infection

mino10 · le 25 mai 2008

bonsoir,

mon pc été infécté , j'ai découvret16 infections décourt et éliminer par Kaspersky, il en reste quelques ubs que je n'arrive pas à supprimer, je voudrais si ossible une traduction des rapprts suivants;

1/combofix:

ComboFix 08-05-25.3 - Imene 2008-05-25 23:03:35.12 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.50 [GMT 2:00]

Endroit: C:\Documents and Settings\Imene\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))))))

.

2008-05-25 21:07 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-05-25 21:07 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-05-25 21:06 . 2008-05-25 21:06 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-05-25 18:57 . 2008-05-25 18:57 <REP> d-------- C:\Documents and Settings\Imene\Application Data\IDM

2008-05-25 18:29 . 2008-05-25 18:29 <REP> d-------- C:\Program Files\Internet Download Manager

2008-05-25 17:53 . 2008-05-25 17:53 <REP> d-------- C:\Program Files\Azureus

2008-05-25 17:14 . 2008-05-25 19:08 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-05-25 17:14 . 2008-05-25 19:08 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-05-25 17:13 . 2008-05-25 17:13 <REP> d-------- C:\Program Files\Kaspersky Lab

2008-05-25 17:13 . 2008-05-25 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-25 17:13 . 2008-05-25 22:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-25 17:13 . 2008-05-25 22:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-25 17:13 . 2008-05-25 22:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-25 17:13 . 2008-05-25 22:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-25 17:12 . 2008-05-25 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-05-25 17:07 . 2008-05-25 17:07 <REP> d-------- C:\Downloads

2008-05-25 17:06 . 2008-05-25 17:06 <REP> d-------- C:\Program Files\Free Download Manager

2008-05-25 17:06 . 2008-05-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG

2008-05-25 15:51 . 2008-05-25 15:51 <REP> d-------- C:\Program Files\IDM Computer Solutions

2008-05-25 15:51 . 2008-05-25 15:51 <REP> d-------- C:\Documents and Settings\Imene\Application Data\IDMComp

2008-05-25 14:11 . 2008-05-25 14:11 <REP> d-------- C:\Documents and Settings\Imene\Application Data\Free Download Manager

2008-05-25 04:34 . 2008-05-25 04:34 <REP> d-------- C:\kav

2008-05-25 01:50 . 2008-05-25 01:50 <REP> d--hs---- C:\FOUND.005

2008-05-24 23:33 . 2008-05-24 23:33 <REP> d-------- C:\Program Files\Micro Application

2008-05-24 23:33 . 2008-05-25 21:11 13,030 --a------ C:\PDOXUSRS.NET

2008-05-24 23:33 . 2008-05-25 03:09 40 --a------ C:\WINDOWS\navigma.INI

2008-05-24 22:58 . 2008-05-24 22:58 <REP> d-------- C:\Program Files\denouvel

2008-05-24 04:35 . 2008-05-24 04:35 <REP> d-------- C:\Program Files\Readiris Pro 10 Demo

2008-05-24 04:35 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll

2008-05-24 04:35 . 2008-05-24 04:35 144 --a------ C:\WINDOWS\Readiris.ini

2008-05-24 02:08 . 2008-05-24 02:08 <REP> d-------- C:\Documents and Settings\Imene\Application Data\TuneUp Software

2008-05-24 02:08 . 2008-05-24 02:08 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-05-24 02:08 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-05-24 02:07 . 2008-05-24 02:07 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-05-24 02:07 . 2008-05-24 02:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-24 02:07 . 2008-05-24 02:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-05-24 00:38 . 2008-05-24 00:38 <REP> d-------- C:\Program Files\PhotoFiltre Studio

2008-05-23 23:52 . 2008-05-23 23:52 <REP> d-------- C:\Program Files\ProPoster

2008-05-23 17:46 . 2008-05-23 17:46 45 ---h----- C:\WINDOWS\dsez2071.dat

2008-05-23 02:37 . 2008-05-23 02:37 <REP> d-------- C:\Program Files\Avira

2008-05-23 02:16 . 2008-05-23 02:16 <REP> d-------- C:\Documents and Settings\Imene\Application Data\Azureus

2008-05-23 02:16 . 2008-05-23 02:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-05-23 02:04 . 2008-05-23 02:04 <REP> d-------- C:\Documents and Settings\Imene\Application Data\LimeWire

2008-05-23 01:43 . 2008-05-24 23:00 11,988 --a------ C:\WINDOWS\coloriage2.dkp

2008-05-22 22:36 . 2008-05-22 22:37 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-05-22 15:38 . 2008-05-22 15:38 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-05-22 12:41 . 2008-05-22 12:41 237,710 --a------ C:\WINDOWS\system32\def.vpc

2008-05-22 10:59 . 2008-05-22 10:59 <REP> d-------- C:\WINDOWS\system32\regdacl

2008-05-22 10:59 . 2008-05-22 11:36 90,112 --a------ C:\WINDOWS\system32\regdacl.exe

2008-05-22 10:59 . 2008-05-22 11:36 16,384 --a------ C:\WINDOWS\system32\restart.exe

2008-05-22 10:59 . 2008-05-22 11:36 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2008-05-21 22:35 . 2008-05-22 11:36 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-05-21 22:34 . 2008-04-27 10:15 4,981 --a------ C:\WINDOWS\system32\gnc.exe

2008-05-21 01:13 . 2008-05-21 01:13 <REP> d--hs---- C:\FOUND.004

2008-05-20 19:43 . 2008-05-20 19:43 <REP> d-------- C:\Program Files\Trend Micro

2008-05-20 19:06 . 2008-05-20 19:06 <REP> d--hs---- C:\FOUND.003

2008-05-20 18:25 . 2008-05-20 18:25 <REP> d--hs---- C:\FOUND.002

2008-05-20 17:26 . 2008-05-20 17:26 <REP> d-------- C:\Documents and Settings\Imene\Application Data\FillToy

2008-05-20 17:10 . 2008-05-20 17:10 <REP> d-------- C:\WINDOWS\system32\URTTemp

2008-05-20 12:36 . 2008-05-25 15:48 796,672 --a------ C:\WINDOWS\GPInstall.exe

2008-05-20 12:36 . 2000-09-29 18:00 8,784 --a------ C:\WINDOWS\F_France.gpl

2008-05-20 11:30 . 2008-05-20 11:30 407,047 --a------ C:\WINDOWS\system32\mioengine.exe

2008-05-19 23:33 . 2008-05-19 23:33 <REP> d-------- C:\Documents and Settings\Imene\Application Data\DeepBurner

2008-05-19 22:54 . 2008-05-19 22:54 <REP> d--hs---- C:\FOUND.001

2008-05-18 22:58 . 2008-05-18 22:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-18 22:58 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-18 22:58 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-18 19:00 . 2008-05-18 19:00 <REP> d--hs---- C:\FOUND.000

2008-05-17 00:30 . 2008-05-17 00:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe

2008-05-17 00:21 . 2008-05-17 00:21 <REP> d-------- C:\Documents and Settings\Imene\Application Data\Nero

2008-05-17 00:18 . 2008-05-17 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-05-15 01:24 . 2005-11-09 09:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-05-15 01:24 . 2005-11-09 09:00 487,424 --a-s---- C:\WINDOWS\system32\msvcp70.dll

2008-05-15 01:24 . 2005-11-09 09:00 344,064 -ra------ C:\WINDOWS\system32\msvcr70.dll

2008-05-15 01:24 . 2005-11-09 09:00 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-05-15 01:19 . 2008-05-15 01:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Droppix

2008-05-14 00:03 . 2008-05-14 00:03 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-05-13 21:19 . 2008-05-13 21:38 1,542 --a------ C:\WINDOWS\tr.INI

2008-05-12 16:50 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe

2008-05-12 09:11 . 2008-05-12 09:11 <REP> d-------- C:\Documents and Settings\Imene\Application Data\ABBYY

2008-05-12 09:08 . 2008-05-12 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY

2008-05-11 00:34 . 2008-05-11 00:34 73,216 --a------ C:\WINDOWS\cadkasdeinst01e.exe

2008-05-10 20:55 . 2008-05-10 23:47 145 --a------ C:\WINDOWS\POSTER.INI

2008-05-08 17:34 . 2008-05-08 17:34 <REP> d-------- C:\Documents and Settings\Imene\Application Data\Malwarebytes

2008-05-08 17:34 . 2008-05-08 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-08 17:27 . 2008-05-08 17:27 <REP> d-------- C:\Program Files\CCleaner

2008-05-08 16:50 . 2008-05-08 16:50 5,158,277 --a------ C:\WINDOWS\system32\Textract.Pat

2008-05-08 16:46 . 2007-02-10 17:03 208,896 --a------ C:\WINDOWS\system32\textract.dll

2008-05-08 16:46 . 2005-05-13 12:59 192,512 --a------ C:\WINDOWS\system32\Scenario.dll

2008-05-08 16:46 . 2007-02-10 16:53 156,649 --a------ C:\WINDOWS\system32\textract.dat

2008-05-08 16:46 . 2005-06-14 10:55 73,728 --a------ C:\WINDOWS\system32\txtrocx.dll

2008-05-08 16:46 . 2008-05-08 16:50 10,355 --a------ C:\WINDOWS\textract.ini

2008-05-08 16:45 . 2008-05-08 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-08 13:43 . 2008-05-08 13:43 <REP> d-------- C:\Program Files\PDFCreator

2008-05-08 13:43 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-05-08 13:43 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-05-08 13:43 . 1998-07-13 01:08 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2008-05-08 13:43 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

2008-05-08 13:43 . 1998-07-13 01:08 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL

2008-05-08 13:43 . 1998-07-13 01:08 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL

2008-05-08 13:43 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-05-07 22:08 . 2008-05-07 22:08 137 --a------ C:\WINDOWS\BuzzTWCP.INI

2008-05-07 22:08 . 2008-05-07 22:08 86 --a------ C:\WINDOWS\BuzzTWSC.INI

2008-05-07 22:01 . 2008-05-08 11:47 101 --a------ C:\WINDOWS\BUZZTWLC.INI

2008-05-07 22:00 . 2008-05-08 11:48 375 --a------ C:\WINDOWS\SoftWriting.ini

2008-05-07 00:31 . 2008-05-07 00:31 <REP> d-------- C:\Documents and Settings\Imene\Application Data\CasaPortale.de

2008-05-06 19:15 . 2008-05-06 19:15 <REP> d-------- C:\Documents and Settings\Imene\Application Data\DMCache

2008-05-02 18:07 . 2008-05-02 18:07 <REP> d-------- C:\Documents and Settings\Imene\Application Data\Apple Computer

2008-04-25 11:07 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-25 11:07 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-25 11:07 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-25 11:07 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-25 11:07 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-25 11:07 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-25 11:07 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-25 11:07 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-25 11:07 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-22 17:51 70,656 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-22 17:51 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-05-20 16:11 98,304 ----a-w C:\WINDOWS\DUMP600d.tmp

2008-05-12 14:27 98,304 ----a-w C:\WINDOWS\DUMP682b.tmp

2008-04-29 19:23 --------- d-----r C:\Program Files\Emule

2008-04-24 18:56 --------- d-----w C:\Documents and Settings\Imene\Application Data\TuxPaint

2008-04-24 18:04 172,032 ----a-w C:\WINDOWS\system32\cncs32.dll

2008-04-19 22:43 212,992 ----a-w C:\WINDOWS\mUninstallFR.exe

2008-04-05 18:59 --------- d-----w C:\Documents and Settings\Imene\Application Data\EPSON

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-16 14:05 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-25_ 1.53.11.96 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-24 23:50:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-25 20:58:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2004-05-08 22:21:06 9,728 ----a-w C:\WINDOWS\system32\931ec51a.dll

+ 2004-05-25 20:00:52 9,728 ----a-w C:\WINDOWS\system32\931ec51a.dll

+ 2008-05-25 17:18:46 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll

- 2004-05-08 22:21:06 49,152 ----a-w C:\WINDOWS\system32\c5cb8581.dll

+ 2004-05-25 20:00:54 53,248 ----a-w C:\WINDOWS\system32\c5cb8581.dll

- 2008-03-16 11:20:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-25 20:57:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-03-16 11:20:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-05-25 20:57:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2007-10-31 11:41:16 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

+ 2007-12-28 17:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys

+ 2007-12-13 11:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys

+ 2008-02-08 16:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat

+ 2008-02-08 16:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

+ 2002-09-06 23:00:00 4,608 ----a-w C:\WINDOWS\system32\w3ctrs.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:54 15360]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55 486856]

"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]

"nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]

"Cmaudio"="cmicnfg.cpl" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56 36975]

"Fantom CD Autorun"="C:\Program Files\Copystar\Fantom CD\fcdm.exe" [2001-11-17 09:11 1358336]

"Athan"="C:\Program Files\Athan\Athan.exe" [2004-08-09 01:02 626688]

"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-16 14:08:53 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\w3ctrs]

w3ctrs.dll 2002-09-07 01:00 4608 C:\WINDOWS\system32\w3ctrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Emule\\EMULE.EXE"=

"C:\\kav\\kis7.0\\french\\setup.exe"=

"C:\\Program Files\\Free Download Manager\\fdm.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5575:TCP"= 5575:TCP:messenger

"8232:TCP"= 8232:TCP:messenger

"1561:TCP"= 1561:TCP:messenger

"6255:TCP"= 6255:TCP:messenger

"6337:TCP"= 6337:TCP:messenger

"2153:TCP"= 2153:TCP:messenger

"1557:TCP"= 1557:TCP:messenger

"2665:TCP"= 2665:TCP:messenger

"3445:TCP"= 3445:TCP:messenger

"3632:TCP"= 3632:TCP:messenger

"5582:TCP"= 5582:TCP:messenger

R0 Copystar;Copystar;C:\WINDOWS\system32\DRIVERS\copystar.sys [2001-11-06 10:10]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:55]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-24 02:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-14 16:38:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-25 21:00:02 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-25 23:15:21

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

Temps d'accomplissement: 2008-05-25 23:17:56

ComboFix-quarantined-files.txt 2008-05-25 21:17:44

ComboFix2.txt 2008-05-24 23:54:48

Pre-Run: 5,083,185,152 octets libres

Post-Run: 5,071,306,752 octets libres

252 --- E O F --- 2008-05-24 00:28:53

2:hijack this;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:57:21, on 25/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Athan\Athan.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Emule\emule.exe

C:\Program Files\denouvel\coloriage2\coloriage2.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [Fantom CD Autorun] C:\Program Files\Copystar\Fantom CD\fcdm.exe /startup

O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{301D5E07-8A22-43CB-B4A2-DC6A9DDECCF8}: NameServer = 208.67.222.222 193.55.10.102

O20 - Winlogon Notify: w3ctrs - C:\WINDOWS\SYSTEM32\w3ctrs.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 7510 bytes

mérci d'avance, j'attends impatiemment la réponse................ a+

Connexion

Pas encore inscrit ?

infection

Messages recommandés

mino10

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer