[Résolu] Infection de mon ordi

karinee · le 28 juin 2008

Pareil, CFscript.Txt

voici le raport cfscript que tu m'as demandé et je te poste dans deux minutes l'autre

ComboFix 08-06-20.4 - chachou_2 2008-06-28 17:43:01.5 - NTFSx86

Endroit: C:\Documents and Settings\chachou_2\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\chachou_2\Bureau\CFscript.Txt

* Création d'un nouveau point de restauration

* Resident AV is active

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))

.

2008-06-27 11:43 . 2008-06-28 12:49 <REP> d-------- C:\Program Files\Navilog1

2008-06-26 22:42 . 2008-06-26 22:42 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-06-26 14:31 . 2008-06-26 14:31 <REP> d-------- C:\Documents and Settings\romain\Application Data\Malwarebytes

2008-06-26 06:19 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-26 06:19 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-26 06:19 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-26 06:19 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-26 06:19 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-26 06:18 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-26 06:18 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-26 06:18 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-26 06:18 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-25 16:40 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx

2008-06-25 16:40 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx

2008-06-25 16:40 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx

2008-06-25 16:32 . 2008-06-25 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ascentive

2008-06-25 16:29 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll

2008-06-25 16:29 . 2007-10-17 10:19 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll

2008-06-25 16:28 . 2008-06-25 17:12 <REP> d-------- C:\Program Files\Ascentive

2008-06-25 14:02 . 2008-06-25 14:02 <REP> d-------- C:\Program Files\VS Revo Group

2008-06-25 12:06 . 2008-06-26 22:42 <REP> d-------- C:\WINDOWS\system32\fr-fr

2008-06-24 18:54 . 2008-06-24 18:54 <REP> d-------- C:\Documents and Settings\chachou_2\Application Data\Windows Live Writer

2008-06-24 10:13 . 2008-06-24 10:13 <REP> d-------- C:\Documents and Settings\chachou_2\Application Data\Malwarebytes

2008-06-24 10:13 . 2008-06-24 10:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-24 10:13 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-24 10:13 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-24 10:12 . 2008-06-24 10:13 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-24 09:24 . 2008-06-24 09:24 <REP> d-------- C:\Program Files\Trend Micro

2008-06-22 00:06 . 2008-06-22 00:06 1,409 --a------ C:\WINDOWS\system32\tmpE4A1A.FOT

2008-06-19 10:00 . 2008-06-20 11:18 193 --a------ C:\WINDOWS\hppsapp.INI

2008-06-16 15:44 . 2008-06-24 08:57 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-16 15:44 . 2008-06-24 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-16 08:46 . 2008-06-16 08:46 1,409 --a------ C:\WINDOWS\system32\tmp7B431.FOT

2008-06-16 08:46 . 2008-06-16 08:46 1,409 --a------ C:\WINDOWS\system32\tmp50531.FOT

2008-06-16 08:46 . 2008-06-16 08:46 1,409 --a------ C:\WINDOWS\system32\tmp34531.FOT

2008-06-16 08:46 . 2008-06-16 09:23 141 --a------ C:\WINDOWS\Clubhouse.ini

2008-06-16 08:40 . 2008-06-21 23:42 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2008-06-16 08:40 . 2008-06-21 23:42 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2008-06-16 08:40 . 2008-06-21 23:42 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2008-06-16 08:35 . 2008-06-16 08:35 <REP> d-------- C:\Program Files\Knowledge Adventure

2008-06-16 08:35 . 2001-03-26 11:55 1,325,821 --a------ C:\WINDOWS\UninstFrankClub.exe

2008-06-16 08:31 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-06-16 08:31 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-06-15 17:21 . 2008-06-15 17:21 <REP> d-------- C:\sj646

2008-06-15 17:21 . 2000-10-09 18:57 102,400 --a------ C:\WINDOWS\system32\hpgmastr.dll

2008-06-15 17:21 . 2001-08-14 13:24 90,112 --a------ C:\WINDOWS\system32\hpsjvset.dll

2008-06-15 17:21 . 2001-08-03 11:23 40,960 --a------ C:\WINDOWS\system32\hpgmausd.dll

2008-06-15 17:21 . 2001-08-14 13:15 11,185 --a------ C:\WINDOWS\system32\hpgmasti.inf

2008-06-11 06:33 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 06:33 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-07 21:38 . 2008-06-07 21:41 <REP> d-------- C:\Program Files\Satsuki Decoder Pack

2008-06-07 21:11 . 2008-06-07 21:11 <REP> d-------- C:\Program Files\SmartSound Software

2008-06-07 21:11 . 2008-06-07 21:11 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-06-07 21:11 . 2008-06-07 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-07 21:11 . 2008-06-07 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

2008-06-07 21:06 . 2008-06-07 21:06 <REP> d-------- C:\WINDOWS\system32\QuickTime

2008-06-07 21:06 . 2008-06-07 21:06 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-06-07 20:29 . 2007-10-24 01:47 282,112 --a------ C:\WINDOWS\system32\mscoree.dll

2008-06-07 16:12 . 2008-06-07 20:32 <REP> d-------- C:\Program Files\Yahoo!

2008-06-07 16:11 . 2008-06-07 16:13 <REP> d-------- C:\Program Files\CCleaner

2008-06-07 15:54 . 2008-06-07 15:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-06 18:10 . 2008-06-06 18:10 <REP> d-------- C:\Documents and Settings\antoine\WINDOWS

2008-06-06 18:10 . 1996-02-08 11:24 247,296 --a------ C:\WINDOWS\UN16040C.EXE

2008-06-04 16:08 . 2008-06-04 16:08 <REP> d--hs---- C:\WINDOWS\ftpcache

2008-06-04 12:58 . 2008-06-04 12:58 21,504 --a------ C:\WINDOWS\jestertb.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 14:56 --------- d-----w C:\Program Files\Ulead Systems

2008-06-25 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-25 14:46 --------- d-----w C:\Program Files\Maxis

2008-06-25 12:26 --------- d-----w C:\Program Files\LucasArts

2008-06-25 12:06 --------- d-----w C:\Program Files\Windows Live

2008-06-25 10:08 --------- d-----w C:\Program Files\Google

2008-06-24 07:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-16 06:36 --------- d-----w C:\Program Files\QuickTime

2008-06-15 15:21 --------- d-----w C:\Program Files\Hewlett-Packard

2008-06-07 19:11 --------- d-----w C:\Program Files\Share_Accelerator_MM

2008-06-07 19:11 --------- d-----w C:\Documents and Settings\chachou_2\Application Data\Ulead Systems

2008-06-07 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2008-06-07 19:08 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems

2008-06-07 18:54 --------- d-----w C:\Program Files\Java

2008-06-02 05:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-13 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS

2008-05-12 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\quartz.dll

2008-05-01 12:54 --------- d-----w C:\Documents and Settings\chachou_2\Application Data\CoSoSys

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-11 16:34 68,656 -c--a-w C:\Documents and Settings\chachou_2\Application Data\GDIPFONTCACHEV1.DAT

2007-09-04 07:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2005-11-03 23:29 72,832 -c--a-r C:\WINDOWS\inf\CamAvb.sys

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-05-13 17:11 1397760]

"Controleur de calendrier pour Ulead Photo Express"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [ ]

"ShowWnd"="ShowWnd.exe" [2003-09-19 09:09 36864 C:\WINDOWS\ShowWnd.exe]

"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-04 10:43 1836544]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:12 53248]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 12:19 188416]

"ledpointer"="CNYHKey.exe" [2004-02-03 18:15 5794816 C:\WINDOWS\CNYHKey.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45 135214]

"F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 15:58 176177]

"F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 15:57 733184]

"RegistryMechanic"="" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.mpegacm"= mpegacm.acm

"msacm.ulmp3acm"= ulmp3acm.acm

"vidc.SEDG"= mcs_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:shareaza

"6346:UDP"= 6346:UDP:shareaza

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-20 15:28]

R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys [2005-04-04 17:25]

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-03-20 15:27]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2007-06-13 15:58]

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 11:38]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2007-06-13 15:58]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2007-06-13 15:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a10066d6-b278-11dc-9ba8-8f3b69726229}]

\Shell\Auto\command - cmd /C launch.bat

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-06-27 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2008-06-28 09:22:52 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- C:\PROGRA~1\Orange\ANTIVI~1\ANTI-V~1\fsav.exeX /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\Orange\ANTIVI~1\ANTI-V~1\report.txt %C:\PROGRA~1\Orange\ANTIVI~1\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus.

"2008-06-28 15:14:07 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-28 17:48:36

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\HKCYDLL.dll

PROCESS: C:\WINDOWS\explorer.exe

.

Temps d'accomplissement: 2008-06-28 17:53:32

ComboFix-quarantined-files.txt 2008-06-28 15:53:23

ComboFix2.txt 2008-06-28 10:06:03

ComboFix3.txt 2008-06-24 17:42:59

ComboFix4.txt 2008-06-24 13:49:31

Pre-Run: 44,319,199,232 octets libres

Post-Run: 44,073,144,320 octets libres

195 --- E O F --- 2008-06-26 20:43:01

karinee · le 28 juin 2008