Aller au contenu

sygnud

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    23

  • Inscription

  • Dernière visite

sygnud's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. sygnud
    Voilou [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\TB.txt: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\Rsit: trouvé ! C:\Program Files\Trend Micro\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\hijackthis.log: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\Qoobox\Quarantine\catchme.log: trouvé ! C:\Users\croquis\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé ! C:\Users\croquis\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\Users\croquis\Downloads\hijackthis.log: trouvé ! C:\Windows\mbr.exe: trouvé ! --------------------------------- --> Suppression: C:\Program Files\Trend Micro\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\TB.txt: supprimé ! C:\Program Files\Trend Micro\hijackthis.log: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Qoobox\Quarantine\catchme.log: supprimé ! C:\Users\croquis\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Users\croquis\Downloads\hijackthis.log: supprimé ! C:\Windows\mbr.exe: supprimé ! C:\Qoobox: supprimé ! C:\Toolbar SD: supprimé ! C:\Rsit: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! C:\Users\croquis\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé ! Fichiers temporaires nettoyés !
  2. sygnud
    Ok merci
  3. sygnud
    Merci pour le lien En faite j'ai déjà fait cette manip. mais le service est bien activé ....Hum mystère Sinon je suis maintenant vierge de toutes infections Je voulais quand même te remercier de m'avoir grandement aidé et d'avoir perdu du temps avec moi.
  4. sygnud
    Par contre, je viens de me rendre compte que mon imprimante que je mets en réseau ne fonctionne plus J’ai un petit message « Serveur RPC n’est pas disponible » Heu m'enfin.....
  5. sygnud
    Je n'ai pas trouvé de rapport même en cherchant partout. Je n'ai plus de redirection sous FF et IE Houppi !! Voici les logs GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-01 11:00:34 Windows 6.0.6002 Service Pack 2 Running: ueiid6yp.exe; Driver: C:\Users\croquis\AppData\Local\Temp\ffldrpod.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8407D1E8 Device \Driver\volmgr \Device\VolMgrControl 83C571E8 Device \Driver\usbuhci \Device\USBPDO-0 84DA3790 Device \Driver\usbuhci \Device\USBPDO-1 84DA3790 Device \Driver\usbuhci \Device\USBPDO-2 84DA3790 Device \Driver\PCI_NTPNP5019 \Device\00000046 sptd.sys Device \Driver\usbuhci \Device\USBPDO-3 84DA3790 Device \Driver\usbehci \Device\USBPDO-4 84FF0790 Device \Driver\volmgr \Device\HarddiskVolume1 83C571E8 Device \Driver\cdrom \Device\CdRom0 84BAD790 Device \Driver\cdrom \Device\CdRom1 84BAD790 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8407C1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 8407C1E8 Device \Driver\atapi \Device\Ide\IdePort0 8407C1E8 Device \Driver\atapi \Device\Ide\IdePort1 8407C1E8 Device \Driver\atapi \Device\Ide\IdePort2 8407C1E8 Device \Driver\iScsiPrt \Device\RaidPort0 84DAA1E8 Device \Driver\usbuhci \Device\USBFDO-0 84DA3790 Device \Driver\usbuhci \Device\USBFDO-1 84DA3790 Device \Driver\usbuhci \Device\USBFDO-2 84DA3790 Device \Driver\usbuhci \Device\USBFDO-3 84DA3790 Device \Driver\usbehci \Device\USBFDO-4 84FF0790 Device \Driver\ahv8l3bf \Device\Scsi\ahv8l3bf1Port4Path0Target0Lun0 84E22790 Device \Driver\ahv8l3bf \Device\Scsi\ahv8l3bf1 84E22790 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -340674176 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1792538445 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x9E 0x4E 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1E 0xED 0xF1 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x66 0xD5 0x32 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x9E 0x4E 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1E 0xED 0xF1 0x4D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x66 0xD5 0x32 0x8A ... ---- EOF - GMER 1.0.15 ----
  6. sygnud
    Je viens de faire tourner ton appli et il m’a trouvé 2 rootkit dans le boot à première vue. Il a demandé à relancer le PC mais par contre impossible de trouver un rapport et il ouvre un notepad mais rien dedans. J’ai relancé et il ne trouve plus de rootkit
  7. sygnud
    Voila le rapport ComboFix 10-01-26.06 - croquis 27/01/2010 19:33:51.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2045.1341 [GMT 1:00] Lancé depuis: c:\users\croquis\Desktop\sygnud.exe Commutateurs utilisés :: c:\users\croquis\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-28 )))))))))))))))))))))))))))))))))))) . 2010-01-27 18:47 . 2010-01-28 08:48 -------- d-----w- c:\users\croquis\AppData\Local\temp 2010-01-27 18:47 . 2010-01-27 18:47 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-27 18:47 . 2010-01-27 18:47 -------- d-----w- c:\users\stephane\AppData\Local\temp 2010-01-27 18:47 . 2010-01-27 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-22 18:35 . 2010-01-22 18:35 -------- d-----w- c:\users\stephane\AppData\Local\Mozilla 2010-01-22 18:35 . 2010-01-22 18:35 -------- d-----w- c:\users\stephane\AppData\Local\MigWiz 2010-01-22 18:33 . 2010-01-22 19:25 -------- d-----w- c:\users\stephane\Tracing 2010-01-22 18:33 . 2010-01-22 18:33 -------- d-----w- c:\users\stephane\AppData\Local\Panda Security 2010-01-22 17:40 . 2010-01-22 17:40 -------- d-----w- c:\users\croquis\AppData\Roaming\PeerNetworking 2010-01-20 17:06 . 2010-01-20 17:06 2037 ----a-w- c:\users\croquis\AppData\Roaming\Microsoft\Setup.exe 2010-01-20 16:55 . 2010-01-25 15:14 -------- d-----w- C:\SmartDraw 2010 2010-01-20 15:06 . 2010-01-20 15:06 -------- d-----w- C:\Library 2010-01-20 14:40 . 2010-01-20 16:06 -------- d-----w- c:\users\croquis\vue_2 2010-01-20 14:35 . 2010-01-20 14:35 -------- d-----w- c:\program files\VUE 2010-01-14 08:42 . 2010-01-14 11:11 -------- d-----w- C:\ToolBar SD 2010-01-13 13:41 . 2010-01-13 13:43 -------- d-----w- C:\rsit 2010-01-13 09:07 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 09:07 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-06 14:29 . 2010-01-06 14:29 -------- d--h--w- c:\windows\PIF 2010-01-06 13:27 . 2010-01-06 13:27 -------- d-----w- c:\program files\CCleaner 2010-01-06 13:06 . 2010-01-06 13:06 250 ----a-w- c:\windows\system32\PavCPL.dat 2010-01-06 13:06 . 2003-10-22 17:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2010-01-06 13:05 . 2009-03-30 17:23 193792 ----a-w- c:\windows\system32\TpUtil.dll 2010-01-06 13:05 . 2009-03-30 17:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2010-01-06 13:05 . 2009-03-30 17:22 55552 ----a-w- c:\windows\system32\pavipc.dll 2010-01-06 13:05 . 2007-02-08 09:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2010-01-06 13:05 . 2009-03-30 17:22 518400 ----a-w- c:\windows\system32\PavSHook.dll 2010-01-06 13:05 . 2009-08-06 11:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys 2010-01-06 13:05 . 2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll 2010-01-06 12:57 . 2008-03-04 14:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2010-01-06 12:57 . 2009-06-30 16:17 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys 2010-01-06 12:57 . 2010-01-06 12:57 -------- d-----w- c:\program files\Common Files\Panda Security 2010-01-06 11:49 . 2010-01-27 12:16 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-05 12:52 . 2010-01-05 12:52 -------- d-----w- c:\users\croquis\AppData\Local\Ashampoo 2010-01-05 11:34 . 2010-01-05 11:34 -------- d-----w- c:\program files\Ashampoo 2010-01-05 10:38 . 2010-01-05 10:38 -------- d-----w- c:\program files\Java(365) 2010-01-05 10:13 . 2010-01-05 10:51 -------- d-----w- c:\users\croquis\AppData\Local\NOS 2010-01-04 18:23 . 2010-01-04 18:23 -------- d-----w- c:\programdata\Panda Software 2009-12-31 16:33 . 2010-01-13 13:43 -------- d-----w- c:\program files\Trend Micro 2009-12-31 13:41 . 2009-12-31 13:41 -------- d-----w- c:\users\croquis\AppData\Local\Panda Security 2009-12-31 13:39 . 2009-12-31 13:39 -------- d-----w- c:\windows\system32\PAV 2009-12-31 13:39 . 2009-12-31 13:39 -------- d-----w- c:\users\croquis\AppData\Roaming\Panda Security 2009-12-31 13:39 . 2009-12-31 13:39 -------- d-----w- c:\programdata\Panda Security 2009-12-31 12:45 . 2009-12-31 12:49 -------- d-----w- c:\users\croquis\AppData\Roaming\QuickScan 2009-12-30 10:22 . 2009-12-30 10:23 -------- d-----w- c:\users\croquis\AppData\Local\CUSTPDF Writer 2009-12-30 10:19 . 2009-12-30 10:19 -------- d-----w- c:\program files\gs 2009-12-30 10:19 . 2009-12-30 10:21 -------- d-----w- c:\program files\SmartDraw PDF Filter 2009-12-30 10:14 . 2009-12-30 10:18 -------- d-----w- c:\program files\SmartDraw 2010(556) 2009-12-29 19:16 . 2009-12-29 19:16 -------- d-----w- c:\program files\Enigma Software Group . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 08:47 . 2009-04-21 08:46 -------- d-----w- c:\users\croquis\AppData\Roaming\DNA 2010-01-28 08:47 . 2009-04-21 08:46 -------- d-----w- c:\program files\DNA 2010-01-27 18:55 . 2006-11-02 15:45 672084 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-27 18:55 . 2006-11-02 15:45 124228 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-27 12:17 . 2009-10-30 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 19:52 . 2007-05-04 13:46 1356 ----a-w- c:\users\croquis\AppData\Local\d3d9caps.dat 2010-01-22 19:47 . 2007-07-31 09:00 -------- d-----w- c:\programdata\FLEXnet 2010-01-22 15:48 . 2007-05-15 13:20 65 ----a-w- c:\windows\system32\BD7420.DAT 2010-01-22 11:19 . 2007-05-11 13:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-21 13:33 . 2009-09-30 14:23 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-01-21 13:33 . 2009-09-30 14:23 38784 ----a-w- c:\users\croquis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-21 13:33 . 2009-09-30 14:23 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-20 19:44 . 2009-03-25 11:36 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 17:07 . 2009-04-21 08:47 -------- d-----w- c:\users\croquis\AppData\Roaming\BitTorrent 2010-01-20 16:59 . 2009-12-17 09:33 -------- d-----w- c:\users\croquis\AppData\Roaming\SmartDraw 2010-01-14 10:12 . 2009-10-05 07:19 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-13 19:34 . 2007-05-07 13:54 -------- d-----w- c:\programdata\Microsoft Help 2010-01-13 19:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-07 15:07 . 2009-10-30 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-10-30 09:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 23:04 . 2009-06-08 13:19 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-01-06 17:13 . 2007-05-15 11:10 -------- d-----w- c:\program files\MSECache 2010-01-06 14:20 . 2008-11-20 09:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-01-06 13:10 . 2008-11-20 09:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-06 13:06 . 2008-09-03 10:51 -------- d-----w- c:\program files\Panda Security 2010-01-06 12:56 . 2007-05-11 13:19 -------- d-----w- c:\program files\Alwil Software 2010-01-06 11:45 . 2009-10-14 09:26 -------- d-----w- c:\program files\Java 2010-01-06 11:24 . 2007-05-07 13:58 -------- d-----w- c:\program files\Microsoft Works 2010-01-06 11:24 . 2007-08-10 14:19 -------- d-----w- c:\program files\Google 2010-01-06 11:24 . 2009-04-21 08:46 -------- d-----w- c:\program files\BitTorrent 2010-01-05 10:32 . 2007-06-11 11:19 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-05 10:12 . 2009-09-14 07:36 -------- d-----w- c:\programdata\NOS 2010-01-02 06:38 . 2010-01-22 09:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 09:03 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-22 09:03 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-22 09:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-31 13:39 . 2007-05-04 14:46 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-27 09:22 . 2009-09-25 07:25 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-19 10:48 . 2009-12-01 11:02 872960 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 10:48 . 2009-12-01 11:02 43008 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 10:48 . 2009-12-01 11:02 340480 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 10:48 . 2009-12-01 11:02 346624 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-18 08:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2007-08-10 165304] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 534200] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-30 323392] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496] "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 534200] c:\users\croquis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2009-2-14 337264] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-30 110592] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-5-4 114688] Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-11 946176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 15:58 58672 ----a-w- c:\windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):71,38,e8,b8,d8,e8,c9,01 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/07/2009 09:22 64160] R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [03/09/2008 11:52 28552] R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [06/01/2010 13:57 41144] R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [06/01/2010 14:05 49160] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [06/01/2010 13:57 163336] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [06/01/2010 14:06 28928] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/11/2008 10:38 1153368] S2 anggutih;PnP ISA/EISA Bus Monitor;c:\windows\System32\svchost.exe -k netsvcs [19/07/2008 17:52 21504] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [19/07/2008 17:52 21504] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1028432] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01/02/2008 14:17 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01/02/2008 14:17 8320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache panda REG_MULTI_SZ Gwmsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs anggutih . Contenu du dossier 'Tâches planifiées' 2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 07:25] 2009-06-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-06 14:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html FF - ProfilePath - c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 09:47 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84ED1841]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x881a0d24 \Driver\ACPI -> acpi.sys @ 0x807aad68 \Driver\atapi -> 0x8447a1e8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe c:\windows\system32\rundll32.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE c:\program files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\vssvc.exe c:\windows\system32\conime.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\windows\System32\rundll32.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Heure de fin: 2010-01-28 09:58:27 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-28 08:58 ComboFix2.txt 2010-01-22 21:33 Avant-CF: 99 771 133 952 octets libres Après-CF: 92 322 603 008 octets libres - - End Of File - - 8DD2803C3D6F6C0A5549C214A4E9C7DE
  8. sygnud
    salut , Je vais faire ça se soir. Un script rien que pour moi la classe Merci pour tous tes efforts
  9. sygnud
    Je viens de faire le test tout va bien
  10. sygnud
    c'est le bon lien ?
  11. sygnud
    Pas de problème Thanos , c'est déjà bien de m'aider GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-26 09:46:16 Windows 6.0.6002 Service Pack 2 Running: ueiid6yp.exe; Driver: C:\Users\croquis\AppData\Local\Temp\ffldrpod.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Windows\system32\DRIVERS\PavProc.sys ZwTerminateProcess [0xA2A624E8] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.) AttachedDevice \FileSystem\Ntfs \Ntfs pavboot.sys (Panda Boot Driver/Panda Security, S.L.) AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys Device -> \Driver\atapi \Device\Harddisk0\DR0 84C0B841 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x9E 0x4E 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1E 0xED 0xF1 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x66 0xD5 0x32 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7B 0x9E 0x4E 0x45 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1E 0xED 0xF1 0x4D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x66 0xD5 0x32 0x8A ... ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
  12. sygnud
    p'ti up
  13. sygnud
    Voilou 2010-01-22 11:31:49 . 2010-01-22 11:31:49 188 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Ashampoo AntiSpyWare 2 Guard.reg.dat 2010-01-22 11:18:07 . 2010-01-22 11:18:07 1,398 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_srv2.reg.dat 2010-01-22 11:18:07 . 2010-01-22 11:18:07 990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SRV2.reg.dat 2010-01-22 11:17:02 . 2010-01-22 11:17:02 5,419 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-01-22 10:28:48 . 2010-01-22 11:07:32 124 ----a-w- C:\Qoobox\Quarantine\catchme.log 2010-01-20 16:49:17 . 2010-01-20 16:48:56 393,216 ----a-w- C:\Qoobox\Quarantine\C\Users\croquis\AppData\Roaming\Microsoft\svchost.exe.vir 2007-05-11 13:59:57 . 2009-11-24 13:31:40 34,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Thunderbird\plc4.dll.vir
  14. sygnud
    Je pense que lors de la maintenance j’ai mon dernier message qui a disparu Je repost ComboFix 10-01-21.06 - croquis 22/01/2010 12:07:33.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2045.1411 [GMT 1:00] Lancé depuis: c:\users\croquis\Desktop\sygnud.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500 c:\program files\Mozilla Thunderbird\plc4.dll c:\users\croquis\AppData\Roaming\Microsoft\svchost.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SRV2 -------\Service_srv2 ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-22 au 2010-01-22 )))))))))))))))))))))))))))))))))))) . 2010-01-22 11:20 . 2010-01-22 11:27 -------- d-----w- c:\users\croquis\AppData\Local\temp 2010-01-22 11:20 . 2010-01-22 11:20 -------- d-----w- c:\users\john\AppData\Local\temp 2010-01-22 11:20 . 2010-01-22 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-20 17:06 . 2010-01-20 17:06 2037 ----a-w- c:\users\croquis\AppData\Roaming\Microsoft\Setup.exe 2010-01-20 16:55 . 2010-01-20 16:59 -------- d-----w- C:\SmartDraw 2010 2010-01-20 15:06 . 2010-01-20 15:06 -------- d-----w- C:\Library 2010-01-20 14:40 . 2010-01-20 16:06 -------- d-----w- c:\users\croquis\vue_2 2010-01-20 14:35 . 2010-01-20 14:35 -------- d-----w- c:\program files\VUE 2010-01-14 08:42 . 2010-01-14 11:11 -------- d-----w- C:\ToolBar SD 2010-01-13 13:41 . 2010-01-13 13:43 -------- d-----w- C:\rsit 2010-01-13 09:07 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 09:07 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-06 14:29 . 2010-01-06 14:29 -------- d--h--w- c:\windows\PIF 2010-01-06 13:27 . 2010-01-06 13:27 -------- d-----w- c:\program files\CCleaner 2010-01-06 13:06 . 2010-01-06 13:06 250 ----a-w- c:\windows\system32\PavCPL.dat 2010-01-06 13:06 . 2003-10-22 17:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2010-01-06 13:05 . 2009-03-30 17:23 193792 ----a-w- c:\windows\system32\TpUtil.dll 2010-01-06 13:05 . 2009-03-30 17:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2010-01-06 13:05 . 2009-03-30 17:22 55552 ----a-w- c:\windows\system32\pavipc.dll 2010-01-06 13:05 . 2007-02-08 09:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2010-01-06 13:05 . 2009-03-30 17:22 518400 ----a-w- c:\windows\system32\PavSHook.dll 2010-01-06 13:05 . 2009-08-06 11:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys 2010-01-06 13:05 . 2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll 2010-01-06 12:57 . 2008-03-04 14:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2010-01-06 12:57 . 2009-06-30 16:17 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys 2010-01-06 12:57 . 2010-01-06 12:57 -------- d-----w- c:\program files\Common Files\Panda Security 2010-01-06 11:49 . 2010-01-06 11:49 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-05 12:52 . 2010-01-05 12:52 -------- d-----w- c:\users\croquis\AppData\Local\Ashampoo 2010-01-05 11:34 . 2010-01-05 11:34 -------- d-----w- c:\program files\Ashampoo 2010-01-05 10:38 . 2010-01-05 10:38 -------- d-----w- c:\program files\Java(365) 2010-01-05 10:13 . 2010-01-05 10:51 -------- d-----w- c:\users\croquis\AppData\Local\NOS 2010-01-04 18:23 . 2010-01-04 18:23 -------- d-----w- c:\programdata\Panda Software 2009-12-31 16:33 . 2010-01-13 13:43 -------- d-----w- c:\program files\Trend Micro 2009-12-31 13:41 . 2009-12-31 13:41 -------- d-----w- c:\users\croquis\AppData\Local\Panda Security 2009-12-31 13:39 . 2009-12-31 13:39 -------- d-----w- c:\windows\system32\PAV 2009-12-31 13:39 . 2009-12-31 13:39 -------- d-----w- c:\users\croquis\AppData\Roaming\Panda Security 2009-12-31 13:39 . 2009-12-31 13:39 -------- d-----w- c:\programdata\Panda Security 2009-12-31 12:45 . 2009-12-31 12:49 -------- d-----w- c:\users\croquis\AppData\Roaming\QuickScan 2009-12-30 10:22 . 2009-12-30 10:23 -------- d-----w- c:\users\croquis\AppData\Local\CUSTPDF Writer 2009-12-30 10:19 . 2009-12-30 10:19 -------- d-----w- c:\program files\gs 2009-12-30 10:19 . 2009-12-30 10:21 -------- d-----w- c:\program files\SmartDraw PDF Filter 2009-12-30 10:14 . 2009-12-30 10:18 -------- d-----w- c:\program files\SmartDraw 2010(556) 2009-12-29 19:16 . 2009-12-29 19:16 -------- d-----w- c:\program files\Enigma Software Group . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-22 11:19 . 2007-05-11 13:59 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-22 10:58 . 2009-04-21 08:46 -------- d-----w- c:\users\croquis\AppData\Roaming\DNA 2010-01-21 13:33 . 2009-09-30 14:23 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-01-21 13:33 . 2009-09-30 14:23 38784 ----a-w- c:\users\croquis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-21 13:33 . 2009-09-30 14:23 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-21 08:12 . 2007-05-15 13:20 65 ----a-w- c:\windows\system32\BD7420.DAT 2010-01-20 19:44 . 2009-03-25 11:36 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 17:07 . 2009-04-21 08:47 -------- d-----w- c:\users\croquis\AppData\Roaming\BitTorrent 2010-01-20 16:59 . 2009-12-17 09:33 -------- d-----w- c:\users\croquis\AppData\Roaming\SmartDraw 2010-01-14 10:12 . 2009-10-05 07:19 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-13 19:34 . 2007-05-07 13:54 -------- d-----w- c:\programdata\Microsoft Help 2010-01-13 19:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-06 23:04 . 2009-06-08 13:19 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-01-06 19:55 . 2007-07-31 09:00 -------- d-----w- c:\programdata\FLEXnet 2010-01-06 17:13 . 2007-05-15 11:10 -------- d-----w- c:\program files\MSECache 2010-01-06 14:20 . 2008-11-20 09:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-01-06 13:46 . 2009-04-21 08:46 -------- d-----w- c:\program files\DNA 2010-01-06 13:10 . 2008-11-20 09:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-06 13:06 . 2008-09-03 10:51 -------- d-----w- c:\program files\Panda Security 2010-01-06 12:56 . 2007-05-11 13:19 -------- d-----w- c:\program files\Alwil Software 2010-01-06 11:52 . 2009-10-30 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 11:45 . 2009-10-14 09:26 -------- d-----w- c:\program files\Java 2010-01-06 11:24 . 2007-05-07 13:58 -------- d-----w- c:\program files\Microsoft Works 2010-01-06 11:24 . 2007-08-10 14:19 -------- d-----w- c:\program files\Google 2010-01-06 11:24 . 2009-04-21 08:46 -------- d-----w- c:\program files\BitTorrent 2010-01-06 10:14 . 2007-05-04 13:46 1356 ----a-w- c:\users\croquis\AppData\Local\d3d9caps.dat 2010-01-05 10:32 . 2007-06-11 11:19 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-05 10:12 . 2009-09-14 07:36 -------- d-----w- c:\programdata\NOS 2009-12-31 13:39 . 2007-05-04 14:46 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-30 13:55 . 2009-10-30 09:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 13:54 . 2009-10-30 09:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-27 09:22 . 2009-09-25 07:25 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-21 06:40 . 2009-12-09 09:25 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 09:25 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 09:25 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 09:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 10:48 . 2009-12-01 11:02 872960 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 10:48 . 2009-12-01 11:02 43008 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 10:48 . 2009-12-01 11:02 340480 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 10:48 . 2009-12-01 11:02 346624 ----a-w- c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-18 08:51 . 2006-11-02 15:45 672084 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-18 08:51 . 2006-11-02 15:45 124228 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-18 08:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-29 09:17 . 2009-11-25 19:00 2048 ----a-w- c:\windows\system32\tzres.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2007-08-10 165304] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 534200] "BitTorrent DNA"="c:\users\croquis\Program Files\DNA\btdna.exe" [2009-10-07 323392] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496] "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 534200] c:\users\croquis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2009-2-14 337264] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-30 110592] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-5-4 114688] Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-11 946176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 15:58 58672 ----a-w- c:\windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):71,38,e8,b8,d8,e8,c9,01 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/07/2009 09:22 64160] R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [03/09/2008 11:52 28552] R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [06/01/2010 13:57 41144] R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [06/01/2010 14:05 49160] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [06/01/2010 13:57 163336] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [06/01/2010 14:06 28928] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/11/2008 10:38 1153368] S2 anggutih;PnP ISA/EISA Bus Monitor;c:\windows\System32\svchost.exe -k netsvcs [19/07/2008 17:52 21504] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [19/07/2008 17:52 21504] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1028432] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01/02/2008 14:17 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01/02/2008 14:17 8320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache panda REG_MULTI_SZ Gwmsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs anggutih . Contenu du dossier 'Tâches planifiées' 2010-01-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 07:25] 2009-06-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-06 14:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html FF - ProfilePath - c:\users\croquis\AppData\Roaming\Mozilla\Firefox\Profiles\lxx8rmto.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\croquis\Program Files\DNA\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Ashampoo AntiSpyWare 2 Guard - c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-22 12:26 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84EC9841]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x881acd24 \Driver\ACPI -> acpi.sys @ 0x807b4d68 \Driver\atapi -> 0x8447b1e8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe c:\windows\system32\rundll32.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe c:\program files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE c:\program files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\conime.exe . ************************************************************************** . Heure de fin: 2010-01-22 12:36:09 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-22 11:35 Avant-CF: 89 556 234 240 octets libres Après-CF: 89 843 621 888 octets libres - - End Of File - - FD9BECE5BD1C3B1DA99011713E83EEF4 Sinon sous FF et IE j’ai toujours des redirections sauvages pour des pubs quand je clique sur des liens de temps en temps
  15. sygnud
    Voilou le rapport Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.01.20 - AhnLab-V3 5.0.0.2 2010.01.19 - AntiVir 7.9.1.142 2010.01.20 - Antiy-AVL 2.0.3.7 2010.01.20 - Authentium 5.2.0.5 2010.01.20 - Avast 4.8.1351.0 2010.01.20 - AVG 9.0.0.730 2010.01.19 - BitDefender 7.2 2010.01.20 - CAT-QuickHeal 10.00 2010.01.20 - ClamAV 0.94.1 2010.01.20 - Comodo 3647 2010.01.20 - DrWeb 5.0.1.12222 2010.01.20 - eSafe 7.0.17.0 2010.01.19 - eTrust-Vet 35.2.7247 2010.01.20 - F-Prot 4.5.1.85 2010.01.19 - F-Secure 9.0.15370.0 2010.01.20 - Fortinet 4.0.14.0 2010.01.20 - GData 19 2010.01.20 - Ikarus T3.1.1.80.0 2010.01.20 - Jiangmin 13.0.900 2010.01.20 - K7AntiVirus 7.10.951 2010.01.20 - Kaspersky 7.0.0.125 2010.01.20 - McAfee 5866 2010.01.19 - McAfee+Artemis 5866 2010.01.19 - McAfee-GW-Edition 6.8.5 2010.01.20 Heuristic.LooksLike.Trojan.Patched.H Microsoft 1.5302 2010.01.20 - NOD32 4789 2010.01.20 - Norman 6.04.03 2010.01.20 - nProtect 2009.1.8.0 2010.01.20 - Panda 10.0.2.2 2010.01.19 - PCTools 7.0.3.5 2010.01.19 - Rising 22.31.02.04 2010.01.20 - Sophos 4.49.0 2010.01.20 - Sunbelt 3.2.1858.2 2010.01.20 - Symantec 20091.2.0.41 2010.01.20 - TheHacker 6.5.0.7.157 2010.01.20 - TrendMicro 9.120.0.1004 2010.01.20 - VBA32 3.12.12.1 2010.01.20 - ViRobot 2010.1.20.2146 2010.01.20 - VirusBuster 5.0.21.0 2010.01.20 - Information additionnelle File size: 19944 bytes MD5 : 1f05b78ab91c9075565a9d8a4b880bc4 SHA1 : 218442cd7afecbc8d102c4e31d9ef3528642191b SHA256: 737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5005 timedatestamp.....: 0x49E01EED (Sat Apr 11 06:39:09 2009) machinetype.......: 0x14C (Intel I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x19B0 0x1A00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb .rdata 0x3000 0xAE 0x200 1.49 3d541e69f96e97a837841ad289adeac7 .data 0x4000 0xC 0x200 0.18 7c80b151582aa6280e754b477343e54e INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06 .rsrc 0x6000 0x3F8 0x400 3.38 5c8a106a7c9416fb469c83dfab844abd .reloc 0x7000 0x8A 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06 ( 2 imports ) > ataport.sys: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange > ntoskrnl.exe: KeTickCount ( 0 exports ) TrID : File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ssdeep: 384:zzY0Vgd1RrKzBpWk4UwWFSn8G6FuT+quHpBjbOjBMwzt8:zz/Vgd1gzQUSuBxkMwzt8 PEiD : - RDS : NSRL Reference Data Set
×
×
  • Créer...