Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Analyse hijackthis, services qui ne démarre pas

Un autre curieux
 Partager

Messages recommandés

Un autre curieux Member

Un autre curieux

Posté(e)
  • Auteur
Posté(e)

Voici le scan fait après avoir fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

 

 

ComboFix 09-03-31.01 - Guy 2009-03-31 16:59:55.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.472 [GMT -4:00]

Lancé depuis: c:\documents and settings\Guy\Bureau\CBF.exe

Commutateurs utilisés :: c:\documents and settings\Guy\Bureau\CFScript.txt

AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated)

FW: Sympatico Security Manager Firewall *disabled*

* Un nouveau point de restauration a été créé

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-29 12:45 . 2009-03-29 12:47 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-29 12:09 . 2009-03-29 12:11 <REP> d-------- c:\documents and settings\Guy\.SunDownloadManager

2009-03-28 19:15 . 2009-03-28 19:24 <REP> d-------- C:\ComboFix

2009-03-28 16:39 . 2009-03-28 16:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft

2009-03-28 16:30 . 2009-03-28 16:31 <REP> d-------- c:\program files\Navilog1

2009-03-28 15:04 . 2009-03-28 15:04 <REP> dr------- c:\documents and settings\NetworkService\Mes documents

2009-03-28 01:05 . 2001-08-23 17:46 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2009-03-28 00:14 . 2008-11-06 02:03 <REP> d-------- C:\SDFix

2009-03-27 20:24 . 1997-08-05 09:18 940,304 --a------ c:\windows\system\mfc42.dll

2009-03-27 20:01 . 2009-03-27 19:51 58,891 --a------ C:\mdelk.EXE

2009-03-24 18:45 . 2009-03-24 18:47 <REP> d-------- c:\documents and settings\Administrateur\DoctorWeb

2009-03-22 21:14 . 2009-03-22 21:15 <REP> d-------- c:\documents and settings\Guy\DoctorWeb

2009-03-22 16:48 . 2009-03-22 16:48 <REP> d-------- c:\program files\Raxco

2009-03-22 16:25 . 2009-03-22 16:25 <REP> d-------- c:\program files\CA

2009-03-22 01:18 . 2009-03-22 01:18 <REP> d-------- c:\documents and settings\NetworkService\Bureau

2009-03-21 22:45 . 2009-03-21 22:45 <REP> d-------- c:\program files\Innovative Solutions

2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\LocalService\Bureau

2009-03-20 20:07 . 2009-03-20 21:15 <REP> d-------- c:\documents and settings\Guy\Application Data\QuickScan

2009-03-17 22:34 . 2009-03-17 22:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon

2009-03-17 19:14 . 2009-03-17 19:14 <REP> d-------- C:\_AcroTemp

2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a------ c:\windows\system32\wextract.exe

2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a--c--- c:\windows\system32\dllcache\wextract.exe

2009-02-01 13:48 . 2009-02-01 14:00 <REP> d-------- c:\program files\SlySoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-31 20:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-29 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-29 21:38 --------- d-----w c:\program files\Java

2009-03-29 21:31 --------- d-----w c:\documents and settings\Guy\Application Data\U3

2009-03-29 16:47 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-29 04:02 --------- d-----w c:\program files\PersonalBrain

2009-03-29 03:21 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-29 03:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-29 02:55 --------- d-----w c:\program files\Lavasoft

2009-03-29 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-03-28 04:34 --------- d-----w c:\documents and settings\Guy\Application Data\Lavasoft

2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-24 22:55 --------- d-----w c:\program files\SpywareBlaster

2009-03-24 22:50 --------- d-----w c:\program files\ma-config.com

2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\Simple Sudoku

2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\LimeWire

2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\DVD Profiler

2009-03-21 05:18 --------- d-----w c:\documents and settings\Guy\Application Data\uTorrent

2009-03-18 13:21 --------- d-----w c:\program files\SpywareGuard

2009-03-18 01:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\Bell

2009-03-16 00:31 --------- d-----w c:\program files\Fichiers communs\Ahead

2009-03-13 10:52 --------- d-----w c:\documents and settings\Guy\Application Data\dvdcss

2009-03-11 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-09 21:43 --------- d-----w c:\program files\PowerISO

2009-03-05 22:32 --------- d-----w c:\program files\DVD Profiler3

2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 02:45 --------- d-----w c:\program files\Druide

2009-01-31 05:06 --------- d-----w c:\documents and settings\Guy\Application Data\PersonalBrain

2009-01-29 23:02 103,488 ----a-w c:\windows\system32\drivers\AnyDVD.sys

2009-01-29 22:57 23,976 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys

2009-01-29 21:54 89,256 ----a-w c:\windows\system32\ElbyCDIO.dll

2009-01-28 16:02 --------- d-----w c:\documents and settings\Guy\Application Data\vlc

2009-01-11 00:38 31 ----a-w c:\documents and settings\Guy\jagex_runescape_preferences.dat

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll

2008-07-11 23:23 163 ----a-w c:\program files\setuplog.txt

2008-06-26 22:50 213 ----a-w c:\documents and settings\Guy\7716.bat

2008-06-16 18:28 415 ----a-w c:\program files\file_id.diz

2008-06-16 18:27 7,628 ----a-w c:\program files\te.nfo

2008-04-13 01:07 22,118 ----a-w c:\program files\keyfinder.cfg

2008-01-11 15:49 1,224,133 ----a-w c:\program files\I_LOVE_DVT.RAR

2008-01-10 21:42 20,851,200 ----a-w c:\program files\PersonalBrain_windows_4_1_2_8_lib.exe

2007-08-22 13:21 47,360 ----a-w c:\documents and settings\Guy\Application Data\pcouffin.sys

2007-06-09 22:08 121 ----a-w c:\program files\users.dat

2007-02-20 22:43 21,416 ----a-w c:\documents and settings\Guy\Application Data\GDIPFONTCACHEV1.DAT

2006-06-15 21:18 32 ----a-r c:\documents and settings\All Users\hash.dat

2001-03-28 16:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-28_20.24.16.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\java.exe

+ 2009-03-29 16:47:19 144,792 ----a-w c:\windows\system32\java.exe

- 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\javaw.exe

+ 2009-03-29 16:47:20 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-08-21 20:04:24 143,360 ----a-w c:\windows\system32\javaws.exe

+ 2009-03-29 16:47:21 148,888 ----a-w c:\windows\system32\javaws.exe

+ 2008-04-13 23:33:30 1,028,096 ----a-w c:\windows\system32\mfc42.dll

- 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe

+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe

+ 2009-03-31 20:33:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"Sympatico Security Manager"="c:\program files\Bell\Security Manager\RPS.exe" [2008-03-10 311024]

"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\guy\application data\iolo

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--------- 2008-06-11 23:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

--a------ 2008-06-12 03:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup1]

--a------ 2008-12-20 18:46 124928 c:\windows\system32\advpack.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

--a------ 2005-05-20 15:46 28160 c:\windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"AVP"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\MusicBrainz Picard\\picard.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"67:UDP"= 67:UDP:DHCP Discovery Service

"42668:TCP"= 42668:TCP:utorrent

"42668:UDP"= 42668:UDP:utorrent

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"6112:TCP"= 6112:TCP:Blizzard Downloader

"85:TCP"= 85:TCP:BroadWave Web Server

 

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-07-23 17408]

R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [2008-11-28 499716]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-06-27 179856]

R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-06-27 15504]

S2 CSIScanner;CSIScanner; [x]

S2 spydetector;spydetector;\??\c:\program files\Spyware Process Detector\Crack\spydetector.sys --> c:\program files\Spyware Process Detector\Crack\spydetector.sys [?]

S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2006-05-14 11935]

S3 Radialpoint Security Services;Sympatico Security Manager;c:\program files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824]

S4 ioloFileInfoList;iolo FileInfoList Service; [x]

S4 ioloSystemService;iolo System Service; [x]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

\Shell\AutoRun\command - M:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com o:\

\Shell\Open\command - o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com o:\

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com q:\

\Shell\Open\command - q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com q:\

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com r:\

\Shell\Open\command - r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com r:\

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com s:\

\Shell\Open\command - s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com s:\

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46524144-4652-4652-4652-465241444554}]

"c:\windows\Cursors\lsass.exe" /s

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

 

2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Guy.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]

 

2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Update for Guy.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]

 

2009-03-31 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx

mStart Page = hxxp://sympatico.msn.ca/defaultf.aspx

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à Kaspersky Anti-Bannière

IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: EarthLink Yahoo Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=MICC20&q=

FF - component: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\BDQScan.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19); user_pref(general.useragent.extra.zencast, Creative ZENcast v1.02.12

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 200000

FF - user.js: content.notify.interval - 100000

FF - user.js: content.switch.threshold - 650000

FF - user.js: nglayout.initialpaint.delay - 300

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(yahoo.homepage.dontask, true.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-31 17:03:36

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DE3BB4B-E521-0E1A-40CC-911A443483E9}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ababfebacpnmbbobopfhkleokgdbfollpg"=hex:65,62,61,62,65,63,64,6a,62,64,66,68,

6e,63,6b,61,66,65,6f,62,66,70,70,63,6b,63,6f,6c,6f,6d,6d,6f,6e,68,66,6a,6f,\

"bbabfebacpnmbbobopehfpolfpliecciamaa"=hex:61,62,6e,6f,66,69,70,70,6d,61,69,6a,

69,6f,6d,62,6f,6f,6c,6d,68,68,67,70,6f,68,63,61,6e,62,67,62,65,6a,00,6a

.

Heure de fin: 2009-03-31 17:07:30

ComboFix-quarantined-files.txt 2009-03-31 21:07:19

ComboFix2.txt 2009-03-29 18:18:48

ComboFix3.txt 2009-03-29 00:26:53

 

Avant-CF: 16 149 102 592 octets libres

Après-CF: 16,132,329,472 octets libres

 

Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5

269 --- E O F --- 2009-03-31 20:39:01

Un autre curieux Member

Un autre curieux

Posté(e)
  • Auteur
Posté(e)

oups!! voici la suite soit du scan systemlook (désolé)

 

 

 

SystemLook v1.0 by jpshortstuff (02.03.09)

Log created at 17:19 on 31/03/2009 by Guy (Administrator - Elevation successful)

 

========== contents ==========

 

c:\documents and settings\Guy\7716.bat - Opened succesfully.

 

@Echo off

:S

Del app.exe

If Exist app.exe Goto S

:Tlg-a}c

Del install.exe

If Exist install.exe Goto T

:G

Del me.exe

If Exist me.exe Goto T

:P

Del winlogo.exe

If Exist winlogo.exe Goto D

Del 7716.bat

 

 

-=End Of File=-

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir :P

 

Tu sembles avoir lancé deux fois ComboFix ? Tu avais rencontré un souci ?

 

Poste moi également l'autre rapport, il se trouve là :

 

C:\ComboFix2.txt

Un autre curieux Member

Un autre curieux

Posté(e)
  • Auteur
Posté(e)

En effet!

Petit problème!

Une fenêtre s'est ouverte me demandant d'envoyer le log.txt pour analyse supplémentaire mais le fichier à envoyer ne se trouvait pas là où le chemin d'accès le cherchait.

Donc j'ai repris la procédure....

 

Pour l'autre rapport...qui doit se trouver sur C:\ComboFix2.txt je ne le trouve pas à cet endroit, est-ce que vous parlez du log qui se crée suite à l'exécution de systemlook?

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Regarde dans le répertoire C:\Qoobox s'il ne s'y trouverait pas.

Un autre curieux Member

Un autre curieux

Posté(e)
  • Auteur
Posté(e) (modifié)

Voici un combofix2.txt trouvé dans C:\Qoobox est-ce le bon?

 

ComboFix 09-03-28.06 - Guy 2009-03-29 14:10:58.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.544 [GMT -4:00]

Lancé depuis: c:\documents and settings\Guy\Bureau\CBF.exe

AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated)

FW: Sympatico Security Manager Firewall *disabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

O:\Autorun.inf

o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com

Q:\Autorun.inf

q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com

R:\Autorun.inf

r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com

S:\Autorun.inf

s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-29 12:45 . 2009-03-29 12:47 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-29 12:09 . 2009-03-29 12:11 <REP> d-------- c:\documents and settings\Guy\.SunDownloadManager

2009-03-28 19:15 . 2009-03-28 19:24 <REP> d-------- C:\ComboFix

2009-03-28 16:39 . 2009-03-28 16:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft

2009-03-28 16:30 . 2009-03-28 16:31 <REP> d-------- c:\program files\Navilog1

2009-03-28 15:04 . 2009-03-28 15:04 <REP> dr------- c:\documents and settings\NetworkService\Mes documents

2009-03-28 01:05 . 2001-08-23 17:46 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

2009-03-28 00:14 . 2008-11-06 02:03 <REP> d-------- C:\SDFix

2009-03-27 21:11 . 2009-03-28 14:56 <REP> d-------- c:\program files\FindyKill

2009-03-27 20:24 . 1997-08-05 09:18 940,304 --a------ c:\windows\system\mfc42.dll

2009-03-27 20:01 . 2009-03-27 19:51 58,891 --a------ C:\mdelk.EXE

2009-03-24 18:45 . 2009-03-24 18:47 <REP> d-------- c:\documents and settings\Administrateur\DoctorWeb

2009-03-22 21:14 . 2009-03-22 21:15 <REP> d-------- c:\documents and settings\Guy\DoctorWeb

2009-03-22 16:48 . 2009-03-22 16:48 <REP> d-------- c:\program files\Raxco

2009-03-22 16:25 . 2009-03-22 16:25 <REP> d-------- c:\program files\CA

2009-03-22 01:18 . 2009-03-22 01:18 <REP> d-------- c:\documents and settings\NetworkService\Bureau

2009-03-21 22:45 . 2009-03-21 22:45 <REP> d-------- c:\program files\Innovative Solutions

2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\LocalService\Bureau

2009-03-20 20:07 . 2009-03-20 21:15 <REP> d-------- c:\documents and settings\Guy\Application Data\QuickScan

2009-03-18 09:27 . 2009-03-18 09:27 <REP> d-------- c:\program files\FileChecker

2009-03-17 22:34 . 2009-03-17 22:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon

2009-03-17 19:14 . 2009-03-17 19:14 <REP> d-------- C:\_AcroTemp

2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a------ c:\windows\system32\wextract.exe

2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a--c--- c:\windows\system32\dllcache\wextract.exe

2009-03-05 12:14 . 2009-03-05 12:14 <REP> d-------- c:\documents and settings\Guy\Application Data\Librarian Pro

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-29 16:47 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-29 16:11 --------- d-----w c:\program files\Java

2009-03-29 12:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-29 04:02 --------- d-----w c:\program files\PersonalBrain

2009-03-29 03:22 --------- d-----w c:\documents and settings\Guy\Application Data\U3

2009-03-29 03:21 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-29 03:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-29 02:55 --------- d-----w c:\program files\Lavasoft

2009-03-29 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-03-29 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-28 04:34 --------- d-----w c:\documents and settings\Guy\Application Data\Lavasoft

2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-24 22:55 --------- d-----w c:\program files\SpywareBlaster

2009-03-24 22:50 --------- d-----w c:\program files\ma-config.com

2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\Simple Sudoku

2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\LimeWire

2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\DVD Profiler

2009-03-21 05:18 --------- d-----w c:\documents and settings\Guy\Application Data\uTorrent

2009-03-18 13:21 --------- d-----w c:\program files\SpywareGuard

2009-03-18 01:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\Bell

2009-03-16 00:31 --------- d-----w c:\program files\Fichiers communs\Ahead

2009-03-13 10:52 --------- d-----w c:\documents and settings\Guy\Application Data\dvdcss

2009-03-11 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-09 21:43 --------- d-----w c:\program files\PowerISO

2009-03-05 22:32 --------- d-----w c:\program files\DVD Profiler3

2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 02:45 --------- d-----w c:\program files\Druide

2009-02-01 18:00 --------- d-----w c:\program files\SlySoft

2009-01-31 05:06 --------- d-----w c:\documents and settings\Guy\Application Data\PersonalBrain

2009-01-29 23:02 103,488 ----a-w c:\windows\system32\drivers\AnyDVD.sys

2009-01-29 22:57 23,976 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys

2009-01-29 21:54 89,256 ----a-w c:\windows\system32\ElbyCDIO.dll

2009-01-28 16:02 --------- d-----w c:\documents and settings\Guy\Application Data\vlc

2009-01-11 00:38 31 ----a-w c:\documents and settings\Guy\jagex_runescape_preferences.dat

2008-07-11 23:23 163 ----a-w c:\program files\setuplog.txt

2008-06-26 22:50 213 ----a-w c:\documents and settings\Guy\7716.bat

2008-06-16 18:28 415 ----a-w c:\program files\file_id.diz

2008-06-16 18:27 7,628 ----a-w c:\program files\te.nfo

2008-04-13 01:07 22,118 ----a-w c:\program files\keyfinder.cfg

2008-01-11 15:49 1,224,133 ----a-w c:\program files\I_LOVE_DVT.RAR

2008-01-10 21:42 20,851,200 ----a-w c:\program files\PersonalBrain_windows_4_1_2_8_lib.exe

2007-08-22 13:21 47,360 ----a-w c:\documents and settings\Guy\Application Data\pcouffin.sys

2007-06-09 22:08 121 ----a-w c:\program files\users.dat

2007-02-20 22:43 21,416 ----a-w c:\documents and settings\Guy\Application Data\GDIPFONTCACHEV1.DAT

2006-06-15 21:18 32 ----a-r c:\documents and settings\All Users\hash.dat

2001-03-28 16:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-28_20.24.16.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\java.exe

+ 2009-03-29 16:47:19 144,792 ----a-w c:\windows\system32\java.exe

- 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\javaw.exe

+ 2009-03-29 16:47:20 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-08-21 20:04:24 143,360 ----a-w c:\windows\system32\javaws.exe

+ 2009-03-29 16:47:21 148,888 ----a-w c:\windows\system32\javaws.exe

- 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe

+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe

+ 2009-03-29 16:49:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e4.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"IndexCleaner"="c:\program files\Bell\Security Manager\IdxClnR.exe" [2008-03-10 61168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"Sympatico Security Manager"="c:\program files\Bell\Security Manager\RPS.exe" [2008-03-10 311024]

"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\guy\application data\iolo"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--------- 2008-06-11 23:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

--a------ 2008-06-12 03:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup1]

--a------ 2008-12-20 18:46 124928 c:\windows\system32\advpack.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

--a------ 2005-05-20 15:46 28160 c:\windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

"AVP"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Palm\\hotsync.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\MusicBrainz Picard\\picard.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\Guy\\Bureau\\utorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"67:UDP"= 67:UDP:DHCP Discovery Service

"42668:TCP"= 42668:TCP:utorrent

"42668:UDP"= 42668:UDP:utorrent

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"6112:TCP"= 6112:TCP:Blizzard Downloader

"85:TCP"= 85:TCP:BroadWave Web Server

 

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-07-23 17408]

R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [2008-11-28 499716]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-06-27 179856]

R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-06-27 15504]

S2 CSIScanner;CSIScanner; [x]

S2 spydetector;spydetector;\??\c:\program files\Spyware Process Detector\Crack\spydetector.sys --> c:\program files\Spyware Process Detector\Crack\spydetector.sys [?]

S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2006-05-14 11935]

S3 Radialpoint Security Services;Sympatico Security Manager;c:\program files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824]

S4 ioloFileInfoList;iolo FileInfoList Service; [x]

S4 ioloSystemService;iolo System Service; [x]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

\Shell\AutoRun\command - M:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com o:\

\Shell\Open\command - o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com o:\

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com q:\

\Shell\Open\command - q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com q:\

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com r:\

\Shell\Open\command - r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com r:\

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com s:\

\Shell\Open\command - s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com s:\

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46524144-4652-4652-4652-465241444554}]

"c:\windows\Cursors\lsass.exe" /s

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

 

2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Guy.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]

 

2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Update for Guy.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]

 

2009-03-29 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx

mStart Page = hxxp://sympatico.msn.ca/defaultf.aspx

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à Kaspersky Anti-Bannière

IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: EarthLink Yahoo Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=MICC20&q=

FF - component: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\BDQScan.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19); user_pref(general.useragent.extra.zencast, Creative ZENcast v1.02.12

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 200000

FF - user.js: content.notify.interval - 100000

FF - user.js: content.switch.threshold - 650000

FF - user.js: nglayout.initialpaint.delay - 300

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(yahoo.homepage.dontask, true.

.

------- Associations de fichier -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-29 14:14:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DE3BB4B-E521-0E1A-40CC-911A443483E9}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ababfebacpnmbbobopfhkleokgdbfollpg"=hex:65,62,61,62,65,63,64,6a,62,64,66,68,

6e,63,6b,61,66,65,6f,62,66,70,70,63,6b,63,6f,6c,6f,6d,6d,6f,6e,68,66,6a,6f,\

"bbabfebacpnmbbobopehfpolfpliecciamaa"=hex:61,62,6e,6f,66,69,70,70,6d,61,69,6a,

69,6f,6d,62,6f,6f,6c,6d,68,68,67,70,6f,68,63,61,6e,62,67,62,65,6a,00,6a

.

Heure de fin: 2009-03-29 14:18:45

ComboFix-quarantined-files.txt 2009-03-29 18:18:37

ComboFix2.txt 2009-03-29 00:26:53

 

Avant-CF: 16 112 701 440 octets libres

Après-CF: 16,097,288,192 octets libres

 

Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5

290 --- E O F --- 2009-03-29 12:35:47

Modifié par Un autre curieux
  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re :P

 

Tes rapports présentent toujours des traces d"infections. Comme si le Fix n'avait pas été opérant, ou comme si tu t'étais réinfecté dans la foulée.

 

Dis moi, à quels lecteurs correspondent les lettres suivantes : O, Q, R, S ?

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour Un autre curieux :P

 

Non, ne t'inquiète pas de la date.

 

Avais-tu bien branché comme je te l'avais demandé tes supports externes avant d'exécuter la manipulation ?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...