PC Suite 2 2009-12-22 13:47 . 2009-12-22 13:47 -------- dc----w- c:\documents and settings\negociateur\Application Data\InstallShield 2009-12-12 23:18 . 2009-12-12 23:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2009-12-02 14:16 . 2009-12-02 14:16 14368 ----a-w- c:\windows\skype.dat 2009-12-02 14:15 . 2009-12-02 14:17 32854 ----a-w- c:\windows\iniLS.dat 2009-12-02 14:15 . 2009-12-28 10:58 -------- dc----w- c:\program files\BackgammonMasters . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 19:31 . 2007-05-02 11:22 -------- dc----w- c:\program files\Symantec AntiVirus 2009-12-30 18:46 . 2004-08-03 22:59 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys 2009-12-30 18:40 . 2009-06-23 15:39 -------- dc----w- c:\documents and settings\negociateur\Application Data\HPAppData 2009-12-30 18:36 . 2009-11-23 12:31 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 3 2009-12-29 00:02 . 2009-09-18 15:00 -------- dc----w- c:\documents and settings\negociateur\Application Data\vlc 2009-12-27 00:31 . 2008-06-09 21:39 -------- d-----w- c:\documents and settings\negociateur\Application Data\dvdcss 2009-12-25 16:30 . 2008-05-01 13:22 -------- d-----w- c:\documents and settings\negociateur\Application Data\Skype 2009-12-25 15:06 . 2008-05-01 13:28 -------- d-----w- c:\documents and settings\negociateur\Application Data\skypePM 2009-12-22 13:49 . 2006-08-11 08:21 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-11-30 16:16 . 2007-05-02 13:07 -------- dc----w- c:\program files\Fichiers communs\Adobe 2009-11-29 22:12 . 2008-08-18 10:43 -------- dc----w- c:\program files\IncrediMail 2009-11-27 11:08 . 2009-04-11 18:30 -------- dc----w- c:\documents and settings\negociateur\Application Data\uTorrent 2009-11-27 11:01 . 2007-05-02 13:05 -------- dc----w- c:\program files\Google 2009-11-23 13:16 . 2006-08-11 16:51 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-23 13:16 . 2006-08-11 16:51 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-13 09:51 . 2009-11-12 17:03 7 ----a-w- c:\windows\sbacknt.bin 2009-11-12 17:09 . 2009-11-12 17:01 152904 ----a-w- c:\windows\system32\vghd.scr 2009-10-31 16:12 . 2009-10-31 16:12 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 -c--a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\negociateur\Menu D‚marrer\Programmes\D‚marrage\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2006-06-29 20:32 89541 -c--a-w- c:\windows\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 01:43 69632 -c--a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2006-03-24 15:14 53408 -c--a-w- c:\program files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 -csh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-04-05 00:44 16120832 -c--a-w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-12-07 21:44 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [11/08/2006 09:20 4300] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [01/08/2006 08:57 118928] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 19:03 102448] R3 SSB2413;SSB2413 Wireless Network Adapter Service;c:\windows\system32\drivers\SSB2413.sys [11/08/2006 09:28 470112] S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [23/08/2007 09:56 17152] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [23/08/2007 09:56 122240] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [23/08/2007 09:56 36992] S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [09/06/2009 14:48 61504] S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [09/06/2009 14:48 9328] S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [09/06/2009 14:48 97056] S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [09/06/2009 14:49 88560] S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [09/06/2009 14:49 86368] S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [02/07/2008 15:31 34136] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [02/05/2007 11:54 19840] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://google.fr/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\negociateur\Application Data\Mozilla\Firefox\Profiles\ahjkcvaz.default\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox 3.6 Beta 3\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= . - - - - ORPHELINS SUPPRIMES - - - - HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe MSConfigStartUp-Copernic Desktop Search 2 - c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe MSConfigStartUp-DisplayManager - c:\program files\Samsung\DisplayManager\DisplayManager.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe MSConfigStartUp-RestoreIT! - c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-30 20:34 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}] @Denied: (Full) (Everyone) @="Printers" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}] @Denied: (Full) (Everyone) @="Tâches planifiées" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3488) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\SpywareGuard\sgbhp.exe . ************************************************************************** . Heure de fin: 2009-12-30 20:46:25 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-30 19:46 Avant-CF: 57 393 307 648 octets libres Après-CF: 57 833 205 760 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 8D753741887AED0AB7DE5438AA2E5737
  3. nathanglass
    Bonjour à tous, Je suis le conseil de ComboFIX et vous adresse le rapport de l'analyse de mon ordinateur. Merci de m'aider à résoudre ce problème. Et merci encore ComboFix 09-12-29.06 - negociateur 30/12/2009 20:25:07.1.2 - x86 Lancé depuis: c:\documents and settings\negociateur\Mes documents\Téléchargements\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1718973198-674694900-3878911448-500 c:\recycler\S-1-5-21-1993962763-963894560-682003330-500 c:\windows\system32\AutoRun.inf Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty ate it . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-30 )))))))))))))))))))))))))))))))))))) . 2009-12-30 00:52 . 2009-12-30 19:35 -------- dc----w- c:\program files\SpywareGuard 2009-12-29 23:27 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-29 23:26 . 2009-12-30 00:39 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 23:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-24 12:30 . 2009-12-24 12:30 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData 2009-12-22 13:49 . 2007-07-11 14:51 19840 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys 2009-12-22 13:49 . 2007-07-11 09:45 21632 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys 2009-12-22 13:49 . 2007-07-11 09:40 12416 ----a-w- c:\windows\system32\drivers\lgusbbus.sys 2009-12-22 13:49 . 2009-12-22 13:49 -------- dc----w- c:\program files\LG Electronics 2009-12-22 13:47 . 2009-12-22 13:48 -------- dc----w- c:\program files\LG PC Suite 2 2009-12-22 13:47 . 2009-12-22 13:47 -------- dc----w- c:\documents and settings\negociateur\Application Data\InstallShield 2009-12-12 23:18 . 2009-12-12 23:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2009-12-02 14:16 . 2009-12-02 14:16 14368 ----a-w- c:\windows\skype.dat 2009-12-02 14:15 . 2009-12-02 14:17 32854 ----a-w- c:\windows\iniLS.dat 2009-12-02 14:15 . 2009-12-28 10:58 -------- dc----w- c:\program files\BackgammonMasters . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 19:31 . 2007-05-02 11:22 -------- dc----w- c:\program files\Symantec AntiVirus 2009-12-30 18:46 . 2004-08-03 22:59 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys 2009-12-30 18:40 . 2009-06-23 15:39 -------- dc----w- c:\documents and settings\negociateur\Application Data\HPAppData 2009-12-30 18:36 . 2009-11-23 12:31 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 3 2009-12-29 00:02 . 2009-09-18 15:00 -------- dc----w- c:\documents and settings\negociateur\Application Data\vlc 2009-12-27 00:31 . 2008-06-09 21:39 -------- d-----w- c:\documents and settings\negociateur\Application Data\dvdcss 2009-12-25 16:30 . 2008-05-01 13:22 -------- d-----w- c:\documents and settings\negociateur\Application Data\Skype 2009-12-25 15:06 . 2008-05-01 13:28 -------- d-----w- c:\documents and settings\negociateur\Application Data\skypePM 2009-12-22 13:49 . 2006-08-11 08:21 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-11-30 16:16 . 2007-05-02 13:07 -------- dc----w- c:\program files\Fichiers communs\Adobe 2009-11-29 22:12 . 2008-08-18 10:43 -------- dc----w- c:\program files\IncrediMail 2009-11-27 11:08 . 2009-04-11 18:30 -------- dc----w- c:\documents and settings\negociateur\Application Data\uTorrent 2009-11-27 11:01 . 2007-05-02 13:05 -------- dc----w- c:\program files\Google 2009-11-23 13:16 . 2006-08-11 16:51 85232 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-23 13:16 . 2006-08-11 16:51 509454 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-13 09:51 . 2009-11-12 17:03 7 ----a-w- c:\windows\sbacknt.bin 2009-11-12 17:09 . 2009-11-12 17:01 152904 ----a-w- c:\windows\system32\vghd.scr 2009-10-31 16:12 . 2009-10-31 16:12 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
×
×
  • Créer...