Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[RESOLU] MS antispyware 2009 + autres


koose
 Share

Messages recommandés

J'ai moi aussi été infecté par ce fichu truc, je vous poste ce que j'ai eu comme rapport. Merci de votre aide.

 

 

 

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.93GHz )

BIOS : Award Medallion BIOS v6.00PG

USER : mark ( Administrator )

BOOT : Normal boot

Antivirus : Norton AntiVirus 2004 (Activated)

Firewall : Norton Internet Security 2004 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:144 Go (Free:6 Go)

D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

E:\ (CD or DVD)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 27/12/2008|16:51 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\DOCUME~1\mark\LOCALS~1\Temp\nsd17.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nse312.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nsg2A2.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nsh2AD.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nsh2B4.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nsk34C.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nss22A.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nsu2B0.tmp

C:\DOCUME~1\mark\LOCALS~1\Temp\nsw2A8.tmp

 

-----------\\ Extensions

 

(mark) - {AE37D527-6604-461c-8102-975CF8053A2F} => bbcode

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Automgen 7 Keygen Key Generator (Crack For All Versions).zip

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Keygen

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\PhotoFiltre.Studio.v8.0.FR.Incl-Keygen.rar

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen.rar

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\avr_4.12a.zip

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\data1.cab

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\data1.hdr

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\data2.cab

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\Disk1.id

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\IAR_crack.zip

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\ikernel.ex_

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\layout.bin

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\Setup.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\Setup.ini

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\setup.inx

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\crack.txt

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\IARID.EXE

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\IARKG.EXE

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\serials.txt

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Keygen\keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Macromedia Studio 8 FR (Dreamweaver 8 - Fireworks 8 - Flash :P + Kegen\Macromedia Studio 8.0 - Keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen\Keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen\TU2006TrialEN.exe

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 27/12/2008|16:58 - Option : [1]

 

-----------\\ Fin du rapport a 16:58:54,04

 

 

 

Qu'en pensez-vous ?

Modifié par koose
Lien vers le commentaire
Partager sur d’autres sites

Après avoir choisi "2", suppression :

 

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.93GHz )

BIOS : Award Medallion BIOS v6.00PG

USER : mark ( Administrator )

BOOT : Normal boot

Antivirus : Norton AntiVirus 2004 (Activated)

Firewall : Norton Internet Security 2004 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:144 Go (Free:6 Go)

D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

E:\ (CD or DVD)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 27/12/2008|17:06 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsd17.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nse312.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsg2A2.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsh2AD.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsh2B4.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsk34C.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nss22A.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsu2B0.tmp

Supprime! - C:\DOCUME~1\mark\LOCALS~1\Temp\nsw2A8.tmp

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(mark) - {AE37D527-6604-461c-8102-975CF8053A2F} => bbcode

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Automgen 7 Keygen Key Generator (Crack For All Versions).zip

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Keygen

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\PhotoFiltre.Studio.v8.0.FR.Incl-Keygen.rar

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen.rar

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\avr_4.12a.zip

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\data1.cab

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\data1.hdr

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\data2.cab

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\Disk1.id

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\IAR_crack.zip

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\ikernel.ex_

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\layout.bin

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\Setup.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\Setup.ini

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\setup.inx

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\crack.txt

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\IARID.EXE

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\IARKG.EXE

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\IAR AVR 4.12A+crack\_crack\serials.txt

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Keygen\keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Macromedia Studio 8 FR (Dreamweaver 8 - Fireworks 8 - Flash :P + Kegen\Macromedia Studio 8.0 - Keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen\Keygen.exe

C:\DOCUME~1\mark\Mes documents\Executifs\Ex‚cutifs\Tune.Up.Utilities.2006.inc.Keygen\TU2006TrialEN.exe

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 27/12/2008|16:58 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 27/12/2008|17:10 - Option : [2]

 

-----------\\ Fin du rapport a 17:10:03,53

Lien vers le commentaire
Partager sur d’autres sites

Bonjour koose, j'ai déplacé ton sujet, on en fait un par machine. :P

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Lien vers le commentaire
Partager sur d’autres sites

Cela a-t-il un sens pour vous :P ?

 

ComboFix 08-12-26.03 - mark 2008-12-27 17:23:53.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.112 [GMT 1:00]

Lancé depuis: c:\documents and settings\mark\Bureau\plop.exe

AV: Norton AntiVirus *On-access scanning disabled* (Outdated)

FW: Norton Internet Security *disabled*

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\MS32DLL.dll.vbs

c:\windows\MS32DLL.dll.vbs

c:\windows\system32\AutoRun.inf

c:\windows\system32\tyshb36rfjdf.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDSSSERV.SYS

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 ))))))))))))))))))))))))))))))))))))

.

 

2100-02-24 13:15 . 2001-04-02 15:30 821 --a--c--- c:\windows\Lexmark_ICM.ini

2100-02-16 15:09 . 2001-02-16 14:37 62 --a------ c:\windows\system32\LXASUSCI.INI

2008-12-27 17:13 . 2008-12-27 17:18 <REP> d-------- C:\Lop SD

2008-12-27 16:50 . 2008-12-27 17:10 <REP> d-------- C:\ToolBar SD

2008-12-26 23:42 . 2008-12-26 23:42 <REP> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd

2008-12-25 21:56 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS

2008-12-25 21:56 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys

2008-12-04 21:32 . 2008-12-04 21:33 <REP> d-------- c:\program files\iTunes

2008-12-04 21:32 . 2008-12-04 21:32 <REP> d-------- c:\program files\iPod

2008-12-04 21:32 . 2008-12-04 21:33 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-04 21:31 . 2008-12-04 21:31 <REP> d-------- c:\program files\Bonjour

2008-12-04 21:16 . 2008-12-04 21:17 <REP> d-------- c:\program files\Safari

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-27 16:20 --------- d-----w c:\documents and settings\mark\Application Data\Skype

2008-12-27 16:05 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-27 15:48 --------- d-----w c:\documents and settings\mark\Application Data\skypePM

2008-12-27 15:47 --------- d-----w c:\documents and settings\mark\Application Data\OpenOffice.org2

2008-12-25 10:47 --------- d-----w c:\program files\Call of Duty

2008-12-25 10:42 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-24 20:20 --------- d-----w c:\program files\eMule

2008-12-22 12:18 --------- d-----w c:\program files\Dofus

2008-12-04 20:32 --------- d-----w c:\program files\Fichiers communs\Apple

2008-12-04 20:30 --------- d-----w c:\program files\QuickTime

2008-11-22 18:50 --------- d-----w c:\program files\TrackMania Nations ESWC

2008-11-18 19:36 --------- d-----w c:\program files\DivX

2008-11-18 19:35 --------- d-----w c:\program files\Wakfu

2008-11-11 10:19 --------- d-----w c:\documents and settings\mark\Application Data\LimeWire

2008-11-08 18:31 --------- d-----w c:\program files\mIRC

2008-11-02 20:50 --------- d-----w c:\documents and settings\mark\Application Data\Template

2008-11-01 09:47 --------- d-----w c:\program files\Wolfenstein - Enemy Territory

2008-01-03 23:06 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"MS AntiSpyware 2009"="c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" [2008-12-26 1118208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]

"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-12 40960]

"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 53248]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-27 36864]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-03 180269]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-09-10 c:\windows\SoundMan.exe]

"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 c:\windows\ALCWZRD.EXE]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\mark\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-12-26 299008]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-07 67128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\APPS\\Inventime\\my.exe"=

"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\FileZilla\\FileZilla.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=

"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=

"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2007-11-07 49152]

R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2007-08-15 140416]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-23 33752]

S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2005-05-11 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2005-05-11 77072]

S3 QCEmerald;QuickCam Web Logitech;c:\windows\system32\DRIVERS\OVCE.sys [2007-05-04 31872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contenu du dossier 'Tâches planifiées'

 

2008-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

Notify-dimsntfy - (no file)

 

 

.

------- Examen supplémentaire -------

.

uStart Page = file://c:\apps\IE\offline\fr.htm

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\mark\Application Data\Mozilla\Firefox\Profiles\yq2gssrx.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (FR)

FF - prefs.js: browser.startup.homepage - www.google.fr

FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 17:31:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]

"imagepath"="\systemroot\system32\drivers\TDSSpaxt.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]

"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE

c:\program files\OpenOffice.org 2.2\program\soffice.exe

c:\program files\OpenOffice.org 2.2\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Mozilla Firefox\firefox.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

.

**************************************************************************

.

Heure de fin: 2008-12-27 17:37:05 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-27 16:37:00

 

Avant-CF: 7 266 656 256 octets libres

Après-CF: 17,219,641,344 octets libres

 

209 --- E O F --- 2008-10-24 22:03:06

Lien vers le commentaire
Partager sur d’autres sites

Yep, ça cause tout ça, c'est plein d'infos, mais c'est vrai que c'est en mode décryptage. :P

 

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :

Killall::

 

File::

c:\windows\system32\drivers\TDSSpaxt.sys

 

Folder::

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MS AntiSpyware 2009"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

img-2258535my8h.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là.

Lien vers le commentaire
Partager sur d’autres sites

Voici combofix :

 

ComboFix 08-12-26.03 - mark 2008-12-27 19:09:07.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.222 [GMT 1:00]

Lancé depuis: c:\documents and settings\mark\Bureau\plop.exe

AV: Norton AntiVirus *On-access scanning disabled* (Outdated)

FW: Norton Internet Security *disabled*

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\TDSSpaxt.sys

c:\windows\system32\Drivers\TDSSpqlt.sys

c:\windows\system32\TDSSbivk.log

c:\windows\system32\TDSSbrsr.dll

c:\windows\system32\TDSScfum.dll

c:\windows\system32\TDSSlxwp.dll

c:\windows\system32\TDSSnmxh.dll

c:\windows\system32\TDSSnrsr.dat

c:\windows\system32\TDSSofxh.dll

c:\windows\system32\TDSSoiqh.dll

c:\windows\system32\TDSSosvd.dat

c:\windows\system32\TDSSrhym.dll

c:\windows\system32\TDSSriqp.dll

c:\windows\system32\TDSSsihc.dll

c:\windows\system32\TDSStkdu.log

c:\windows\system32\TDSSxfum.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 ))))))))))))))))))))))))))))))))))))

.

 

2100-02-24 13:15 . 2001-04-02 15:30 821 --a--c--- c:\windows\Lexmark_ICM.ini

2100-02-16 15:09 . 2001-02-16 14:37 62 --a------ c:\windows\system32\LXASUSCI.INI

2008-12-27 17:21 . 2008-12-27 17:21 <REP> d-------- C:\32788R22FWJFW.0.tmp

2008-12-27 17:13 . 2008-12-27 17:18 <REP> d-------- C:\Lop SD

2008-12-27 16:50 . 2008-12-27 17:10 <REP> d-------- C:\ToolBar SD

2008-12-26 23:42 . 2008-12-26 23:42 <REP> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd

2008-12-25 21:56 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS

2008-12-25 21:56 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys

2008-12-04 21:32 . 2008-12-04 21:33 <REP> d-------- c:\program files\iTunes

2008-12-04 21:32 . 2008-12-04 21:32 <REP> d-------- c:\program files\iPod

2008-12-04 21:32 . 2008-12-04 21:33 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-04 21:31 . 2008-12-04 21:31 <REP> d-------- c:\program files\Bonjour

2008-12-04 21:16 . 2008-12-04 21:17 <REP> d-------- c:\program files\Safari

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-27 18:04 --------- d-----w c:\documents and settings\mark\Application Data\Skype

2008-12-27 18:04 --------- d-----w c:\documents and settings\mark\Application Data\OpenOffice.org2

2008-12-27 16:33 --------- d-----w c:\documents and settings\mark\Application Data\skypePM

2008-12-27 16:05 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-25 10:47 --------- d-----w c:\program files\Call of Duty

2008-12-25 10:42 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-25 10:41 202,448 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-24 20:20 --------- d-----w c:\program files\eMule

2008-12-22 12:18 --------- d-----w c:\program files\Dofus

2008-12-04 20:32 --------- d-----w c:\program files\Fichiers communs\Apple

2008-12-04 20:30 --------- d-----w c:\program files\QuickTime

2008-11-22 18:50 --------- d-----w c:\program files\TrackMania Nations ESWC

2008-11-18 19:36 --------- d-----w c:\program files\DivX

2008-11-18 19:35 --------- d-----w c:\program files\Wakfu

2008-11-11 10:19 --------- d-----w c:\documents and settings\mark\Application Data\LimeWire

2008-11-08 18:31 --------- d-----w c:\program files\mIRC

2008-11-02 20:50 --------- d-----w c:\documents and settings\mark\Application Data\Template

2008-11-01 09:47 --------- d-----w c:\program files\Wolfenstein - Enemy Territory

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-01-03 23:06 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"MS AntiSpyware 2009"="c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" [2008-12-26 1118208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]

"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-12 40960]

"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 53248]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-27 36864]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-03 180269]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-09-10 c:\windows\SoundMan.exe]

"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 c:\windows\ALCWZRD.EXE]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\mark\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-12-26 299008]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-07 67128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\APPS\\Inventime\\my.exe"=

"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\FileZilla\\FileZilla.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=

"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=

"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2007-11-07 49152]

R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2007-08-15 140416]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-23 33752]

S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2005-05-11 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2005-05-11 77072]

S3 QCEmerald;QuickCam Web Logitech;c:\windows\system32\DRIVERS\OVCE.sys [2007-05-04 31872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

 

*Newly Created Service* - CATCHME

*Newly Created Service* - GTNDIS5

.

Contenu du dossier 'Tâches planifiées'

 

2008-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

.

------- Examen supplémentaire -------

.

uStart Page = file://c:\apps\IE\offline\fr.htm

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\mark\Application Data\Mozilla\Firefox\Profiles\yq2gssrx.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (FR)

FF - prefs.js: browser.startup.homepage - www.google.fr

FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 19:11:23

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]

"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2008-12-27 19:12:31

ComboFix-quarantined-files.txt 2008-12-27 18:11:58

ComboFix2.txt 2008-12-27 16:37:37

 

Avant-CF: 17,255,010,304 octets libres

Après-CF: 17,242,853,376 octets libres

 

218 --- E O F --- 2008-10-24 22:03:06

 

 

Et hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:18:55, on 27/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\mark\Mes documents\Téléchargements\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 10245 bytes

 

 

Magnifique n'est-ce pas :P ? En tout cas merci pour votre aide !

Lien vers le commentaire
Partager sur d’autres sites

C'est mieux ?

 

 

 

 

 

ComboFix 08-12-26.03 - mark 2008-12-27 20:32:23.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.213 [GMT 1:00]

Lancé depuis: c:\documents and settings\mark\Bureau\plop.exe

Commutateurs utilisés :: c:\documents and settings\mark\Bureau\CFScript.txt

AV: Norton AntiVirus *On-access scanning disabled* (Outdated)

FW: Norton Internet Security *disabled*

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\system32\drivers\TDSSpaxt.sys

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081226234319843.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081226234614125.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227105902687.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227111641656.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227145753875.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227163816093.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227164639109.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227173201406.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227190340343.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081227191603000.log

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 ))))))))))))))))))))))))))))))))))))

.

 

2100-02-24 13:15 . 2001-04-02 15:30 821 --a--c--- c:\windows\Lexmark_ICM.ini

2100-02-16 15:09 . 2001-02-16 14:37 62 --a------ c:\windows\system32\LXASUSCI.INI

2008-12-27 17:21 . 2008-12-27 17:21 <REP> d-------- C:\32788R22FWJFW.0.tmp

2008-12-27 17:13 . 2008-12-27 17:18 <REP> d-------- C:\Lop SD

2008-12-27 16:50 . 2008-12-27 17:10 <REP> d-------- C:\ToolBar SD

2008-12-25 21:56 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS

2008-12-25 21:56 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys

2008-12-04 21:32 . 2008-12-04 21:33 <REP> d-------- c:\program files\iTunes

2008-12-04 21:32 . 2008-12-04 21:32 <REP> d-------- c:\program files\iPod

2008-12-04 21:32 . 2008-12-04 21:33 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-04 21:31 . 2008-12-04 21:31 <REP> d-------- c:\program files\Bonjour

2008-12-04 21:16 . 2008-12-04 21:17 <REP> d-------- c:\program files\Safari

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-27 18:17 --------- d-----w c:\documents and settings\mark\Application Data\Skype

2008-12-27 18:16 --------- d-----w c:\documents and settings\mark\Application Data\OpenOffice.org2

2008-12-27 16:33 --------- d-----w c:\documents and settings\mark\Application Data\skypePM

2008-12-27 16:05 --------- d-----w c:\program files\Mozilla Thunderbird

2008-12-25 10:47 --------- d-----w c:\program files\Call of Duty

2008-12-25 10:42 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-24 20:20 --------- d-----w c:\program files\eMule

2008-12-22 12:18 --------- d-----w c:\program files\Dofus

2008-12-04 20:32 --------- d-----w c:\program files\Fichiers communs\Apple

2008-12-04 20:30 --------- d-----w c:\program files\QuickTime

2008-11-22 18:50 --------- d-----w c:\program files\TrackMania Nations ESWC

2008-11-18 19:36 --------- d-----w c:\program files\DivX

2008-11-18 19:35 --------- d-----w c:\program files\Wakfu

2008-11-11 10:19 --------- d-----w c:\documents and settings\mark\Application Data\LimeWire

2008-11-08 18:31 --------- d-----w c:\program files\mIRC

2008-11-02 20:50 --------- d-----w c:\documents and settings\mark\Application Data\Template

2008-11-01 09:47 --------- d-----w c:\program files\Wolfenstein - Enemy Territory

2008-01-03 23:06 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]

"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-12 40960]

"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 53248]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-27 36864]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-12-03 180269]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-09-10 c:\windows\SoundMan.exe]

"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 c:\windows\ALCWZRD.EXE]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\mark\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-12-26 299008]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-07 67128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\APPS\\Inventime\\my.exe"=

"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"c:\\Program Files\\FileZilla\\FileZilla.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"c:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=

"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=

"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2007-11-07 49152]

R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2007-08-15 140416]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-23 33752]

S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2005-05-11 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2005-05-11 77072]

S3 QCEmerald;QuickCam Web Logitech;c:\windows\system32\DRIVERS\OVCE.sys [2007-05-04 31872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

 

*Newly Created Service* - GTNDIS5

.

Contenu du dossier 'Tâches planifiées'

 

2008-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

.

------- Examen supplémentaire -------

.

uStart Page = file://c:\apps\IE\offline\fr.htm

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\mark\Application Data\Mozilla\Firefox\Profiles\yq2gssrx.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (FR)

FF - prefs.js: browser.startup.homepage - www.google.fr

FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 20:37:08

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]

"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wscntfy.exe

c:\program files\OpenOffice.org 2.2\program\soffice.exe

c:\program files\OpenOffice.org 2.2\program\soffice.bin

c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

.

**************************************************************************

.

Heure de fin: 2008-12-27 20:42:49 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-27 19:42:46

ComboFix2.txt 2008-12-27 18:12:32

ComboFix3.txt 2008-12-27 16:37:37

 

Avant-CF: 17 218 740 224 octets libres

Après-CF: 17,154,723,840 octets libres

 

211 --- E O F --- 2008-10-24 22:03:06

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×
×
  • Créer...