zidzitun

Zeb Help Process 2 by Nicolas Coolman - Rapport de synthèse du 5/12/2010 3:12:27 AM INFORMATION je ne trouve rien, merci de votre aide INFECTION IDENTIFIEE Liste disponible seulement en version Helper PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask.com - Ask.com Toolbar.) (5.6.6.117) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} () - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe O39 - APT:Automatic Planified Task - C:\windows\Tasks\Scheduled Update for Ask Toolbar.job [HKCU\Software\Ask.com] [HKCU\Software\AskToolbar] O43 - CFD:Common File Directory ----D- C:\Program Files\Ask.com O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\system32\awdamyuiwk_nav.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\system32\awdamyuiwk_navps.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\pack.epk O69 - SBI: C:\Documents And Settings\olivier davy\Application Data\Mozilla\Firefox\Profiles\\n26cpjda.default\searchplugins\askcom.xml O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.cbid", "J7"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}"'>http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}"'>http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.fresh-install", false); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.l", "dis"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.last-config-req", "1272912582189"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.locale", "fr_US"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.o", "14979"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.overlay-reloaded-using-restart", true); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.qsrc", "2871"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.r", "2"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.enabledItems", "toolbar@ask.com:3.5.0.145,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005- O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.snipit.askTbInstalled", true); SCRIPT DE DESINFECTION (Base de Registres) Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- SCRIPT DE SUPPRESSION DE FICHIER c:\program files\ask.com\genericasktoolbar.dll c:\windows\system32\awdamyuiwk_nav.dat c:\windows\system32\awdamyuiwk_navps.dat PROCESSUS SUPERFLU DU SYSTEME [MD5.F91F52F4EA5D88DAB6245682A16F3A72] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272] O42 - Logiciel: Viewpoint Media Player - (.Pas de propriétaire.) [HKLM] [HKLM\Software\MetaStream] [HKLM\Software\Viewpoint] O43 - CFD:Common File Directory ----D- C:\Program Files\Viewpoint PROCESSUS INUTILE (Au démarrage du système) O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\windows\system32\ctfmon.exe O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MISE A JOUR DE PRODUIT Sun Microsystem Java Plug-in PROCESSUS P2P (Vecteurs d'infections) Bittorent PeerToPeer eMule®PeerToPeer BittTorrent®PeerToPeer PROTECTION DU SYSTEME (Antivirus, FireWall, Anti-Malwares) [MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [81000] [MD5.5DEBC3519D489411073FA7E56FFB4A93] - (.ALWIL Software - avast! Antivirus updating service.) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752] [MD5.0AAF6B848185899CF76AE04E62EAB3D2] - (.ALWIL Software - avast! antivirus service.) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680] [MD5.F45DD1E1365D857DD08BC23563370D0E] - (.Microsoft Corporation - Service Executable.) -- C:\Program Files\Windows Defender\MsMpEng.exe [13592] Alwil®Avast! Antivirus Eset NOD32 Online Scanner Microsoft Windows Defender ESET Online Scanner Alwil Avast! Antivirus Microsoft AntiSpyware Grisoft®AVG Antivirus O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O53 - SMSR:HKLM\...\startupreg\Windows Defender [Key] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe RAPPORT SIMPLIFIE R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask.com - Ask.com Toolbar.) (5.6.6.117) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\windows\system32\ctfmon.exe O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} () - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} () - (.not file.) - O39 - APT:Automatic Planified Task - C:\windows\Tasks\ConfigFree.job O39 - APT:Automatic Planified Task - C:\windows\Tasks\Scheduled Update for Ask Toolbar.job O40 - ASIC: Personnalisation du navigateur - >{9A124519-6A8C-4507-AA54-E3084FADEBFD} . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM O42 - Logiciel: AT&T Connection Services Manager - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: BitTorrent - (.BitTorrent, Inc.) [HKLM] O42 - Logiciel: FilmLoop Player - (.FilmLoop, Inc..) [HKLM] O42 - Logiciel: Labtec Legacy USB Camera Driver Package - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Logitech QuickCam Driver Package - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: MSN Money Investment Toolbox - (.Microsoft.) [HKLM] O42 - Logiciel: PC Pitstop Erase 1.0.6.86 - (.PC Pitstop LLC.) [HKLM] O42 - Logiciel: Quicken 2004 - (.Intuit.) [HKLM] O42 - Logiciel: TOSHIBA Access - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: TOSHIBA Display Devices Change Utility - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: TOSHIBA PC Diagnostic Tool - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: TOSHIBA Power Saver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: TOSHIBA TouchPad On/Off Utility V2.05.00 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: TurboTax Deluxe 2003 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Viewpoint Media Player - (.Pas de propriétaire.) [HKLM] [HKCU\Software\Ask.com] [HKCU\Software\AskToolbar] [HKCU\Software\Cordless USB Phone] [HKCU\Software\Fidelity Investments] [HKCU\Software\FilmLoop Player] [HKCU\Software\MainConcept (Nikon)] [HKCU\Software\Net2Phone] [HKCU\Software\NoTrace] [HKCU\Software\PC MightyMax 2007] [HKCU\Software\PageLibraries] [HKCU\Software\WM61 Application] [HKLM\Software\532customer] [HKLM\Software\AT&T] [HKLM\Software\B.H.A] [HKLM\Software\ConfigBuilder] [HKLM\Software\Distinct] [HKLM\Software\Easy Systems Japan Ltd.] [HKLM\Software\FilmLoop Player] [HKLM\Software\Intuit] [HKLM\Software\Lexun Freeware] [HKLM\Software\MetaStream] [HKLM\Software\Plants] [HKLM\Software\Services] [HKLM\Software\Totalidea Software] [HKLM\Software\Viewpoint] O43 - CFD:Common File Directory ----D- C:\Program Files\Ask.com O43 - CFD:Common File Directory ----D- C:\Program Files\AT&T O43 - CFD:Common File Directory ----D- C:\Program Files\BitTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\Cordless USB Phone O43 - CFD:Common File Directory ----D- C:\Program Files\DataLode O43 - CFD:Common File Directory ----D- C:\Program Files\doc O43 - CFD:Common File Directory ----D- C:\Program Files\dvx O43 - CFD:Common File Directory ----D- C:\Program Files\FilmLoop Player O43 - CFD:Common File Directory ----D- C:\Program Files\Intuit O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Location Finder O43 - CFD:Common File Directory ----D- C:\Program Files\No Trace O43 - CFD:Common File Directory ----D- C:\Program Files\Notebook Maximizer O43 - CFD:Common File Directory ----D- C:\Program Files\PC MightyMax 2007 O43 - CFD:Common File Directory ----D- C:\Program Files\RegScrubXP O43 - CFD:Common File Directory ----D- C:\Program Files\TOSHIBA Access Files O43 - CFD:Common File Directory ----D- C:\Program Files\Turbo Tax Audit Support Center O43 - CFD:Common File Directory ----D- C:\Program Files\TurboTax O43 - CFD:Common File Directory ----D- C:\Program Files\Viewpoint O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Intuit O44 - LFC:[MD5.00000000000000000000000000000000] - 5/11/2010 - 1:08:17 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\wiaservc.log [49] O44 - LFC:[MD5.00000000000000000000000000000000] - 5/11/2010 - 1:08:24 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\wiadebug.log [159] O44 - LFC:[MD5.00000000000000000000000000000000] - 5/11/2010 - 1:09:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\WindowsUpdate.log [2064122] O44 - LFC:[MD5.2F326EDB9F9B40DFFBDFECA8193D2875] - 5/11/2010 - 2:16:09 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\KB976002-v5.log [3496] O44 - LFC:[MD5.DF14111C765E40D453A8F63865EF953F] - 5/2/2010 - 11:56:55 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\hpfr3425.log [48744] O44 - LFC:[MD5.D4EBB905DD6537FA8988DA69F108D81E] - 5/2/2010 - 11:56:56 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\hpfr3420.xml [516] O44 - LFC:[MD5.02B54CC91705B63825E500C442183120] - 5/3/2010 - 2:31:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\SMWizard.INI [44] O47 - AAKE:Key Export SP - "C:\TOSHIBA\Ivp\NetInt\netint.exe" [Enabled] .(.TOSHIBA Corporation - NIE - Toshiba Software Upgrade Engine.) (.not file.) -- C:\TOSHIBA\ivp\NetInt\Netint.exe O47 - AAKE:Key Export SP - "C:\Program Files\America Online 9.0a\waol.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\America Online 9.0a\waol.exe O47 - AAKE:Key Export SP - "C:\Program Files\SAGEM\SAGEM F@st 908-948 ETH\BridgeMon.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\SAGEM\SAGEM F@st 908-948 ETH\BridgeMon.exe O47 - AAKE:Key Export SP - "C:\Program Files\SAGEM\sagem F@st PPPoE Client\connect.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\SAGEM\sagem F@st PPPoE Client\connect.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App O47 - AAKE:Key Export SP - "C:\Program Files\Grisoft\AVG Free\avgvv.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Grisoft\AVG Free\avgvv.exe O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Disabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\eMule\emule.exe O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(.BitTorrent, Inc. - BitTorrent.) (.not file.) -- C:\Program Files\BitTorrent\bittorrent.exe O47 - AAKE:Key Export DP - "C:\Program Files\America Online 9.0a\waol.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\America Online 9.0a\waol.exe O51 - MPSK:{b2d1c72e-ba4f-11de-bf83-00095bc88e69}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- E:\ires.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\FilmLoop [Key] . (.FilmLoop Inc. - FilmLoop Player.) -- C:\Program Files\FilmLoop Player\FilmLoop.exe O53 - SMSR:HKLM\...\startupreg\PCPitStopEraser [Key] . (.PC Pitstop - PC Pitstop Erase Cleaner Tool.) -- C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O53 - SMSR:HKLM\...\startupreg\WG511WLU [Key] . (.Pas de propriétaire - NetgearRev MFC Application.) -- C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoFileMenu"=0 O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\system32\awdamyuiwk_nav.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\system32\awdamyuiwk_navps.dat O59 - HSMI:Heuristic Search MagicControl Infection - C:\windows\pack.epk O69 - SBI: C:\Documents And Settings\olivier davy\Application Data\Mozilla\Firefox\Profiles\\n26cpjda.default\searchplugins\askcom.xml O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.cbid", "J7"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.fresh-install", false); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.l", "dis"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.last-config-req", "1272912582189"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.locale", "fr_US"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.o", "14979"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.overlay-reloaded-using-restart", true); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.qsrc", "2871"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.r", "2"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.enabledItems", "toolbar@ask.com:3.5.0.145,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005- O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.snipit.askTbInstalled", true); Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask.com - Ask.com Toolbar.) (5.6.6.117) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll [HKCU\Software\Ask.com] O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}"); O69 - SBI: prefs.js [olivier davy - n26cpjda.default] user_pref("extensions.enabledItems", "toolbar@ask.com:3.5.0.145,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005-