Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] C:\WINDOWS\system32\services.exe infecter par

samix31

Par samix31
dans Analyses et éradication malwares

 Partager

Messages recommandés

samix31 Junior Member

samix31

Posté(e)
Posté(e)

bonjour a toutes et tous et un grand merci deja. Suite a des debordements de la memoire tampon et apres quelques recherches je me suis appercu que mon pc est infecté par un virus ou je ne sais quelle vilaine bebete. Mise a part le débordement de la memeoir tampon bloquer par mac fee une certaine lenteur au demarage et quelques petits desagréments pendant la navigation ma machine fonctionne bien ( pour combien de temps) :P J AI PU CONSTATER EGALEMENT QUE MON ANTI VIRUS A JOUR AVEZ TENDANCE A M ouvrir des pages blanches dur pour avoir des infos :P .... En me basant sur votre forum j ai effectué quelques manips pour un peu avancer le boulot..donc voici les resultats d analyse de HijackThis v2.0.2. et le scan du fichier C:\WINDOWS\system32\services.exe par virus total. j ai aussi fait un scan par Malwarebytes' Anti-Malware celui ci detect une infection mais au bout d une demie heur j ai droit a une page bleu j ai essayer trois fois donc pas de resultats.

 

j aimerai savoir comment eradiker le ou les intrus si c est possible et savoir d ou sa vien merci a tous

 

 

-------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:14:58, on 06/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\SetPoint\LBTWiz.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\DOCUME~1\sam\LOCALS~1\Temp\clclean.0001

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Saitek\Software\Profiler.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\WINDOWS\system32\ms18_word.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\Documents and Settings\sam\ms18_word.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"

O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check

O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SYS

O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\sam\ms18_word.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ikowin32.exe

O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SetPoint.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-313e25559dc461ea.spaces.live.co...ad/MsnPUpld.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 17030 bytes

 

--------------------------------------------------------------------------------------------------------------------------

C:\WINDOWS\system32\services.exe scanner par virus total

 

 

 

Fichier services.exe reçu le 2009.08.06 14:26:14 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.08.06 -

AhnLab-V3 5.0.0.2 2009.08.06 -

AntiVir 7.9.0.240 2009.08.06 -

Antiy-AVL 2.0.3.7 2009.08.05 -

Authentium 5.1.2.4 2009.08.06 -

Avast 4.8.1335.0 2009.08.06 -

AVG 8.5.0.406 2009.08.06 -

BitDefender 7.2 2009.08.06 -

CAT-QuickHeal 10.00 2009.08.06 -

ClamAV 0.94.1 2009.08.06 -

Comodo 1887 2009.08.06 -

DrWeb 5.0.0.12182 2009.08.06 -

eSafe 7.0.17.0 2009.08.05 -

eTrust-Vet 31.6.6662 2009.08.06 -

F-Prot 4.4.4.56 2009.08.06 -

F-Secure 8.0.14470.0 2009.08.06 -

Fortinet 3.120.0.0 2009.08.06 -

GData 19 2009.08.06 -

Ikarus T3.1.1.64.0 2009.08.06 -

Jiangmin 11.0.800 2009.08.06 -

K7AntiVirus 7.10.811 2009.08.05 -

Kaspersky 7.0.0.125 2009.08.06 -

McAfee 5699 2009.08.05 -

McAfee+Artemis 5699 2009.08.05 -

McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H

Microsoft 1.4903 2009.08.06 -

NOD32 4312 2009.08.06 -

Norman 6.01.09 2009.08.06 -

nProtect 2009.1.8.0 2009.08.06 -

Panda 10.0.0.14 2009.08.05 -

PCTools 4.4.2.0 2009.08.06 -

Prevx 3.0 2009.08.06 -

Rising 21.41.34.00 2009.08.06 -

Sophos 4.44.0 2009.08.06 -

Sunbelt 3.2.1858.2 2009.08.06 -

Symantec 1.4.4.12 2009.08.06 -

TheHacker 6.3.4.3.377 2009.08.05 -

TrendMicro 8.950.0.1094 2009.08.06 -

VBA32 3.12.10.9 2009.08.06 -

ViRobot 2009.8.6.1871 2009.08.06 -

VirusBuster 4.6.5.0 2009.08.05 -

 

Information additionnelle

File size: 111104 bytes

MD5   : c3fb1d70cb88722267949694ba51759e

SHA1  : 1fce6e1efcb22463fe985ed44291650209ce4317

SHA256: 8cd60f76a91502a718e5371d4e94bf21eca59f50307c783c27e316891504172d

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xBF63<BR>timedatestamp.....: 0x498C1AC8 (Fri Feb 6 12:11:04 2009)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x196A5 0x19800 6.23 bf32e1a6f4363e9fffea31d970bdebf2<BR>.data 0x1B000 0xA38 0xC00 1.78 817a9a6979796d656eb64e994df5db0a<BR>.rsrc 0x1C000 0x8B8 0xA00 3.79 7310e6c804f12fe752acf0f9d8f019fc<BR><BR>( 10 imports )<BR><BR>> advapi32.dll: AllocateLocallyUniqueId, RegOpenKeyW, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, LogonUserExW, LsaStorePrivateData, LsaLookupNames, AddAccessAllowedAce, SetTokenInformation, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser<BR>> kernel32.dll: GetCurrentThread, CreateMutexW, ReleaseMutex, ExitThread, FormatMessageW, lstrcmpiW, SetProcessShutdownParameters, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetConsoleCtrlHandler, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, OpenEventW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, TerminateProcess, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW<BR>> msvcrt.dll: _itow, wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, wcsncmp, _XcptFilter, _cexit, exit, _wcsnicmp, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _wtol, wcscpy, wcscat, wcsncpy, _wcsicmp, __initenv, wcslen, wcscspn, _ultow<BR>> ncobjapi.dll: WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject<BR>> ntdll.dll: RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, RtlSetDaclSecurityDescriptor, RtlQuerySecurityObject, RtlSetSecurityObject, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, NtQueryInformationToken, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject<BR>> rpcrt4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, RpcServerListen, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcServerUnregisterIf, NdrAsyncClientCall, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf<BR>> scesrv.dll: ScesrvInitializeServer, ScesrvTerminateServer<BR>> umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys<BR>> user32.dll: LoadStringW, wsprintfW, BroadcastSystemMessageW, MessageBoxW, RegisterServicesProcess<BR>> userenv.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock<BR><BR>( 0 exports )<BR>

TrID  : File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ssdeep: 1536:H3j12id0hKy+k1DQ+7Gpj3r4M7TGfwG1K9IJvydlnk4pCxvth:H3G1DQgGpj3Cf1K9IBydlk+cv

th

PEiD  : -

RDS   : NSRL Reference Data Set<BR>-

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

 

 

Téléchargez MBAM

 

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

 

 

Dans Hijackthis,cochez ces lignes puis clic sur Fix checked

 

 

R3 - URLSearchHook: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll

O2 - BHO: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRec1.dll

O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe

O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\sam\ms18_word.exe

O4 - Startup: ikowin32.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: SetPoint.lnk = ?

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

 

Supprimer Ctfmon

Suppression des fonctionnalités Modes d'entrée utilisateur complémentaires des Services de texte

Démarrer-> Panneau de configuration.

-> Options régionales, date, heure et langue,

-> Options régionales et linguistiques.

Sous l'onglet Langues, cliquez sur Détails.

Sous Services installés, sélectionnez chaque élément d'entrée répertorié,

->cliquez sur Supprimer pour supprimer l'élément en question.

Tous les éléments doivent être supprimés, un par un, à l'exception du service d'entrée suivant :

Français (France) – clavier : Français

Ensuite

Démarrer->Exécuter ->

Taper:

Regsvr32.exe /u msimtf.dll

Cliquez sur OK.

Répétez pour le fichier Msctf.dll.

 

Postez ensuite un nouveau rapport Hijackthis, svp.

samix31 Junior Member

samix31

Posté(e)
  • Auteur
Posté(e)

voila g suivi tes instructions en se ki concerne mbam il a trouvé un fichier infecté mais au bout d une demie le pc bug page bleu voila le message derreur

 

stop: ox oooooo7E ( 0xc0000005 , 0x804f190a , 0xba503c84 , 0xba503980)

 

J ai donc refait un annalyse est je l ai arreter apres la detection afin d avoir un rapport meme si il est incomplet que .J aieffectuer les autre manip avec succes voici les rapports

 

 

-------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:13:06, on 06/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\SetPoint\LBTWiz.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\DOCUME~1\sam\LOCALS~1\Temp\clclean.0001

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6070111

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"

O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SYS

O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-313e25559dc461ea.spaces.live.co...ad/MsnPUpld.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 14314 bytes

--------------------------------------------------------------------------------------------------------------

 

 

Version de la base de données: 2571

Windows 5.1.2600 Service Pack 3

 

06/08/2009 20:58:29

mbam-log-2009-08-06 (20-58-29).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 57251

Temps écoulé: 13 minute(s), 54 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\sam\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

en se qui concerne le fichier C:\WINDOWS\system32\services.exe

il est toujour infecter a se niveau McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H

pear Devil Member !

pear

Posté(e)
Posté(e)
en se qui concerne le fichier C:\WINDOWS\system32\services.exe

il est toujour infecter a se niveau McAfee-GW-Edition 6.8.5 2009.08.06 Heuristic.BehavesLike.Win32.Spyware.H

 

N'en tenez pas compte.

C'est très probablement un faux positif, McAfee étant le seul à y voir un néfaste.

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonjour samix31, pear :P

 

Je pense que McAfee sent une bestiole, effectivement :

 

O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe

O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\sam\ms18_word.exe

O4 - Startup: ikowin32.exe

 

Lorsque ces lignes sont présentes (il peut y en avoir d'autres, et des variations sur le thème), c'est signe d'une infection récente et plutôt coriace. Les antivirus connaissent mal, MBAM est incapable (à ce jour) de la traiter. L'infection injecte généralement un fichier système, ce qui provoque une regénération à chaque démarrage.

 

samix31, prière de lire attentivement la page vers laquelle je t'envoie afin de lancer ComboFix sur ta machine. Lors de l'installation, on te proposera d'installer la Console de Récupération : cette étape est cruciale avec ce type d'infection, sinon l'outil ne peut pas tout nettoyer et on tournera en rond. Autre point important : McAfee gêne considérablement ComboFix, alors il est primordial de le désactiver (tout-tout, pare-feu compris) avant de lancer ComboFix. Voici le tuto :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

 

Poste le rapport ici lorsque l'analyse sera terminée.

 

@+

samix31 Junior Member

samix31

Posté(e)
  • Auteur
Posté(e)

voici le rappot demander:

 

 

ComboFix 09-08-06.01 - sam 07/08/2009 14:37.1.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1448 [GMT 2:00]

Running from: c:\documents and settings\sam\Mes documents\Mes fichiers reçus\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\sam\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\documents and settings\sam\Application Data\wiaserva.log

c:\documents and settings\sam\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\documents and settings\sam\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\config.ini

c:\windows\struct~.ini

c:\windows\system32\3PkSGj4P.exe.a_a

c:\windows\system32\Data

c:\windows\system32\drivers\ati64si.sys

c:\windows\system32\Nx.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ati64si

-------\Legacy_port135sik

-------\Service_ati64si

-------\Service_i386si

 

 

((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))

.

 

2009-08-06 18:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-06 18:00 . 2009-08-06 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-06 18:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\sam\Application Data\Malwarebytes

2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-05 23:02 . 2009-08-05 23:02 -------- d-----w- c:\program files\Trend Micro

2009-08-05 21:48 . 2009-08-05 21:48 619296 ----a-w- c:\windows\system32\dllcache\ntfs.sys

2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\vdownloader

2009-07-29 17:46 . 2009-07-29 17:47 -------- d-----w- c:\documents and settings\sam\Application Data\Desktopicon

2009-07-29 17:45 . 2009-07-29 17:46 -------- d-----w- c:\program files\VDOWNLOADER

2009-07-28 15:19 . 2009-07-28 15:19 8854 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe

2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut11_A37A26D584444862933B478371D0299D.exe

2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut1_A37A26D584444862933B478371D0299D.exe

2009-07-28 15:19 . 2009-07-28 15:19 10134 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\ARPPRODUCTICON.exe

2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\program files\Micro Application

2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application

2009-07-27 20:27 . 2009-08-07 12:42 1445576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-07-27 20:27 . 2009-07-27 20:27 -------- d-----w- c:\program files\MSBuild

2009-07-27 20:26 . 2009-07-27 20:28 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-27 20:26 . 2009-07-27 20:26 -------- d-----w- c:\program files\Reference Assemblies

2009-07-27 20:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Recherche_France

2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2009-07-14 16:26 . 2009-07-15 21:36 -------- d-----w- c:\documents and settings\sam\Application Data\Apple Computer

2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\program files\Bonjour

2009-07-14 16:24 . 2009-07-15 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple

2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\program files\Apple Software Update

2009-07-14 16:24 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-07-14 16:24 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-07-14 16:24 . 2009-07-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-07-14 16:24 . 2009-07-14 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-07-14 16:23 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple Computer

2009-07-14 16:08 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-07-14 16:08 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-07-11 10:47 . 2009-07-11 10:52 -------- d-----w- c:\program files\eMule

2009-07-11 10:43 . 2009-07-11 10:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Recherche_France

2009-07-11 10:43 . 2009-07-11 10:44 -------- d-----w- c:\program files\Recherche_France

2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\program files\Conduit

2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Conduit

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-07 12:43 . 2008-10-08 10:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-08-07 12:43 . 2008-12-10 18:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-08-06 18:38 . 2007-01-11 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-06 11:44 . 2008-11-30 23:02 172 ----a-w- c:\documents and settings\sam\Application Data\wklnhst.dat

2009-08-05 22:21 . 2008-10-08 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-08-05 21:48 . 2005-09-01 05:53 619296 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-03 12:06 . 2009-04-13 11:56 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-28 15:02 . 2007-01-11 02:22 50704 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-27 20:27 . 2005-09-01 05:53 94570 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-27 20:27 . 2005-09-01 05:53 534790 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-11 08:51 . 2007-01-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-07-10 16:37 . 2007-01-11 02:18 -------- d-----w- c:\program files\McAfee

2009-07-03 16:57 . 2005-09-01 05:53 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:40 . 2005-09-01 05:53 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-09-01 05:53 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 15:28 . 2008-10-20 17:18 -------- d-----w- c:\program files\Windows Desktop Search

2009-06-11 21:40 . 2007-01-11 02:14 -------- d-----w- c:\program files\Microsoft Works

2009-06-03 19:10 . 2005-09-01 05:53 1297408 ----a-w- c:\windows\system32\quartz.dll

2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll

.

 

------- Sigcheck -------

 

[-] 2004-08-10 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-05 21:48 619296 853A7E6041089D58F8368D2F43B57880 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-05 21:48 619296 853A7E6041089D58F8368D2F43B57880 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-11 68856]

"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]

"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-17 126976]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]

"Fnac"="c:\program files\Fnac\Fnac.exe" [2009-02-26 933984]

"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-12-20 28160]

 

c:\documents and settings\sam\Menu D‚marrer\Programmes\D‚marrage\

Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2006-04-27 10:30 53248 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^windows search.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

 

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/10/2008 20:53 206096]

S1 443da05d;443da05d;c:\windows\system32\drivers\443da05d.sys --> c:\windows\system32\drivers\443da05d.sys [?]

S3 SaiH040C;SaiH040C;c:\windows\system32\drivers\SaiH040C.sys [20/10/2008 13:13 173568]

S3 SaiU040C;SaiU040C;c:\windows\system32\drivers\SaiU040C.sys [20/10/2008 13:14 26496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2009-07-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53]

 

2009-07-31 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53]

 

2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{5BACF148-8408-4BB3-88B4-4E1A9E73E6A6}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{D5B75883-E809-4120-BFEB-8D707D5DFBE3} - (no file)

HKLM-Run-Logitech BT Wizard - LBTWiz.exe

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonjour ;

 

Juste de passage rapide. Bon alors ComboFix a confirmé la présence de cette bête. Il semble y avoir atteinte d'un fichier système, effectivement ; sans la Console de Récupération, ça complique un brin la réparation, qui devra être opérée. Je dois regarder quelques trucs lorsque j'aurai un peu de temps.

 

Je posterai de nouvelles instructions dès que possible :P

 

@+

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Je voulais te demander : quel(s) problème(s) as-tu rencontré(s) lors de l'installation de la Console de Récupération ? S'il y a un problème lié à cette infection, j'aimerais en prendre connaissance.

 

J'aimerais également que tu retentes l'installation de la Console manuellement, en suivant les instructions du tuto suivant :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

(depuis la Table des matières au haut, c'est le point 4. Installer manuellement la Console de récupération)

 

Note : Il faut impérativement désactiver McAfee juste avant de débuter l'opération d'installer la Console avec ComboFix. Si l'opération se déroule bien, ComboFix installera la Console puis t'offrira de lancer une analyse : accepte. Poste ensuite le rapport ici.

 

Si les problèmes d'installation de la Console persistent, fais-moi signe, bien sûr.

 

J'aimerais également que tu me dises si tu as accès à une autre machine (parents, amis, etc...) qui tourne sous XP Pro SP3, car nous pourrions avoir besoin d'un fichier sain (une greffe, si tu veux).

 

@+

samix31 Junior Member

samix31

Posté(e)
  • Auteur
Posté(e)

voila j ai installer muellement la console depuis mon cd .puis desactiver mac fee et lancer combofix pas probleme particulier si ce n est q uil me change fond d ecran ...iol doit pas aimer l ancien lol ..voici le log

 

 

 

ComboFix 09-08-06.01 - sam 07/08/2009 19:45.4.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1405 [GMT 2:00]

Running from: c:\documents and settings\sam\Bureau\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\sam\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp

c:\documents and settings\sam\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp

c:\windows\TEMP\logishrd\LVPrcInj01.dll

 

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys

 

.

((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))

.

 

2009-08-06 18:00 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-06 18:00 . 2009-08-06 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-06 18:00 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\sam\Application Data\Malwarebytes

2009-08-05 23:06 . 2009-08-05 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-05 23:02 . 2009-08-05 23:02 -------- d-----w- c:\program files\Trend Micro

2009-08-05 21:48 . 2009-08-05 21:48 619296 ----a-w- c:\windows\system32\dllcache\ntfs.sys

2009-07-29 17:48 . 2009-07-29 17:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\vdownloader

2009-07-29 17:46 . 2009-07-29 17:47 -------- d-----w- c:\documents and settings\sam\Application Data\Desktopicon

2009-07-29 17:45 . 2009-07-29 17:46 -------- d-----w- c:\program files\VDOWNLOADER

2009-07-28 15:19 . 2009-07-28 15:19 8854 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe

2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut11_A37A26D584444862933B478371D0299D.exe

2009-07-28 15:19 . 2009-07-28 15:19 53248 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut1_A37A26D584444862933B478371D0299D.exe

2009-07-28 15:19 . 2009-07-28 15:19 10134 ----a-r- c:\documents and settings\sam\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\ARPPRODUCTICON.exe

2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\program files\Micro Application

2009-07-28 15:18 . 2009-07-28 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application

2009-07-27 20:27 . 2009-08-07 12:42 1445576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-07-27 20:27 . 2009-07-27 20:27 -------- d-----w- c:\program files\MSBuild

2009-07-27 20:26 . 2009-07-27 20:28 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-27 20:26 . 2009-07-27 20:26 -------- d-----w- c:\program files\Reference Assemblies

2009-07-27 20:26 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Recherche_France

2009-07-20 16:36 . 2009-07-20 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2009-07-14 16:26 . 2009-07-15 21:36 -------- d-----w- c:\documents and settings\sam\Application Data\Apple Computer

2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-07-14 16:25 . 2009-07-14 16:25 -------- d-----w- c:\program files\Bonjour

2009-07-14 16:24 . 2009-07-15 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple

2009-07-14 16:24 . 2009-07-14 16:24 -------- d-----w- c:\program files\Apple Software Update

2009-07-14 16:24 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-07-14 16:24 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-07-14 16:24 . 2009-07-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-07-14 16:24 . 2009-07-14 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-07-14 16:23 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Apple Computer

2009-07-14 16:08 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-07-14 16:08 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-07-11 10:47 . 2009-07-11 10:52 -------- d-----w- c:\program files\eMule

2009-07-11 10:43 . 2009-07-11 10:48 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Recherche_France

2009-07-11 10:43 . 2009-07-11 10:44 -------- d-----w- c:\program files\Recherche_France

2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\program files\Conduit

2009-07-11 10:43 . 2009-07-11 10:43 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Conduit

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-07 17:49 . 2008-10-08 10:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-08-07 17:49 . 2008-12-10 18:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-08-06 18:38 . 2007-01-11 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-06 11:44 . 2008-11-30 23:02 172 ----a-w- c:\documents and settings\sam\Application Data\wklnhst.dat

2009-08-05 22:21 . 2008-10-08 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-08-03 12:06 . 2009-04-13 11:56 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-28 15:02 . 2007-01-11 02:22 50704 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-27 20:27 . 2005-09-01 05:53 94570 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-27 20:27 . 2005-09-01 05:53 534790 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-11 08:51 . 2007-01-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-07-10 16:37 . 2007-01-11 02:18 -------- d-----w- c:\program files\McAfee

2009-07-03 16:57 . 2005-09-01 05:53 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:40 . 2005-09-01 05:53 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-09-01 05:53 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 15:28 . 2008-10-20 17:18 -------- d-----w- c:\program files\Windows Desktop Search

2009-06-11 21:40 . 2007-01-11 02:14 -------- d-----w- c:\program files\Microsoft Works

2009-06-03 19:10 . 2005-09-01 05:53 1297408 ----a-w- c:\windows\system32\quartz.dll

2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-07_12.46.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-07 17:50 . 2009-08-07 17:50 16384 c:\windows\Temp\Perflib_Perfdata_a90.dat

+ 2008-10-07 20:37 . 2009-08-07 17:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-10-07 20:37 . 2009-08-07 17:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

- 2008-10-07 20:37 . 2009-08-07 10:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-10-07 20:37 . 2009-08-07 17:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2001-07-14 15:32 . 2001-07-14 15:32 69632 c:\windows\setupupd\temp\wsdueng.dll

+ 2005-09-01 05:53 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-11 68856]

"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]

"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-17 126976]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]

"Fnac"="c:\program files\Fnac\Fnac.exe" [2009-02-26 933984]

"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-06-29 1355042]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-12-20 28160]

 

c:\documents and settings\sam\Menu D‚marrer\Programmes\D‚marrage\

Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2006-04-27 10:30 53248 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^windows search.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

 

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/10/2008 20:53 206096]

S1 443da05d;443da05d;c:\windows\system32\drivers\443da05d.sys --> c:\windows\system32\drivers\443da05d.sys [?]

S3 SaiH040C;SaiH040C;c:\windows\system32\drivers\SaiH040C.sys [20/10/2008 13:13 173568]

S3 SaiU040C;SaiU040C;c:\windows\system32\drivers\SaiU040C.sys [20/10/2008 13:14 26496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2009-07-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53]

 

2009-07-31 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-20 09:53]

 

2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{5BACF148-8408-4BB3-88B4-4E1A9E73E6A6}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

Trusted Zone: fnac.com\vod

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-07 19:51

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-3986726973-1251003844-3652515452-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(832)

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'explorer.exe'(8896)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

c:\program files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

c:\windows\system32\rundll32.exe

c:\docume~1\sam\LOCALS~1\Temp\clclean.0001

c:\windows\system32\rundll32.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Dell Network Assistant\hnm_svc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe

c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\McAfee\MSK\msksrver.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\system32\searchindexer.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Completion time: 2009-08-07 19:54 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-07 17:54

ComboFix2.txt 2009-08-07 13:57

ComboFix3.txt 2009-08-07 12:49

 

Pre-Run: 202 969 075 712 octets libres

Post-Run: 202 922 405 888 octets libres

 

285 --- E O F --- 2009-08-02 13:00

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...