Aller au contenu

marnyman

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par marnyman

  1. marnyman
    Depuis hier mon ordi ouvre ici et la certaines pages web de manière spontanée. J'ai installé la version d'essaie de Hitman pro 3.5 et ce problème semble avoir disparu. Cependant un autre plus grave continue. La plus part de mes recherches sur google (surtout celles d'antivirus) sont redirigées vers d'autres sites internet (tous différents à chaque fois). L'ordinateur semble avoir ralenti énormement aussi. J'ai fait un ComboFix dont le rapport je joigne à ce message. Étrangement, j'avais eu AVG (gratuit) et Mcafee (fourni au travail) dans le passé, mais ils était déjà desinstallés. ComboFix m'a envoyé par contre un message en me dissant qu'ils étaient actifs. Je les ai cherché partout dans mon ordinateur sans y trouver de leurs traces, et j'ai continué avec le logiciel. ++++++++++ ComboFix 10-05-31.02 - Scoring Workstation 05/31/2010 22:27:27.1.3 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3454.2968 [GMT -4:00] Running from: c:\documents and settings\Scoring Workstation\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Scoring Workstation\Application Data\chrtmp c:\documents and settings\Scoring Workstation\Local Settings\Application Data\Windows Server c:\documents and settings\Scoring Workstation\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\Scoring Workstation\Local Settings\Application Data\Windows Server\uses32.dat C:\feed.txt c:\program files\Shared\lib.dll c:\program files\Shared\lib.sig c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 C:\restore c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini c:\windows\Bmydia.exe c:\windows\Bmydib.exe c:\windows\system32\bwvcqqqj.dll c:\windows\system32\hlp.dat Infected copy of c:\windows\system32\drivers\nvata.sys was found and disinfected Restored copy from - Kitty had a snack c:\windows\system32\ws2_32.dll . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 ))))))))))))))))))))))))))))))) . 2010-12-16 03:32 . 2010-12-16 03:32 -------- d-----w- c:\windows\system32\LogFiles 2010-06-01 01:33 . 2010-06-01 01:46 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-01 01:33 . 2010-06-01 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-01 01:33 . 2010-06-01 01:33 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-05-31 18:50 . 2008-09-29 12:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-05-31 18:50 . 2008-09-29 12:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-05-31 18:50 . 2008-09-29 12:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-05-31 18:50 . 2008-09-29 12:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2010-05-31 18:50 . 2008-09-29 12:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-05-31 18:50 . 2008-09-29 12:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-05-31 18:50 . 2008-09-29 12:07 67904 ----a-w- c:\windows\system32\mfevtps.exe 2010-05-31 18:49 . 2010-05-31 18:49 -------- d-----w- c:\program files\Common Files\McAfee 2010-05-31 13:24 . 2010-05-31 18:42 -------- d-----w- c:\program files\Symantec 2010-05-31 12:59 . 2010-05-31 12:59 -------- d-----w- c:\documents and settings\Scoring Workstation\Application Data\Street-Ads 2010-05-31 12:58 . 2010-05-31 12:58 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-27 23:49 . 2010-06-01 02:35 -------- d-----w- c:\program files\Shared 2010-05-27 01:32 . 2006-08-16 13:23 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys 2010-05-27 01:32 . 2006-08-16 13:23 86016 ----a-w- c:\windows\system32\MA_CMIDN.DLL 2010-05-27 01:32 . 2006-08-16 13:23 14272 ----a-w- c:\windows\system32\MA_CMIDI.DRV 2010-05-27 01:32 . 2006-08-16 13:23 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL 2010-05-27 00:45 . 2010-05-27 02:08 -------- d-----w- c:\program files\M-Audio 2010-05-25 12:52 . 2010-05-25 12:52 -------- d-----w- c:\documents and settings\Scoring Workstation\Local Settings\Application Data\Conduit 2010-05-25 12:52 . 2010-05-25 15:42 -------- d-----w- c:\documents and settings\Scoring Workstation\Local Settings\Application Data\Vuze_Remote 2010-05-25 12:52 . 2010-05-25 12:52 -------- d-----w- c:\program files\Vuze_Remote 2010-05-25 12:52 . 2010-05-25 12:52 -------- d-----w- c:\program files\Conduit 2010-05-25 05:38 . 2010-05-25 05:38 309248 ----a-w- c:\windows\system32\nrolcrsm.dll 2010-05-08 11:10 . 2010-05-08 11:10 -------- d-----w- c:\documents and settings\Scoring Workstation\Local Settings\Application Data\Move Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-31 23:52 . 2010-05-08 11:10 144195 ----a-w- c:\documents and settings\Scoring Workstation\Application Data\Move Networks\uninstall.exe 2010-05-31 23:52 . 2010-03-25 20:06 5605824 ----a-w- c:\documents and settings\Scoring Workstation\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll 2010-05-31 23:52 . 2009-07-25 22:12 -------- d-----w- c:\documents and settings\Scoring Workstation\Application Data\Move Networks 2010-05-31 23:50 . 2010-05-31 23:50 2572 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2010-05-31 23:46 . 2010-05-31 23:46 57344 ----a-w- c:\windows\system32\RBK7563.tmp 2010-05-31 19:04 . 2009-02-23 21:57 1 ----a-w- c:\documents and settings\Scoring Workstation\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-31 18:50 . 2010-04-27 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-31 18:49 . 2010-04-27 17:00 -------- d-----w- c:\program files\McAfee 2010-05-31 18:48 . 2010-01-13 22:52 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-31 18:48 . 2010-01-12 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-05-31 12:17 . 2009-03-04 00:44 -------- d-----w- c:\documents and settings\Scoring Workstation\Application Data\Azureus 2010-05-27 10:41 . 2009-02-15 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-27 03:16 . 2010-05-27 03:16 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-05-27 02:34 . 2008-11-16 05:59 32680 ----a-w- c:\documents and settings\Scoring Workstation\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-27 01:26 . 2008-11-16 05:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-27 00:54 . 2010-05-27 00:54 57344 ----a-w- c:\windows\system32\RBK16D3.tmp 2010-05-26 22:52 . 2009-12-30 16:46 4 ----a-w- C:\WINDOWSRegDefrag.dat 2010-05-26 22:51 . 2010-05-26 22:51 57344 ----a-w- c:\windows\system32\RO2024.tmp 2010-05-25 12:53 . 2009-03-04 00:43 -------- d-----w- c:\program files\Vuze 2010-05-11 14:52 . 2010-01-12 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-05-08 11:10 . 2010-05-08 11:10 1797544 ----a-w- c:\documents and settings\Scoring Workstation\Application Data\Move Networks\MoveMediaPlayerWin_071803000001.exe 2010-04-27 20:35 . 2008-11-23 19:17 -------- d-----w- c:\program files\Guitar Pro 5 2010-04-27 17:00 . 2010-04-27 17:00 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-04-27 16:43 . 2010-02-26 14:35 120 ----a-w- c:\windows\Cgadasutiyayiyoh.dat 2010-04-13 22:03 . 2010-04-13 22:03 57344 ----a-w- c:\windows\system32\RO2887.tmp 2010-03-28 21:39 . 2010-03-28 21:39 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-25 20:06 . 2010-03-25 20:06 97216 ----a-w- c:\documents and settings\Scoring Workstation\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2010-03-11 12:38 . 2008-11-04 22:42 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2008-11-04 22:41 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2008-11-04 22:41 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:06 . 2008-05-09 08:45 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-04 19:01 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2010-03-04 19:01 . 2003-03-19 01:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL 2010-03-04 19:01 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2008-11-24 05:21 . 2008-11-24 05:21 604 -c-ha-w- c:\program files\STLL Notifier . ------- Sigcheck ------- [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll [-] 2007-03-08 . C78E2564EDA27A17CD8303A700674900 . 578048 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll [-] 2007-03-08 . C78E2564EDA27A17CD8303A700674900 . 578048 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll [-] 2004-08-04 . 1534BBF9C0E473FBB5FC9A9D659F1B17 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll [-] 2008-11-04 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2005-05-24 25088] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "CTHelper"="CTHELPER.EXE" [2005-05-24 16384] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\Scoring Workstation\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "6473:TCP"= 6473:TCP:Services "6474:TCP"= 6474:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "8196:TCP"= 8196:TCP:Services "8197:TCP"= 8197:TCP:Services R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/18/2008 12:08 AM 33792] S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?] S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?] S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2009 9:20 PM 717296] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.topchretien.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - HKCU-Run-Microsoft IIS Server - c:\documents and settings\Scoring Workstation\Application Data\lssas.exe HKLM-Run-Windows Center - iexplorer.exe HKLM-Run-Hot Spots - c:\windows\system32\updaterv3.exe ActiveSetup-{08B0E5C0-4FCB-11CF-AAX5-00401C608512} - c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe ActiveSetup-{2E938509-71CA-662B-47FE-178549EA094A} - c:\windows\system32\updaterv3.exe AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-31 22:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Hot Spots = c:\windows\system32\updaterv3.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFB9FC8B0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf5d4cf10 \Driver\ACPI -> ACPI.sys @ 0xf5bbfcb8 \Driver\atapi -> atapi.sys @ 0xf5b517b4 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0xe0c4f544 ParseProcedure -> ntkrnlpa.exe @ 0xe0c4e684 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0xe0c4f544 ParseProcedure -> ntkrnlpa.exe @ 0xe0c4e684 NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> 0xfb99b440 PacketIndicateHandler -> NDIS.sys @ 0xf5a50b21 SendHandler -> NDIS.sys @ 0xf5a2e87b user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(768) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3300) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Java\jre1.6.0_07\bin\jucheck.exe . ************************************************************************** . Completion time: 2010-05-31 22:48:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-01 02:48 Pre-Run: 385,171,660,800 bytes free Post-Run: 395,553,980,416 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /3GB - - End Of File - - 9250015210D75E5F0BF31E7CBE17686B +++++++++ Merci pour l'aide. Marnyman
×
×
  • Créer...