Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Fenêtres de pub intempestives

pascal 28

Par pascal 28
dans Analyses et éradication malwares

 Partager

Messages recommandés

pascal 28 Junior Member

pascal 28

Posté(e)
  • Auteur
Posté(e)

Malwarebytes' Anti-Malware 1.35

Version de la base de données: 1939

Windows 6.0.6001 Service Pack 1

 

04/04/2009 15:32:43

mbam-log-2009-04-04 (15-32-43).txt

 

Type de recherche: Examen rapide

Eléments examinés: 69366

Temps écoulé: 3 minute(s), 56 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\System32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Huh, pas normal, ton précédent rapport montrait plein de choses, non effacés, et là, plus qu'un, donc soit il y a eu un autre scan on dirait.

 

Poste un nouveau rapport HijackThis (à lancer par clic droit, exécuter en tant qu'administrateur) stp, que je voie où on en est.

pascal 28 Junior Member

pascal 28

Posté(e)
  • Auteur
Posté(e)

Eh non je n'ai pas fait d'autre scan mai par contre j'ai été obligé de redémarrer l'ordi suite à la demande de Malwarebyte

 

Je refais un rapport Hijackthis et je te le poste

pascal 28 Junior Member

pascal 28

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:53:46, on 04/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Users\pascal\Local Settings\APPLIC~1\MICROS~1\cisvc.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Wallpaper\Wallpaper.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\pascal\AppData\Roaming\logman.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Users\pascal\AppData\Local\Temp\~tmp\mdnk52\mdm.exe

C:\Users\pascal\AppData\Local\Temp\~temp\hmunmlcn91\svchost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\pascal\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: load=C:\Users\pascal\AppData\Roaming\logman.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\esentutl.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Users\pascal\LOCALS~1\APPLIC~1\esentutl.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Esent Utl] C:\Users\pascal\LOCALS~1\APPLIC~1\esentutl.exe /waitservice (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html

O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing)

O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE

O23 - Service: Service Google Update (gupdate1c98dfe1b23a066) (gupdate1c98dfe1b23a066) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 7483 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il y en a partout. On va faire du traitement en masse, et nettoyer ça en profondeur.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Suis bien ces instructions, et ne fais rien d'autre.

 

Branche tes supports amovibles (clés USB, disques durs externes, etc), pour le scan combofix, laisse-les branchés quand la machine redémarrera.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

pascal 28 Junior Member

pascal 28

Posté(e)
  • Auteur
Posté(e)

Et maintenant le rapport Combofix !

 

 

ComboFix 09-04-03.01 - pascal 2009-04-04 17:29:28.1 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2203 [GMT 2:00]

Lancé depuis: c:\users\pascal\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\pascal\AppData\Roaming\cisvc.exe

c:\users\pascal\AppData\Roaming\dllhst3g.exe

c:\users\pascal\AppData\Roaming\logman.exe

c:\windows\patch.exe

c:\windows\system32\dbfb.dll

c:\windows\system32\tmp.reg

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\pascal\AppData\Roaming\Malwarebytes

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\All Users\Malwarebytes

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\programdata\Malwarebytes

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-04 14:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-04 14:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-04 08:26 . 2009-04-02 18:29 86,016 --a------ c:\windows\esentutl.exe

2009-04-03 17:25 . 2009-04-03 17:34 <REP> d-------- c:\windows\BDOSCAN8

2009-03-29 15:50 . 2009-03-30 05:57 <REP> d----c--- C:\Downloads

2009-03-28 11:55 . 2009-03-28 11:55 <REP> d-------- c:\users\pascal\AppData\Roaming\Anuman Interactive

2009-03-25 16:29 . 2009-03-25 16:29 <REP> d-------- c:\users\anthony\AppData\Roaming\Apple Computer

2009-03-21 22:12 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-03-21 22:11 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-03-21 22:11 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-03-21 22:11 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-03-21 22:11 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-03-21 22:11 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-03-21 22:11 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-03-21 22:11 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-03-21 22:03 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-03-21 22:03 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-03-21 22:03 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-03-21 22:03 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-03-21 22:03 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-03-21 21:48 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll

2009-03-21 21:48 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2009-03-21 21:48 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe

2009-03-21 21:41 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-21 21:40 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-03-21 21:40 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe

2009-03-21 21:40 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-21 21:40 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-03-21 21:40 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-20 13:25 . 2009-03-20 13:25 <REP> d-------- c:\program files\AxBx

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-04 12:53 --------- d-----w c:\program files\Ricochet Infinity

2009-04-04 11:10 --------- d-----w c:\programdata\Google Updater

2009-04-04 10:33 --------- d-----w c:\programdata\Lavasoft

2009-04-04 10:33 --------- d-----w c:\program files\Lavasoft

2009-04-04 10:31 --------- d-----w c:\program files\Ashampoo

2009-04-04 09:33 --------- d-----w c:\program files\Navilog1

2009-04-03 05:09 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-04-01 05:01 --------- d-----w c:\program files\Auran

2009-03-28 09:55 --------- d-----w c:\program files\Anuman Interactive

2009-03-27 17:01 --------- d-----w c:\program files\Virtual Sailor

2009-03-22 07:18 --------- d-----w c:\program files\Windows Mail

2009-03-21 18:21 --------- d-----w c:\program files\Windows Live

2009-03-21 07:17 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-16 06:26 --------- d---a-w c:\programdata\TEMP

2009-03-14 09:36 --------- d-----w c:\program files\Microsoft Games

2009-03-14 08:53 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-13 17:53 --------- d-----w c:\program files\GameSpy Arcade

2009-03-11 07:27 --------- d-----w c:\program files\Off Road

2009-03-03 17:45 --------- d-----w c:\program files\Simulateur de conduite 3D

2009-02-28 13:05 --------- d-----w c:\users\pascal\AppData\Roaming\FUJIFILM

2009-02-28 12:28 --------- d-----w c:\program files\FinePixViewerS

2009-02-28 12:26 --------- d-----w c:\users\pascal\AppData\Roaming\InstallShield

2009-02-22 17:34 --------- d-----w c:\program files\THQ

2009-02-21 13:47 --------- d-----w c:\program files\FSX Google Earth Tracker

2009-02-20 15:31 --------- d-----w c:\users\pascal\AppData\Roaming\Samsung

2009-02-20 07:02 --------- d-----w c:\program files\Samsung

2009-02-14 12:25 --------- d-----w c:\users\pascal\AppData\Roaming\OpenOffice.org

2009-02-14 11:49 --------- d-----w c:\program files\OpenOffice.org 3

2009-02-14 11:49 --------- d-----w c:\program files\JRE

2009-02-13 17:13 --------- d-----w c:\program files\Google

2009-02-06 11:47 --------- d-----w c:\program files\Wilco Publishing

2009-02-06 06:16 --------- d-----w c:\program files\IncrediMail

2009-02-06 04:11 --------- d-----w c:\users\pascal\AppData\Roaming\dvdcss

2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-01-07 17:15 737,280 ----a-w c:\windows\iun6002.exe

2008-05-25 12:44 348 ----a-w c:\users\pascal\AppData\Roaming\wklnhst.dat

2008-04-15 08:17 35,840 ----a-w c:\users\pascal\AppData\Roaming\smvss.exe

2008-03-21 07:47 174 --sha-w c:\program files\desktop.ini

2008-03-02 14:21 61 --sh--w c:\windows\cnerolf.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Cisvc"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe" [2009-04-02 86016]

"Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016]

"Esent Utl"="c:\windows\esentutl.exe" [2009-04-02 86016]

 

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016]

 

c:\users\anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de notification Live Search.lnk - c:\users\pascal\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"load"=c:\windows\System\ieudinit.exe

 

[HKLM\~\startupfolder\C:^Users^pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]

backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 17:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1000]

"EnableNotificationsRef"=dword:00000008

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1003]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{25CDB8F3-E2B8-4BAD-8E6F-D1E3B14CE3F5}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{95722A4F-7F2D-4344-93AD-E0981155169D}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"TCP Query User{D8CC3956-F24B-4F14-8737-72A8581E8DC1}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs

"UDP Query User{33E992E7-62FA-4D3F-ABD0-E01D2AA7BB2D}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs

"{8B7B0E70-5AD2-4480-95FD-26C395FE42BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{0044E646-9791-47E2-B21F-0B1FABA89483}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{AE9F178A-A5AC-4A63-B0DE-2E9F9606FEF8}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"{E6CC5E54-7143-428D-B7C2-E0B8F1B6D8C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{64A18A16-228B-4478-AFF9-9654BF92E955}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{2480DEDD-417A-4CCD-884A-B0255A57ECE6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{FF5B8F74-1224-45AE-AB1E-46F6CEDDD5AE}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= UDP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web

"UDP Query User{415F4CE3-220E-47FE-A077-63E4285BAC5B}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= TCP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web

"TCP Query User{E26A9E8F-D610-4970-A399-2ED5550918F9}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT

"UDP Query User{CB99A6A7-CCBA-4048-9271-883D8F9F6613}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT

"TCP Query User{CBC84072-0290-44E1-9DD3-244033C8A991}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{E43DB3CB-BE52-49EE-A2F1-D2E1B6A2CEFA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{2273E4E3-195F-46DC-BF23-D25E997A2E81}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner

"UDP Query User{75FF6B84-41DD-4922-8BB9-ABE7AE62DF0C}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner

"{E46AB29E-8995-4020-BC48-8B0B24DD1C63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{F950D2ED-B02C-448D-9EB1-88FAA74C84B0}"= UDP:4662:etcp

"{5019AAC5-FC99-4B48-865C-5F3A43CBBF6C}"= TCP:4672:eudp

"TCP Query User{2391DA91-3F26-4FC8-9C3B-E0FC25DE6ECA}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood

"UDP Query User{7620246F-C0A6-41BE-8261-27525F921F4B}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood

"TCP Query User{F59872B2-4519-41E1-98DB-0939BF85266F}c:\\program files\\babelgum\\babelgum.exe"= Disabled:UDP:c:\program files\babelgum\babelgum.exe:Babelgum Beta

"UDP Query User{6C3BADDD-9967-47D3-8AD2-427F8E56A81D}c:\\program files\\babelgum\\babelgum.exe"= Disabled:TCP:c:\program files\babelgum\babelgum.exe:Babelgum Beta

"TCP Query User{D6796039-ADBA-418A-BCB4-5D842C79E230}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader

"UDP Query User{63D8EF4B-09C2-43E4-AE30-BC342966D42E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader

"TCP Query User{A0D3E68E-EE4B-4137-8A78-DDB271085FCF}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:

"UDP Query User{5717797D-DB7C-4CF3-A302-DCA76E88929E}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:

"TCP Query User{334B22FE-37E8-40AB-9462-D58A2D7424E0}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= UDP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application

"UDP Query User{5E11266F-9D29-4226-8827-A6ECD651E0E7}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= TCP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application

"{7A76BCF6-DD6A-42F8-AC52-4EE9FA19D6D1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail

"{8954047F-6FE6-4560-B89D-0F4A6174D74C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail

"TCP Query User{2BAD5D77-1E3F-46A3-AD33-2F6109785C31}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{2BD303C0-7B22-4E10-9457-B85D1BF2A6C3}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{D5C2A98C-0723-4705-B8B1-0C1B1A839D47}c:\\program files\\motogp2\\motogp2.exe"= UDP:c:\program files\motogp2\motogp2.exe:motogp2

"UDP Query User{2C774430-BA7D-4A2C-917B-BBDBA82F608B}c:\\program files\\motogp2\\motogp2.exe"= TCP:c:\program files\motogp2\motogp2.exe:motogp2

"TCP Query User{0237D624-AB8C-4C94-95CD-B2A527CB6D3F}e:\\fifa08.exe"= UDP:E:\fifa08.exe:FIFA08

"UDP Query User{CA53D216-FE7E-441F-9DDA-107B174E5875}e:\\fifa08.exe"= TCP:E:\fifa08.exe:FIFA08

"{A5EDABEB-30F0-427D-BA5B-83DEBF515705}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{613E4CDD-F7FF-4024-8A93-3BC261742E3B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{8FAD45C5-DD75-4E73-AD88-87C998F8D450}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{9B553B10-78F1-4E60-AA96-150867C9BC87}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{B1F7BA64-8AEB-445F-9EEA-0B60E8CFCCD2}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{C8674ED3-5F0B-4C21-A705-2E5E8B671948}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{5ACCCA36-2006-4D21-A8B3-80D1B1A3ECDA}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{9394D0E8-643C-440F-AF3E-DB41D754CEB9}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{142ECCBE-CD16-4E47-AA65-EA419107CCA7}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{713EF78F-B8B9-45EB-A121-38B36B8FD35F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{0593FFF5-5D8D-46B7-8776-04091E68A792}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{DEB0379A-33C2-461F-A7C1-48A8125AD602}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-09-30 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-09-30 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-09-30 51792]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-05-03 98488]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-30 809296]

S2 gupdate1c98dfe1b23a066;Service Google Update (gupdate1c98dfe1b23a066);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]

S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13824]

S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 27904]

S3 rctx;rctx;c:\windows\System32\drivers\rctx.sys [2008-12-27 2560]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-14 356920]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - sptd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5f42e5-871e-11dd-b488-001bb9adefb4}]

\shell\AutoRun\command - K:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd96318-aee8-11dd-b064-001bb9adefb4}]

\shell\AutoRun\command - M:\Autorun.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2009-04-04 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08]

 

2009-04-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 14:40]

 

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 19:11]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKU-Default-Explorer_Run-Esent Utl - c:\users\pascal\LOCALS~1\APPLIC~1\esentutl.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

uInternet Settings,ProxyOverride = *.local

IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html

IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{47055D63-DFCD-11d3-8406-00500445A7D0} - c:\program files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-04 17:38:39

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(3916)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\conime.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\drivers\CDAC11BA.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\users\pascal\AppData\Local\MICROS~1\logman.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-04-04 17:47:48 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-04-04 15:47:42

 

Avant-CF: 19 460 218 880 octets libres

Après-CF: 19,481,587,712 octets libres

 

282 --- E O F --- 2009-03-21 20:28:24

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je te prépareun script pour nettoyer tout ça.

 

En attendant le script, voici un fichier à analyser.

 

 

Rends toi sur ce lien : Virus Total

  • Clique sur le bouton Parcourir...
  • Copie colle ce chemin dans la boite de dialogue qui s'ouvre, ou parcours tes dossiers jusque à ce fichier, si tu le trouves :

  • C:\windows\system32\ieudinit.exe

  • Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  • Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

Tu auras sans doute besoin d'afficher temporairement les fichiers cachés et ceux du système :

http://www.libellules.ch/afficher_fichiers.php

pascal 28 Junior Member

pascal 28

Posté(e)
  • Auteur
Posté(e)

ComboFix 09-04-03.01 - pascal 2009-04-04 20:36:39.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2150 [GMT 2:00]

Lancé depuis: c:\users\pascal\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning enabled* (Updated)

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-04 20:40 . 2009-04-02 18:29 86,016 --a------ c:\windows\system\mstinit.exe

2009-04-04 17:47 . 2009-04-02 18:29 86,016 --a------ c:\users\pascal\AppData\Roaming\cmstp.exe

2009-04-04 17:38 . 2009-04-02 18:29 86,016 --a------ c:\windows\system\ieudinit.exe

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\pascal\AppData\Roaming\Malwarebytes

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\All Users\Malwarebytes

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\programdata\Malwarebytes

2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-04 14:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-04 14:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-04 08:26 . 2009-04-02 18:29 86,016 --a------ c:\windows\esentutl.exe

2009-04-03 17:25 . 2009-04-03 17:34 <REP> d-------- c:\windows\BDOSCAN8

2009-03-29 15:50 . 2009-03-30 05:57 <REP> d----c--- C:\Downloads

2009-03-28 11:55 . 2009-03-28 11:55 <REP> d-------- c:\users\pascal\AppData\Roaming\Anuman Interactive

2009-03-25 16:29 . 2009-03-25 16:29 <REP> d-------- c:\users\anthony\AppData\Roaming\Apple Computer

2009-03-21 22:12 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-03-21 22:11 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-03-21 22:11 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-03-21 22:11 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-03-21 22:11 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-03-21 22:11 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-03-21 22:11 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-03-21 22:11 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-03-21 22:03 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-03-21 22:03 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-03-21 22:03 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-03-21 22:03 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-03-21 22:03 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-03-21 21:48 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll

2009-03-21 21:48 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2009-03-21 21:48 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe

2009-03-21 21:41 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-21 21:40 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-03-21 21:40 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe

2009-03-21 21:40 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-21 21:40 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-03-21 21:40 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-20 13:25 . 2009-03-20 13:25 <REP> d-------- c:\program files\AxBx

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-04 12:53 --------- d-----w c:\program files\Ricochet Infinity

2009-04-04 11:10 --------- d-----w c:\programdata\Google Updater

2009-04-04 10:33 --------- d-----w c:\programdata\Lavasoft

2009-04-04 10:33 --------- d-----w c:\program files\Lavasoft

2009-04-04 10:31 --------- d-----w c:\program files\Ashampoo

2009-04-04 09:33 --------- d-----w c:\program files\Navilog1

2009-04-03 05:09 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-04-01 05:01 --------- d-----w c:\program files\Auran

2009-03-28 09:55 --------- d-----w c:\program files\Anuman Interactive

2009-03-27 17:01 --------- d-----w c:\program files\Virtual Sailor

2009-03-22 07:18 --------- d-----w c:\program files\Windows Mail

2009-03-21 18:21 --------- d-----w c:\program files\Windows Live

2009-03-21 07:17 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-16 06:26 --------- d---a-w c:\programdata\TEMP

2009-03-14 09:36 --------- d-----w c:\program files\Microsoft Games

2009-03-14 08:53 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-13 17:53 --------- d-----w c:\program files\GameSpy Arcade

2009-03-11 07:27 --------- d-----w c:\program files\Off Road

2009-03-03 17:45 --------- d-----w c:\program files\Simulateur de conduite 3D

2009-02-28 13:05 --------- d-----w c:\users\pascal\AppData\Roaming\FUJIFILM

2009-02-28 12:28 --------- d-----w c:\program files\FinePixViewerS

2009-02-28 12:26 --------- d-----w c:\users\pascal\AppData\Roaming\InstallShield

2009-02-22 17:34 --------- d-----w c:\program files\THQ

2009-02-21 13:47 --------- d-----w c:\program files\FSX Google Earth Tracker

2009-02-20 15:31 --------- d-----w c:\users\pascal\AppData\Roaming\Samsung

2009-02-20 07:02 --------- d-----w c:\program files\Samsung

2009-02-14 12:25 --------- d-----w c:\users\pascal\AppData\Roaming\OpenOffice.org

2009-02-14 11:49 --------- d-----w c:\program files\OpenOffice.org 3

2009-02-14 11:49 --------- d-----w c:\program files\JRE

2009-02-13 17:13 --------- d-----w c:\program files\Google

2009-02-06 11:47 --------- d-----w c:\program files\Wilco Publishing

2009-02-06 06:16 --------- d-----w c:\program files\IncrediMail

2009-02-06 04:11 --------- d-----w c:\users\pascal\AppData\Roaming\dvdcss

2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-01-07 17:15 737,280 ----a-w c:\windows\iun6002.exe

2008-05-25 12:44 348 ----a-w c:\users\pascal\AppData\Roaming\wklnhst.dat

2008-04-15 08:17 35,840 ----a-w c:\users\pascal\AppData\Roaming\smvss.exe

2008-03-21 07:47 174 --sha-w c:\program files\desktop.ini

2008-03-02 14:21 61 --sh--w c:\windows\cnerolf.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-04_17.44.04.56 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-02 14:40:57 2,604,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-04-04 18:30:45 2,604,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-04-04 18:32:03 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-04-04 15:37:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-04-04 18:33:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-04-04 18:33:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-04-04 15:37:34 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2009-04-04 18:33:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2009-04-04 18:33:30 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-04-04 15:37:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-04 18:34:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-04 15:37:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-04 18:34:15 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-04 15:37:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-04-04 18:34:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-04 15:23:14 116,946 ----a-w c:\windows\System32\perfc009.dat

+ 2009-04-04 18:39:32 116,946 ----a-w c:\windows\System32\perfc009.dat

- 2009-04-04 15:23:14 143,336 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-04-04 18:39:32 143,336 ----a-w c:\windows\System32\perfc00C.dat

- 2009-04-04 15:23:14 625,384 ----a-w c:\windows\System32\perfh009.dat

+ 2009-04-04 18:39:32 625,384 ----a-w c:\windows\System32\perfh009.dat

- 2009-04-04 15:23:14 713,304 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-04-04 18:39:32 713,304 ----a-w c:\windows\System32\perfh00C.dat

- 2009-04-04 15:39:24 39,550 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1000_UserData.bin

+ 2009-04-04 18:33:56 39,566 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1000_UserData.bin

- 2009-04-04 15:39:23 106,726 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-04-04 18:33:56 106,780 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Cisvc"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe" [2009-04-02 86016]

"Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016]

"Esent Utl"="c:\windows\esentutl.exe" [2009-04-02 86016]

 

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016]

 

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]

"CmSTP"="c:\users\pascal\AppData\Roaming\cmstp.exe" [2009-04-02 86016]

 

c:\users\anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de notification Live Search.lnk - c:\users\pascal\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"load"=c:\windows\System\mstinit.exe

 

[HKLM\~\startupfolder\C:^Users^pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]

backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 17:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1000]

"EnableNotificationsRef"=dword:00000008

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1003]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{25CDB8F3-E2B8-4BAD-8E6F-D1E3B14CE3F5}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{95722A4F-7F2D-4344-93AD-E0981155169D}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"TCP Query User{D8CC3956-F24B-4F14-8737-72A8581E8DC1}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs

"UDP Query User{33E992E7-62FA-4D3F-ABD0-E01D2AA7BB2D}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs

"{8B7B0E70-5AD2-4480-95FD-26C395FE42BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{0044E646-9791-47E2-B21F-0B1FABA89483}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{AE9F178A-A5AC-4A63-B0DE-2E9F9606FEF8}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"{E6CC5E54-7143-428D-B7C2-E0B8F1B6D8C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{64A18A16-228B-4478-AFF9-9654BF92E955}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"UDP Query User{2480DEDD-417A-4CCD-884A-B0255A57ECE6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component

"TCP Query User{FF5B8F74-1224-45AE-AB1E-46F6CEDDD5AE}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= UDP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web

"UDP Query User{415F4CE3-220E-47FE-A077-63E4285BAC5B}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= TCP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web

"TCP Query User{E26A9E8F-D610-4970-A399-2ED5550918F9}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT

"UDP Query User{CB99A6A7-CCBA-4048-9271-883D8F9F6613}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT

"TCP Query User{CBC84072-0290-44E1-9DD3-244033C8A991}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{E43DB3CB-BE52-49EE-A2F1-D2E1B6A2CEFA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{2273E4E3-195F-46DC-BF23-D25E997A2E81}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner

"UDP Query User{75FF6B84-41DD-4922-8BB9-ABE7AE62DF0C}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner

"{E46AB29E-8995-4020-BC48-8B0B24DD1C63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{F950D2ED-B02C-448D-9EB1-88FAA74C84B0}"= UDP:4662:etcp

"{5019AAC5-FC99-4B48-865C-5F3A43CBBF6C}"= TCP:4672:eudp

"TCP Query User{2391DA91-3F26-4FC8-9C3B-E0FC25DE6ECA}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood

"UDP Query User{7620246F-C0A6-41BE-8261-27525F921F4B}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood

"TCP Query User{F59872B2-4519-41E1-98DB-0939BF85266F}c:\\program files\\babelgum\\babelgum.exe"= Disabled:UDP:c:\program files\babelgum\babelgum.exe:Babelgum Beta

"UDP Query User{6C3BADDD-9967-47D3-8AD2-427F8E56A81D}c:\\program files\\babelgum\\babelgum.exe"= Disabled:TCP:c:\program files\babelgum\babelgum.exe:Babelgum Beta

"TCP Query User{D6796039-ADBA-418A-BCB4-5D842C79E230}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader

"UDP Query User{63D8EF4B-09C2-43E4-AE30-BC342966D42E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader

"TCP Query User{A0D3E68E-EE4B-4137-8A78-DDB271085FCF}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:

"UDP Query User{5717797D-DB7C-4CF3-A302-DCA76E88929E}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:

"TCP Query User{334B22FE-37E8-40AB-9462-D58A2D7424E0}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= UDP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application

"UDP Query User{5E11266F-9D29-4226-8827-A6ECD651E0E7}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= TCP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application

"{7A76BCF6-DD6A-42F8-AC52-4EE9FA19D6D1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail

"{8954047F-6FE6-4560-B89D-0F4A6174D74C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail

"TCP Query User{2BAD5D77-1E3F-46A3-AD33-2F6109785C31}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{2BD303C0-7B22-4E10-9457-B85D1BF2A6C3}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{D5C2A98C-0723-4705-B8B1-0C1B1A839D47}c:\\program files\\motogp2\\motogp2.exe"= UDP:c:\program files\motogp2\motogp2.exe:motogp2

"UDP Query User{2C774430-BA7D-4A2C-917B-BBDBA82F608B}c:\\program files\\motogp2\\motogp2.exe"= TCP:c:\program files\motogp2\motogp2.exe:motogp2

"TCP Query User{0237D624-AB8C-4C94-95CD-B2A527CB6D3F}e:\\fifa08.exe"= UDP:E:\fifa08.exe:FIFA08

"UDP Query User{CA53D216-FE7E-441F-9DDA-107B174E5875}e:\\fifa08.exe"= TCP:E:\fifa08.exe:FIFA08

"{A5EDABEB-30F0-427D-BA5B-83DEBF515705}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{613E4CDD-F7FF-4024-8A93-3BC261742E3B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{8FAD45C5-DD75-4E73-AD88-87C998F8D450}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{9B553B10-78F1-4E60-AA96-150867C9BC87}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{B1F7BA64-8AEB-445F-9EEA-0B60E8CFCCD2}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{C8674ED3-5F0B-4C21-A705-2E5E8B671948}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{5ACCCA36-2006-4D21-A8B3-80D1B1A3ECDA}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{9394D0E8-643C-440F-AF3E-DB41D754CEB9}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{142ECCBE-CD16-4E47-AA65-EA419107CCA7}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{713EF78F-B8B9-45EB-A121-38B36B8FD35F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{0593FFF5-5D8D-46B7-8776-04091E68A792}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{DEB0379A-33C2-461F-A7C1-48A8125AD602}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-09-30 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-09-30 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-09-30 51792]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-05-03 98488]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-30 809296]

S2 gupdate1c98dfe1b23a066;Service Google Update (gupdate1c98dfe1b23a066);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]

S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13824]

S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 27904]

S3 rctx;rctx;c:\windows\System32\drivers\rctx.sys [2008-12-27 2560]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-14 356920]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5f42e5-871e-11dd-b488-001bb9adefb4}]

\shell\AutoRun\command - K:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd96318-aee8-11dd-b064-001bb9adefb4}]

\shell\AutoRun\command - M:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33ee94b-c760-11dc-93c4-806e6f6e6963}]

\shell\AutoRun\command - E:\Autorun.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2009-04-04 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08]

 

2009-04-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 14:40]

 

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 19:11]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

uInternet Settings,ProxyOverride = *.local

IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html

IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{47055D63-DFCD-11d3-8406-00500445A7D0} - c:\program files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-04 20:40:11

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(2976)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

Heure de fin: 2009-04-04 20:43:32

ComboFix-quarantined-files.txt 2009-04-04 18:43:28

ComboFix2.txt 2009-04-04 15:47:50

 

Avant-CF: 19 455 098 880 octets libres

Après-CF: 19,503,230,976 octets libres

 

278 --- E O F --- 2009-03-21 20:28:24

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Heu ce n'est pas ce que j'ai demandé (mais ça n'a pas fait de dégâts), il faut d'abord analyser le fichier mentionné au dessus via virustotal. :P

pascal 28 Junior Member

pascal 28

Posté(e)
  • Auteur
Posté(e)

Désolé mais je n'avais pas vu ta dernière réponse ! je te joins la bonne analyse

Merci beaucoup de ton aide

 

 

 

Fichier ieudinit.exe reçu le 2009.04.05 10:00:54 (CET)Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.05 Worm.Rbot!IK

AhnLab-V3 5.0.0.2 2009.04.04 -

AntiVir 7.9.0.129 2009.04.03 WORM/Rbot.Gen

Antiy-AVL 2.0.3.1 2009.04.05 -

Authentium 5.1.2.4 2009.04.05 -

Avast 4.8.1335.0 2009.04.05 -

AVG 8.5.0.285 2009.04.04 -

BitDefender 7.2 2009.04.05 -

CAT-QuickHeal 10.00 2009.04.04 -

ClamAV 0.94.1 2009.04.05 -

Comodo 1099 2009.04.04 -

DrWeb 4.44.0.09170 2009.04.05 -

eSafe 7.0.17.0 2009.04.02 -

eTrust-Vet 31.6.6435 2009.04.03 -

F-Prot 4.4.4.56 2009.04.05 -

F-Secure 8.0.14470.0 2009.04.04 -

Fortinet 3.117.0.0 2009.04.05 -

GData 19 2009.04.05 -

Ikarus T3.1.1.49.0 2009.04.05 Worm.Rbot

K7AntiVirus 7.10.692 2009.04.03 -

Kaspersky 7.0.0.125 2009.04.05 -

McAfee 5574 2009.04.04 -

McAfee+Artemis 5574 2009.04.04 -

McAfee-GW-Edition 6.7.6 2009.04.03 Worm.Rbot.Gen

Microsoft 1.4502 2009.04.05 -

NOD32 3988 2009.04.04 -

Norman 6.00.06 2009.04.03 -

nProtect 2009.1.8.0 2009.04.05 -

Panda 10.0.0.14 2009.04.04 Suspicious file

PCTools 4.4.2.0 2009.04.04 -

Prevx1 V2 2009.04.05 Medium Risk Malware

Rising 21.23.41.00 2009.04.03 -

Sophos 4.40.0 2009.04.05 Mal/Horst

Sunbelt 3.2.1858.2 2009.04.04 -

Symantec 1.4.4.12 2009.04.05 -

TheHacker 6.3.4.0.302 2009.04.04 -

TrendMicro 8.700.0.1004 2009.04.03 -

VBA32 3.12.10.2 2009.04.05 suspected of Win32.Trojan.Downloader (http://...'>http://...)

ViRobot 2009.4.4.1678 2009.04.04 -

VirusBuster 4.6.5.0 2009.04.04 -

 

Information additionnelle

File size: 86016 bytes

MD5...: f0bd5f4b51d24e52d70ff5037add2642

SHA1..: bfb6566b701b582c63850732218d934116c7fbd0

SHA256: 2131d7ebc86d2c86828598ed157f65bd65888188a0bbe137f09b55e1e3108828

SHA512: e9705c47775ddf61468cc36eea15dc84254b38353bd27341c998eb644e071dc4<BR>f392cab1bd35571365bda42147860b1f331c53be059d6486e6091a33741e977c

ssdeep: 1536:dp0sz2hMbPhfGUKUbYi+D+e4HA/OBUbaImxhy8OFxLtXSa+LCDt:dJz2hMb<BR>PhfGUKUbYDD4HgkUb49OF8Yt<BR>

PEiD..: -

TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xc0da<BR>timedatestamp.....: 0x49d4e7c3 (Thu Apr 02 16:28:51 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1099a 0x11000 6.22 908c368d447b49e4fdfc2cb98d714ae7<BR>.rdata 0x12000 0x1ebc 0x2000 5.22 291c483af12aa6bc65948ee5d51c93fe<BR>.data 0x14000 0x7db8 0x1000 1.34 1113bbe7084831a75e59b9349790c66d<BR><BR>( 7 imports ) <BR>> USER32.dll: GetSysColorBrush, GetKeyboardType, GetDoubleClickTime, GetMonitorInfoA, GetSysColor, LoadImageA<BR>> ADVAPI32.dll: LookupAccountSidA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegEnumValueA, RegCloseKey, OpenProcessToken, RegOpenKeyExA, RegGetKeySecurity, GetTokenInformation<BR>> PSAPI.DLL: GetModuleInformation<BR>> WS2_32.dll: -, -<BR>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetOpenA, InternetOpenUrlA, InternetCloseHandle<BR>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<BR>> KERNEL32.dll: GetStringTypeW, FlushFileBuffers, GetLocaleInfoA, VirtualProtect, GetSystemInfo, MultiByteToWideChar, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, VirtualAlloc, IsBadCodePtr, IsBadWritePtr, IsBadReadPtr, SetUnhandledExceptionFilter, VirtualQuery, InterlockedExchange, GetFirmwareEnvironmentVariableA, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, GetTickCount, GetSystemDirectoryA, Sleep, GetFileTime, CreateDirectoryA, GetStdHandle, SetErrorMode, GetFileType, GetVersion, GetCommandLineA, GetCurrentProcess, CloseHandle, WriteFile, CreateFileA, ExitProcess, CreateMutexA, OpenMutexA, CreateProcessA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, SetEnvironmentVariableA, CopyFileA, SetFileAttributesA, GetLastError, CreateThread, GetLocalTime, GetDriveTypeA, GetLogicalDriveStringsA, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, RtlUnwind, GetStartupInfoA, GetVersionExA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, HeapFree, HeapAlloc, HeapReAlloc, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, SetFilePointer, LoadLibraryA<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E''>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E</a>

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.05 Worm.Rbot!IK

AhnLab-V3 5.0.0.2 2009.04.04 -

AntiVir 7.9.0.129 2009.04.03 WORM/Rbot.Gen

Antiy-AVL 2.0.3.1 2009.04.05 -

Authentium 5.1.2.4 2009.04.05 -

Avast 4.8.1335.0 2009.04.05 -

AVG 8.5.0.285 2009.04.04 -

BitDefender 7.2 2009.04.05 -

CAT-QuickHeal 10.00 2009.04.04 -

ClamAV 0.94.1 2009.04.05 -

Comodo 1099 2009.04.04 -

DrWeb 4.44.0.09170 2009.04.05 -

eSafe 7.0.17.0 2009.04.02 -

eTrust-Vet 31.6.6435 2009.04.03 -

F-Prot 4.4.4.56 2009.04.05 -

F-Secure 8.0.14470.0 2009.04.04 -

Fortinet 3.117.0.0 2009.04.05 -

GData 19 2009.04.05 -

Ikarus T3.1.1.49.0 2009.04.05 Worm.Rbot

K7AntiVirus 7.10.692 2009.04.03 -

Kaspersky 7.0.0.125 2009.04.05 -

McAfee 5574 2009.04.04 -

McAfee+Artemis 5574 2009.04.04 -

McAfee-GW-Edition 6.7.6 2009.04.03 Worm.Rbot.Gen

Microsoft 1.4502 2009.04.05 -

NOD32 3988 2009.04.04 -

Norman 6.00.06 2009.04.03 -

nProtect 2009.1.8.0 2009.04.05 -

Panda 10.0.0.14 2009.04.04 Suspicious file

PCTools 4.4.2.0 2009.04.04 -

Prevx1 V2 2009.04.05 Medium Risk Malware

Rising 21.23.41.00 2009.04.03 -

Sophos 4.40.0 2009.04.05 Mal/Horst

Sunbelt 3.2.1858.2 2009.04.04 -

Symantec 1.4.4.12 2009.04.05 -

TheHacker 6.3.4.0.302 2009.04.04 -

TrendMicro 8.700.0.1004 2009.04.03 -

VBA32 3.12.10.2 2009.04.05 suspected of Win32.Trojan.Downloader (http://...)

ViRobot 2009.4.4.1678 2009.04.04 -

VirusBuster 4.6.5.0 2009.04.04 -

 

Information additionnelle

File size: 86016 bytes

MD5...: f0bd5f4b51d24e52d70ff5037add2642

SHA1..: bfb6566b701b582c63850732218d934116c7fbd0

SHA256: 2131d7ebc86d2c86828598ed157f65bd65888188a0bbe137f09b55e1e3108828

SHA512: e9705c47775ddf61468cc36eea15dc84254b38353bd27341c998eb644e071dc4<BR>f392cab1bd35571365bda42147860b1f331c53be059d6486e6091a33741e977c

ssdeep: 1536:dp0sz2hMbPhfGUKUbYi+D+e4HA/OBUbaImxhy8OFxLtXSa+LCDt:dJz2hMb<BR>PhfGUKUbYDD4HgkUb49OF8Yt<BR>

PEiD..: -

TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xc0da<BR>timedatestamp.....: 0x49d4e7c3 (Thu Apr 02 16:28:51 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1099a 0x11000 6.22 908c368d447b49e4fdfc2cb98d714ae7<BR>.rdata 0x12000 0x1ebc 0x2000 5.22 291c483af12aa6bc65948ee5d51c93fe<BR>.data 0x14000 0x7db8 0x1000 1.34 1113bbe7084831a75e59b9349790c66d<BR><BR>( 7 imports ) <BR>> USER32.dll: GetSysColorBrush, GetKeyboardType, GetDoubleClickTime, GetMonitorInfoA, GetSysColor, LoadImageA<BR>> ADVAPI32.dll: LookupAccountSidA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegEnumValueA, RegCloseKey, OpenProcessToken, RegOpenKeyExA, RegGetKeySecurity, GetTokenInformation<BR>> PSAPI.DLL: GetModuleInformation<BR>> WS2_32.dll: -, -<BR>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetOpenA, InternetOpenUrlA, InternetCloseHandle<BR>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<BR>> KERNEL32.dll: GetStringTypeW, FlushFileBuffers, GetLocaleInfoA, VirtualProtect, GetSystemInfo, MultiByteToWideChar, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, VirtualAlloc, IsBadCodePtr, IsBadWritePtr, IsBadReadPtr, SetUnhandledExceptionFilter, VirtualQuery, InterlockedExchange, GetFirmwareEnvironmentVariableA, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, GetTickCount, GetSystemDirectoryA, Sleep, GetFileTime, CreateDirectoryA, GetStdHandle, SetErrorMode, GetFileType, GetVersion, GetCommandLineA, GetCurrentProcess, CloseHandle, WriteFile, CreateFileA, ExitProcess, CreateMutexA, OpenMutexA, CreateProcessA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, SetEnvironmentVariableA, CopyFileA, SetFileAttributesA, GetLastError, CreateThread, GetLocalTime, GetDriveTypeA, GetLogicalDriveStringsA, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, RtlUnwind, GetStartupInfoA, GetVersionExA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, HeapFree, HeapAlloc, HeapReAlloc, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, SetFilePointer, LoadLibraryA<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E</a>

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...