Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection beep.sys [Résolu]

Cube

Par Cube
dans Analyses et éradication malwares

 Partager

Messages recommandés

Cube Junior Member

Cube

Posté(e)
  • Auteur
Posté(e)

Le rapport Combofix

 

ComboFix 09-08-19.0C - Cub 20/08/2009 23:14.6.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.282 [GMT 2:00]

Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe

Command switches used :: c:\documents and settings\Cub\Bureau\CFscriptcube.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

"c:\documents and settings\All Users\Application Data\hyzaxi.dat"

"c:\documents and settings\All Users\Application Data\okumeco.dat"

"c:\documents and settings\LocalService\Application Data\hexifa.vbs"

"c:\documents and settings\LocalService\Local Settings\Application Data\idegasuba.pif"

"c:\documents and settings\LocalService\Local Settings\Application Data\ketufat.sys"

"c:\program files\Fichiers communs\qabemalo.exe"

"c:\program files\Fichiers communs\tulymi.vbs"

"c:\program files\Fichiers communs\vexido.dl"

"c:\program files\Fichiers communs\vupexaf.dl"

"c:\windows\fyju.dat"

"c:\windows\rts.exe"

"c:\windows\sazocewyw.bin"

"c:\windows\system32\drivers\xagnnt07j31.sys"

"c:\windows\system32\qofy.dat"

"c:\windows\syxu.scr"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\hyzaxi.dat

c:\documents and settings\All Users\Application Data\okumeco.dat

c:\documents and settings\LocalService\Application Data\hexifa.vbs

c:\documents and settings\LocalService\Local Settings\Application Data\idegasuba.pif

c:\documents and settings\LocalService\Local Settings\Application Data\ketufat.sys

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\PC_Antispyware2010

c:\pc_antispyware2010\PC_Antispyware2010.lnk

c:\pc_antispyware2010\Uninstall.lnk

c:\program files\Fichiers communs\qabemalo.exe

c:\program files\Fichiers communs\tulymi.vbs

c:\program files\Fichiers communs\vexido.dl

c:\program files\Fichiers communs\vupexaf.dl

c:\windows\fyju.dat

c:\windows\Installer\192c52a.msi

c:\windows\rts.exe

c:\windows\sazocewyw.bin

c:\windows\system32\braviax.exe

c:\windows\system32\drivers\xagnnt07j31.sys

c:\windows\system32\qofy.dat

c:\windows\syxu.scr

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_XAGNNT07J31

-------\Service_soqwx32

-------\Service_xagnnt07j31

 

 

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

 

2009-08-20 21:30 . 2009-08-20 21:30 11264 ----a-w- c:\windows\system32\braviax.exe

2009-08-20 21:30 . 2009-08-20 21:27 29184 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-20 21:30 . 2009-08-20 21:27 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-20 21:27 . 2009-08-20 21:27 29184 -c--a-w- c:\windows\system32\dllcache\figaro.sys

2009-08-19 14:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-19 14:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-19 14:24 . 2009-08-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies

2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 12:14 . 2009-08-20 21:23 -------- d-----w- c:\windows\temp01

2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft

2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys

2009-08-13 18:36 . 2004-08-05 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys

2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes

2009-08-13 17:23 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll

2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys

2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll

2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe

2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe

2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll

2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe

2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll

2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll

2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll

2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll

2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe

2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll

2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL

2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll

2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll

2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll

2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll

2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll

2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6

2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com

2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 21:30 . 2009-08-20 21:30 190539 ----a-w- c:\windows\system32\wisdstr.exe

2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO

2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo!

2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD

2009-08-17 19:03 . 2008-04-13 19:15 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt

2009-08-17 16:05 . 2005-03-07 09:05 91524 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-17 16:05 . 2005-03-07 09:05 522440 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus

2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus

2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter

2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule

2009-07-03 16:57 . 2005-03-07 09:05 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe

2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65

2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe

2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

.

 

------- Sigcheck -------

 

[-] 2009-08-20 21:27 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\dllcache\beep.sys

[-] 2009-08-20 21:27 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\drivers\beep.sys

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-17 19:03 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-08-20_09.58.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-20 11:43 . 2009-08-20 11:43 12800 c:\windows\temp01\xpshims.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 68096 c:\windows\temp01\xpcom_compat.dll

+ 2009-08-20 11:41 . 2009-08-20 11:41 12288 c:\windows\temp01\xpcom.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 36352 c:\windows\temp01\wups2.dll

+ 2009-08-20 20:54 . 2009-08-20 20:54 44032 c:\windows\temp01\wuauclt.exe

+ 2009-08-20 10:41 . 2009-08-20 10:41 99840 c:\windows\temp01\wmpshell.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 77824 c:\windows\temp01\VESSemiPnP.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 26368 c:\windows\temp01\USBSTOR.SYS

+ 2009-08-20 10:09 . 2009-08-20 10:09 50688 c:\windows\temp01\twain_32.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 98304 c:\windows\temp01\Track2Filter.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 98304 c:\windows\temp01\Track1Filter.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 40960 c:\windows\temp01\spellchk.dll

+ 2009-08-20 18:08 . 2009-08-20 18:08 22016 c:\windows\temp01\sclgntfy.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 29696 c:\windows\temp01\reader_sl.exe

+ 2009-08-20 10:08 . 2009-08-20 10:08 73728 c:\windows\temp01\PtPlatform.dll

+ 2009-08-20 10:04 . 2009-08-20 10:04 17408 c:\windows\temp01\powrprof.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 57344 c:\windows\temp01\Plugin.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 24576 c:\windows\temp01\plds4.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 28672 c:\windows\temp01\plc4.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 65536 c:\windows\temp01\OSA9.EXE

+ 2009-08-20 10:08 . 2009-08-20 10:08 65536 c:\windows\temp01\OperaMgr.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 98304 c:\windows\temp01\odbcint.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 32768 c:\windows\temp01\objpscnv.dll

+ 2009-08-20 11:41 . 2009-08-20 11:41 81920 c:\windows\temp01\nssutil3.dll

+ 2009-08-20 11:43 . 2009-08-20 11:43 98304 c:\windows\temp01\nssdbm3.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 24576 c:\windows\temp01\nsldappr32v50.dll

+ 2009-08-20 11:45 . 2009-08-20 11:45 59904 c:\windows\temp01\npnul32.dll

+ 2009-08-20 10:03 . 2009-08-20 10:03 70656 c:\windows\temp01\notepad.exe

+ 2009-08-20 10:16 . 2009-08-20 10:16 29184 c:\windows\temp01\myspell.dll

+ 2009-08-20 10:42 . 2009-08-20 10:42 91648 c:\windows\temp01\mydocs.dll

+ 2009-08-20 18:06 . 2009-08-20 18:06 29696 c:\windows\temp01\mspatcha.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 78848 c:\windows\temp01\msiexec.exe

+ 2009-08-20 10:44 . 2009-08-20 10:44 22528 c:\windows\temp01\mfcsubs.dll

+ 2009-08-20 10:46 . 2009-08-20 10:46 57344 c:\windows\temp01\mfc42loc.dll

+ 2009-08-20 10:41 . 2009-08-20 10:41 65536 c:\windows\temp01\mbamext.dll

+ 2009-08-20 10:42 . 2009-08-20 10:42 28160 c:\windows\temp01\lang-1036.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 61952 c:\windows\temp01\jar50.dll

+ 2009-08-20 10:45 . 2009-08-20 10:45 35328 c:\windows\temp01\iTunesRegistry.dll

+ 2009-08-20 10:45 . 2009-08-20 10:45 49152 c:\windows\temp01\iTunesMiniPlayerLocalized.dll

+ 2009-08-20 10:45 . 2009-08-20 10:45 80384 c:\windows\temp01\iTunesLocalized.dll

+ 2009-08-20 10:45 . 2009-08-20 10:45 82432 c:\windows\temp01\iTunes.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 73728 c:\windows\temp01\IDriverT.exe

+ 2009-08-20 11:44 . 2009-08-20 11:44 58880 c:\windows\temp01\helper.exe

+ 2009-08-20 10:08 . 2009-08-20 10:08 18944 c:\windows\temp01\DiscWriter.dll

+ 2009-08-20 10:46 . 2009-08-20 10:46 39936 c:\windows\temp01\dfrgsnap.dll

+ 2009-08-20 10:46 . 2009-08-20 10:46 55808 c:\windows\temp01\dfrgres.dll

+ 2009-08-20 14:20 . 2009-08-20 14:20 25088 c:\windows\temp01\defrag.exe

+ 2009-08-20 11:44 . 2009-08-20 11:44 27136 c:\windows\temp01\ddrawex.dll

+ 2009-08-20 10:41 . 2009-08-20 10:41 31744 c:\windows\temp01\CONTEX~1.DLL

+ 2009-08-20 11:41 . 2009-08-20 11:41 17408 c:\windows\temp01\browserdirprovider.dll

+ 2009-08-20 10:04 . 2009-08-20 10:04 29184 c:\windows\temp01\batmeter.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 49152 c:\windows\temp01\ashWsFtr.dll

+ 2009-08-20 10:41 . 2009-08-20 10:41 69632 c:\windows\temp01\ashShell.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 53248 c:\windows\temp01\AhResWS.dll

+ 2009-08-20 21:25 . 2009-08-20 21:25 16384 c:\windows\TEMP\Perflib_Perfdata_d0.dat

+ 2009-08-20 20:50 . 2009-08-20 20:50 6656 c:\windows\temp01\wuauserv.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 8704 c:\windows\temp01\qfaservices.dll

+ 2009-08-20 18:08 . 2009-08-20 18:08 5632 c:\windows\temp01\kbdus.dll

+ 2009-08-20 21:04 . 2009-08-20 21:04 3584 c:\windows\temp01\icmp.dll

+ 2009-08-20 11:43 . 2009-08-20 11:43 121856 c:\windows\temp01\xmllite.dll

+ 2009-08-20 20:55 . 2009-08-20 20:55 316416 c:\windows\temp01\wucltui.dll

+ 2009-08-20 10:04 . 2009-08-20 10:04 133632 c:\windows\temp01\WPDShServiceObj.dll

+ 2009-08-20 20:55 . 2009-08-20 20:55 156672 c:\windows\temp01\wmipcima.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 222720 c:\windows\temp01\wmasf.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 124928 c:\windows\temp01\wiadss.dll

+ 2009-08-20 10:04 . 2009-08-20 10:04 236544 c:\windows\temp01\webcheck.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 102400 c:\windows\temp01\VESSuPerform.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 266240 c:\windows\temp01\VESPowerMgr.dll

+ 2009-08-20 10:04 . 2009-08-20 10:04 122368 c:\windows\temp01\stobject.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 131072 c:\windows\temp01\ssl3.dll

+ 2009-08-20 11:42 . 2009-08-20 11:42 134144 c:\windows\temp01\sqmapi.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 253952 c:\windows\temp01\softokn3.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 106496 c:\windows\temp01\smime3.dll

+ 2009-08-20 10:41 . 2009-08-20 10:41 126464 c:\windows\temp01\RarExt.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 102400 c:\windows\temp01\PseProxy.exe

+ 2009-08-20 10:04 . 2009-08-20 10:04 166912 c:\windows\temp01\PortableDeviceTypes.dll

+ 2009-08-20 10:04 . 2009-08-20 10:04 284160 c:\windows\temp01\PortableDeviceApi.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 249856 c:\windows\temp01\odbc32.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 294912 c:\windows\temp01\nssckbi.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 155648 c:\windows\temp01\nspr4.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 139264 c:\windows\temp01\nsldap32v50.dll

+ 2009-08-20 20:57 . 2009-08-20 20:57 281600 c:\windows\temp01\mstask.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 272896 c:\windows\temp01\mscoree.dll

+ 2009-08-20 10:46 . 2009-08-20 10:46 174080 c:\windows\temp01\mmcbase.dll

+ 2009-08-20 20:55 . 2009-08-20 20:55 235008 c:\windows\temp01\metrics-ff3.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 184320 c:\windows\temp01\IUserCnv.dll

+ 2009-08-20 10:45 . 2009-08-20 10:45 102400 c:\windows\temp01\iTunesMiniPlayer.dll

+ 2009-08-20 10:43 . 2009-08-20 10:43 306688 c:\windows\temp01\IsUninst.exe

+ 2009-08-20 10:44 . 2009-08-20 10:44 274432 c:\windows\temp01\IScrCnv.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 200704 c:\windows\temp01\iGdiCnv.dll

+ 2009-08-20 11:42 . 2009-08-20 11:42 164352 c:\windows\temp01\ieui.dll

+ 2009-08-20 11:42 . 2009-08-20 11:42 246272 c:\windows\temp01\ieproxy.dll

+ 2009-08-20 11:43 . 2009-08-20 11:43 184320 c:\windows\temp01\iepeers.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 146944 c:\windows\temp01\hotplug.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 143360 c:\windows\temp01\fullsoft.dll

+ 2009-08-20 10:16 . 2009-08-20 10:16 200704 c:\windows\temp01\freebl3.dll

+ 2009-08-20 11:42 . 2009-08-20 11:42 159744 c:\windows\temp01\FlashGot.exe

+ 2009-08-20 11:41 . 2009-08-20 11:41 302080 c:\windows\temp01\firefox.exe

+ 2009-08-20 10:08 . 2009-08-20 10:08 143744 c:\windows\temp01\Fastfat.SYS

+ 2009-08-20 11:44 . 2009-08-20 11:44 216064 c:\windows\temp01\dxtrans.dll

+ 2009-08-20 11:44 . 2009-08-20 11:44 348160 c:\windows\temp01\dxtmsft.dll

+ 2009-08-20 20:55 . 2009-08-20 20:55 138752 c:\windows\temp01\dssenh.dll

+ 2009-08-20 10:46 . 2009-08-20 10:46 124416 c:\windows\temp01\dfrgui.dll

+ 2009-08-20 10:46 . 2009-08-20 10:46 105472 c:\windows\temp01\dfrgntfs.exe

+ 2009-08-20 10:42 . 2009-08-20 10:42 139264 c:\windows\temp01\CtxMenu.dll

+ 2009-08-20 10:03 . 2009-08-20 10:03 337920 c:\windows\temp01\cscui.dll

+ 2009-08-20 10:03 . 2009-08-20 10:03 102912 c:\windows\temp01\cscdll.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 336896 c:\windows\temp01\contactsUX.dll

+ 2009-08-20 10:44 . 2009-08-20 10:44 226304 c:\windows\temp01\catsrv.dll

+ 2009-08-20 11:42 . 2009-08-20 11:42 129024 c:\windows\temp01\brwsrcmp.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 180224 c:\windows\temp01\Bib.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 151552 c:\windows\temp01\AXE8SharedExpat.dll

+ 2009-08-20 10:09 . 2009-08-20 10:09 276992 c:\windows\temp01\audiodev.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 245760 c:\windows\temp01\Asn.er.dll

+ 2009-08-20 10:08 . 2009-08-20 10:08 186368 c:\windows\temp01\ARE.dll

+ 2009-08-20 10:43 . 2009-08-20 10:43 245248 c:\windows\temp01\acspecfc.dll

+ 2009-08-20 20:50 . 2009-08-20 20:50 217088 c:\windows\temp01\acrotray.exe

+ 2009-08-20 10:44 . 2009-08-20 10:44 176128 c:\windows\temp01\_ISUSER.DLL

+ 2009-08-20 10:44 . 2009-08-20 10:44 339968 c:\windows\temp01\_ISRES.DLL

+ 2005-03-07 18:12 . 2009-08-20 20:49 301232 c:\windows\system32\FNTCACHE.DAT

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Regedit32"="c:\windows\system32\regedit.exe" [bU]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]

"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664]

Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]

backup=c:\windows\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"WinampAgent"="c:\program files\Winamp\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2008 12:42 114768]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2008 12:42 20560]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-20 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com

IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 23:27

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\drivers\beep.sys 29184 bytes executable

c:\windows\system32\wisdstr.exe 190539 bytes executable

c:\windows\system32\braviax.exe 11264 bytes executable

 

scan completed successfully

hidden files: 3

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(900)

c:\windows\system32\VESWinlogon.dll

 

- - - - - - - > 'explorer.exe'(4368)

c:\program files\MessengerPlus! 3\MsgPlusLoader.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Glary Utilities\Integrator.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

c:\windows\system32\braviax.exe

c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-08-20 23:37 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-20 21:37

ComboFix2.txt 2009-08-20 10:03

 

Pre-Run: 11 755 982 848 octets libres

Post-Run: 11 599 413 248 octets libres

 

471 --- E O F --- 2009-08-18 12:20

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Mets à jour MBAM et fais un scan avec maintenant stp, et poste le rapport.

Si Antivir se manifeste fais ignorer pour que MBAM puisse bosser.

 

Avast +Antivir, c'est pas bon du tout, surtout ensemble.

Vire Avast, par le panneau de configuration / ajout-suppression de programmes. Si ça ne marche pas bien, il y a aussi (au cas où mais normalement pas besoin) cet utilitaire officiel :

http://www.avast.com/fre/avast-uninstall-utility.html

Au besoin en mode sans échec, si ça rouspète vraiment (rarement nécessaire toutefois).

Cube Junior Member

Cube

Posté(e)
  • Auteur
Posté(e)

Le rapport MBAM

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2669

Windows 5.1.2600 Service Pack 3

 

21/08/2009 15:40:31

mbam-log-2009-08-21 (15-40-31).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 184963

Temps écoulé: 44 minute(s), 21 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 44

 

Processus mémoire infecté(s):

C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot.

C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\htmlayout.dll.vir (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\Uninstall.exe.vir (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\wscui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1019\A0304576.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1019\A0303514.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1020\A0316087.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1023\A0319798.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1023\A0320056.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0334882.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0334914.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0335883.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0335889.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1026\A0335890.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1021\A0316318.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\temp01\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

C:\WINDOWS\temp01\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp01\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\temp01\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\TEMP\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\TEMP\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Redémarre la machine si ce n'est pas déjà fait.

 

Refais un scan malwarebytes après ce redémarrage, et de la même manière, poste le rapport.

Par contre là si MBAM te demande à redémarrer, ne le fais pas.

Bloque côté firewall tout fichier .tmp sui demande l'accès à internet : ça régénère l'infection.

 

Fais une nouvelle passe combofix à la place du redémarrage proposé par MBAM si proposé, sans faire glisser le fichier script dessus.

Cube Junior Member

Cube

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Voici le nouveau rapport

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2669

Windows 5.1.2600 Service Pack 3

 

23/08/2009 17:32:22

mbam-log-2009-08-23 (17-32-22).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 184886

Temps écoulé: 1 hour(s), 18 minute(s), 53 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 20

 

Processus mémoire infecté(s):

C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\20ABQ64W\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\A0335897.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\A0335898.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\A0335901.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP1027\snapshot\MFEX-1.DAT (Trojan.KillAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\TEMP\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\TEMP\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je ne vois pas d'autre firewall que celui de windows. Il faut installer avant tout un vrai firewall (pare-feu), car celui de windows

XP ne protège de rien, et la machine est très vulnérable. Un firewall filtre l'accès à internet. Quand les programmes veulent l'accès, ils demandent au firewall, et on répond oui ou non. Bien sûr il peut mémoriser ça.

C'est parce qu'il n'y a pas de vrai firewall que les programmes accèdent tous à internet, et que l'infection régénère. Tant qu'il n'y en aura pas, ça va régénérer en boucle.

 

Je te conseille Online armor free, qui est disponible en français, plutôt facile à prendre en main, efficace, et gratuit.

On le télécharge ici en bas de page (Online Armor Personal Firewall (édition gratuite v3.5.0.32)):

http://fra.tallemu.com/downloads.html

Voici un tutoriel pour son utilisation, si besoin :

http://infomars.fr/forum/index.php?showtopic=1644

 

Une fois installé, il faut refuser impérativement l'accès à internet aux fichiers dont l'extension est .tmp, (généralement nommés BN4.tmp avec un autre chiffre que 4). C'est ce type de fichiers qui réactive l'infection. Autorise les programmes légitimes (antivirus, navigateur, etc).

 

Après on va pouvoir bloquer les restes.

Cube Junior Member

Cube

Posté(e)
  • Auteur
Posté(e)

Et le rapport Combofix:

 

ComboFix 09-08-22.06 - Cub 23/08/2009 17:37.7.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.225 [GMT 2:00]

Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\tygojucih.scr

c:\windows\pequnihe.dll

c:\windows\system32\Drivers\snaekli.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ncqilooh

 

 

((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))

.

 

2009-08-23 15:51 . 2009-08-23 15:51 0 ----a-w- c:\windows\system32\wisdstr.exe

2009-08-23 15:51 . 2009-08-23 15:51 11264 ----a-w- c:\windows\system32\braviax.exe

2009-08-21 13:56 . 2009-08-21 13:56 189791 ----a-w- c:\windows\system32\wisdstr.VIR

2009-08-20 21:37 . 2009-08-20 21:37 19196 ----a-w- c:\windows\luhihyp.com

2009-08-20 21:37 . 2009-08-20 21:37 19915 ----a-w- c:\documents and settings\LocalService\Application Data\icufegyg.pif

2009-08-20 21:37 . 2009-08-20 21:37 19179 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs

2009-08-20 21:37 . 2009-08-20 21:37 12738 ----a-w- c:\windows\system32\yreceloru.dat

2009-08-20 21:37 . 2009-08-20 21:37 12695 ----a-w- c:\windows\awis.vbs

2009-08-20 21:37 . 2009-08-20 21:37 12532 ----a-w- c:\windows\puwexahi.bat

2009-08-20 21:37 . 2009-08-20 21:37 12059 ----a-w- c:\windows\system32\omebolyvyq.sys

2009-08-20 21:37 . 2009-08-20 21:37 11794 ----a-w- c:\documents and settings\LocalService\Application Data\anage.exe

2009-08-20 21:36 . 2009-08-20 21:36 -------- d-----w- C:\PC_Antispyware2010

2009-08-19 14:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-19 14:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-19 14:24 . 2009-08-19 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies

2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 12:14 . 2009-08-21 13:40 -------- d-----w- c:\windows\temp01

2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft

2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys

2009-08-13 18:36 . 2004-08-05 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys

2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes

2009-08-13 17:23 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll

2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys

2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll

2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe

2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe

2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll

2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe

2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll

2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll

2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll

2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll

2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe

2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll

2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL

2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll

2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll

2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll

2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll

2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll

2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6

2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com

2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 15:51 . 2008-04-13 19:15 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-20 21:37 . 2009-08-20 21:37 17695 ----a-w- c:\program files\Fichiers communs\nenad.inf

2009-08-20 21:37 . 2009-08-20 21:37 16226 ----a-w- c:\documents and settings\LocalService\Application Data\qozitizari.dat

2009-08-20 21:37 . 2009-08-20 21:37 12435 ----a-w- c:\documents and settings\All Users\Application Data\umeg.vbs

2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO

2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo!

2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD

2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt

2009-08-17 16:05 . 2005-03-07 09:05 91524 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-17 16:05 . 2005-03-07 09:05 522440 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus

2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus

2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter

2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule

2009-07-03 16:57 . 2005-03-07 09:05 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe

2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65

2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe

2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

.

 

------- Sigcheck -------

 

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-23 15:51 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-23 15:51 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\drivers\ntfs.sys

 

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Regedit32"="c:\windows\system32\regedit.exe" [bU]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]

"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664]

Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]

backup=c:\windows\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"WinampAgent"="c:\program files\Winamp\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-23 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-braviax - (no file)

HKU-Default-Run-braviax - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com

IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 17:50

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\wisdstr.exe 190730 bytes executable

c:\windows\system32\braviax.exe 11264 bytes executable

 

scan completed successfully

hidden files: 2

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\VESWinlogon.dll

 

- - - - - - - > 'explorer.exe'(7740)

c:\program files\MessengerPlus! 3\MsgPlusLoader.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Glary Utilities\Integrator.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\braviax.exe

.

**************************************************************************

.

Completion time: 2009-08-23 17:59 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-23 15:59

ComboFix2.txt 2009-08-20 21:37

ComboFix3.txt 2009-08-20 10:03

 

Pre-Run: 11 793 776 640 octets libres

Post-Run: 11 755 773 952 octets libres

 

315 --- E O F --- 2009-08-18 12:20

Cube Junior Member

Cube

Posté(e)
  • Auteur
Posté(e)

J'ai installé Online Armor et bloqué les .tmp.

Mais je ne pouvais plus lancer Malbyte tant que Online Armor est activé.

 

Je l'ai donc lancé en mode sans échec.

 

Ci dessous les rapports Malbyte, puis Combofix.

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2551

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

25/08/2009 19:42:00

mbam-log-2009-08-25 (19-42-00).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 182948

Temps écoulé: 2 hour(s), 10 minute(s), 33 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 9

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

ComboFix 09-08-22.06 - Cub 25/08/2009 19:47.8.1 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.311 [GMT 2:00]

Running from: c:\documents and settings\Cub\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Pare-feu Online Armor *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))

.

 

2009-08-25 17:42 . 2009-08-25 17:42 61440 ----a-w- c:\windows\system32\drivers\cbjm.sys

2009-08-25 11:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-25 11:12 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-25 11:12 . 2009-08-25 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-24 15:41 . 2009-08-25 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-08-24 15:41 . 2009-08-24 15:41 -------- d-----w- c:\documents and settings\Cub\Application Data\OnlineArmor

2009-08-24 15:39 . 2009-07-11 03:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys

2009-08-24 15:39 . 2009-07-11 04:04 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys

2009-08-24 15:39 . 2009-07-11 03:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys

2009-08-24 15:39 . 2009-08-24 15:39 -------- d-----w- c:\program files\Tall Emu

2009-08-23 16:01 . 2009-07-13 18:52 380928 ----a-w- c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

2009-08-21 13:56 . 2009-08-21 13:56 189791 ----a-w- c:\windows\system32\wisdstr.VIR

2009-08-20 21:37 . 2009-08-20 21:37 19196 ----a-w- c:\windows\luhihyp.com

2009-08-20 21:37 . 2009-08-20 21:37 19915 ----a-w- c:\documents and settings\LocalService\Application Data\icufegyg.pif

2009-08-20 21:37 . 2009-08-20 21:37 19179 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\pylo.vbs

2009-08-20 21:37 . 2009-08-20 21:37 12738 ----a-w- c:\windows\system32\yreceloru.dat

2009-08-20 21:37 . 2009-08-20 21:37 12695 ----a-w- c:\windows\awis.vbs

2009-08-20 21:37 . 2009-08-20 21:37 12532 ----a-w- c:\windows\puwexahi.bat

2009-08-20 21:37 . 2009-08-20 21:37 12059 ----a-w- c:\windows\system32\omebolyvyq.sys

2009-08-20 21:37 . 2009-08-20 21:37 11794 ----a-w- c:\documents and settings\LocalService\Application Data\anage.exe

2009-08-20 21:36 . 2009-08-20 21:36 -------- d-----w- C:\PC_Antispyware2010

2009-08-19 13:22 . 2009-08-20 09:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 13:22 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-19 13:22 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-19 13:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\program files\Avira

2009-08-19 13:22 . 2009-08-19 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-16 11:34 . 2009-08-16 11:34 -------- d-----w- c:\program files\AxBx

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\MSBuild

2009-08-16 09:21 . 2009-08-16 09:21 -------- d-----w- c:\program files\Reference Assemblies

2009-08-16 09:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-16 09:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-16 09:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-16 09:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-16 09:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-15 12:14 . 2009-08-21 13:40 -------- d-----w- c:\windows\temp01

2009-08-13 19:30 . 2009-08-13 19:30 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-08-13 19:10 . 2009-08-19 13:01 -------- d-----w- c:\program files\Lavasoft

2009-08-13 18:39 . 2009-08-18 12:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-13 18:36 . 2004-08-05 12:00 2944 -c--a-w- c:\windows\system32\dllcache\null.sys

2009-08-13 18:36 . 2004-08-05 12:00 2944 ------w- c:\windows\system32\drivers\null.sys

2009-08-13 17:24 . 2009-08-25 11:13 -------- d-----w- c:\documents and settings\Cub\Application Data\Malwarebytes

2009-08-13 17:23 . 2009-08-25 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-13 10:34 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\vsapi32.dll

2009-08-13 10:34 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\BPMNT.dll

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-13 10:34 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tmcomm.sys

2009-08-13 10:34 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ssapi32.dll

2009-08-13 10:33 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\tsc.exe

2009-08-13 10:33 . 2009-08-13 10:33 183356 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Uninstaller.exe

2009-08-13 10:33 . 2009-08-13 10:33 61440 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\Toolkit.dll

2009-08-13 10:33 . 2009-08-13 10:33 98304 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\getMac.exe

2009-08-13 10:33 . 2009-08-13 10:33 69632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 626688 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcr80.dll

2009-08-13 10:33 . 2009-08-13 10:33 57344 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfcm80u.dll

2009-08-13 10:33 . 2009-08-13 10:33 548864 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcp80.dll

2009-08-13 10:33 . 2009-08-13 10:33 479232 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\msvcm80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1093632 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80.dll

2009-08-13 10:33 . 2009-08-13 10:33 1079808 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\mfc80u.dll

2009-08-13 10:32 . 2009-08-13 10:32 218736 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\patch.exe

2009-08-13 10:32 . 2009-08-13 10:32 189968 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\ciussi32.dll

2009-08-13 10:32 . 2009-08-13 10:32 170512 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\PATCHW32.DLL

2009-08-13 10:32 . 2009-08-13 10:32 1267320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmUpdate.dll

2009-08-13 10:32 . 2009-08-13 10:32 116048 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\TmEngDrv.dll

2009-08-13 10:32 . 2009-08-13 10:32 832776 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\lea.dll

2009-08-13 10:32 . 2009-08-13 10:32 439560 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\jlea.dll

2009-08-13 10:32 . 2009-08-13 10:32 42320 ----a-w- c:\documents and settings\Cub\Application Data\HouseCall 6.6\dsvout.dll

2009-08-13 10:21 . 2009-08-13 10:49 -------- d-----w- c:\documents and settings\Cub\Application Data\HouseCall 6.6

2009-08-12 20:29 . 2009-08-12 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 20:27 . 2009-08-19 13:07 -------- d-----w- c:\documents and settings\Cub\Application Data\SUPERAntiSpyware.com

2009-08-12 20:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 18:41 . 2008-04-14 00:57 32128 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2009-08-02 18:41 . 2008-04-14 00:57 32128 ----a-w- c:\windows\system32\drivers\wceusbsh.sys

2009-08-02 13:21 . 2009-08-20 10:44 -------- d-----w- c:\program files\Championship Manager 01-02

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-25 17:42 . 2009-08-25 17:42 968 ----a-w- c:\program files\vbtoyak.txt

2009-08-25 11:22 . 2008-04-13 19:15 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-24 15:28 . 2005-03-07 09:05 88774 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-24 15:28 . 2005-03-07 09:05 515922 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-20 21:37 . 2009-08-20 21:37 17695 ----a-w- c:\program files\Fichiers communs\nenad.inf

2009-08-20 21:37 . 2009-08-20 21:37 16226 ----a-w- c:\documents and settings\LocalService\Application Data\qozitizari.dat

2009-08-20 21:37 . 2009-08-20 21:37 12435 ----a-w- c:\documents and settings\All Users\Application Data\umeg.vbs

2009-08-20 20:55 . 2005-09-10 13:43 75376 ----a-w- c:\documents and settings\Cub\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-20 17:58 . 2005-09-10 14:19 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-20 10:46 . 2005-03-08 08:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 13:09 . 2007-11-05 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 13:01 . 2007-11-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-18 12:24 . 2008-03-17 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO

2009-08-18 12:24 . 2007-12-06 13:48 -------- d-----w- c:\program files\Yahoo!

2009-08-18 12:20 . 2008-10-08 19:05 -------- d-----w- c:\program files\OpenTTD

2009-08-17 18:00 . 2009-08-17 18:00 2048 ----a-w- c:\program files\lmggrq.txt

2009-08-12 20:10 . 2007-04-22 17:29 -------- d-----w- c:\documents and settings\Cub\Application Data\Azureus

2009-08-10 13:57 . 2007-04-22 17:29 -------- d-----w- c:\program files\Azureus

2009-08-05 09:00 . 2005-03-07 09:05 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:03 . 2005-03-07 09:04 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2005-03-07 09:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 12:21 . 2008-09-03 08:25 -------- d-----w- c:\program files\Free FLV Converter

2009-07-08 12:12 . 2005-09-10 14:42 -------- d-----w- c:\program files\eMule

2009-07-03 16:57 . 2005-03-07 09:05 915456 ------w- c:\windows\system32\wininet.dll

2009-07-02 22:42 . 2009-07-02 22:42 52736 ----a-w- c:\windows\ipuninst.exe

2009-06-29 12:11 . 2006-06-22 22:29 -------- d-----w- c:\program files\DOSBox-0.65

2009-06-24 19:02 . 2008-09-03 08:26 299008 ----a-w- c:\windows\system32\TubeFinder.exe

2009-06-16 14:40 . 2005-03-07 09:05 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2005-03-07 09:04 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:44 . 2005-03-07 09:05 78848 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:14 . 2005-03-07 09:04 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:21 . 2005-03-07 17:17 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2005-03-07 09:05 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2005-03-07 09:05 1297408 ----a-w- c:\windows\system32\quartz.dll

2006-05-06 16:42 . 2006-10-01 08:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

.

 

------- Sigcheck -------

 

 

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys

[7] 2004-08-05 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS

[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-25 11:22 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-25 11:22 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\system32\drivers\ntfs.sys

 

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot_2009-08-20_21.28.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-03-07 09:05 . 2009-08-24 15:28 72962 c:\windows\system32\perfc009.dat

+ 2005-03-07 09:05 . 2009-08-24 15:28 444234 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 225280]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-07-05 190024]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-07 180269]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]

"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664]

Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-3-24 778240]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 11:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]

backup=c:\windows\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"WinampAgent"="c:\program files\Winamp\winampa.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [24/08/2009 17:39 200784]

S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [24/08/2009 17:39 24656]

S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [24/08/2009 17:39 29776]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [12/10/2004 05:47 98304]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 15:22 108289]

S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [24/08/2009 17:39 362184]

S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [12/10/2004 04:40 118784]

S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [24/08/2009 17:39 3142344]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16/06/2007 16:37 19034]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-25 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-04-09 20:01]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

FF - ProfilePath - c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\Cub\Application Data\Mozilla\Firefox\Profiles\wsebb2ff.Utilisateur par défaut\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-25 19:59

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1982833410-1739476970-98387861-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(236)

c:\windows\system32\VESWinlogon.dll

.

Completion time: 2009-08-25 20:06

ComboFix-quarantined-files.txt 2009-08-25 18:05

ComboFix2.txt 2009-08-23 15:59

ComboFix3.txt 2009-08-20 21:37

ComboFix4.txt 2009-08-20 10:03

 

Pre-Run: 11 550 556 160 octets libres

Post-Run: 11 575 787 520 octets libres

 

285 --- E O F --- 2009-08-18 12:20

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)
Mais je ne pouvais plus lancer Malbyte tant que Online Armor est activé.

 

Je l'ai donc lancé en mode sans échec.

Pas normal, il faut autoriser MBAM, ou alors, c'est une infection qui le bloque.

 

Bloquer les .TMP empêchera l'infection de régénérer trop facilement, héhé.

 

Ok, on continue, on va devoir réparer des choses.

 

1) Télécharge le fichier repar.zip ici :

http://senduit.com/af728d

 

Télécharge le fichier CFscriptCube2.txt ici :

http://senduit.com/c6f102

 

2) Dézippe le fichier repar.zip (de préférence dans un dossier) il contient deux fichiers système à réparer et un fichier repar.bat.

Double clique sur le fichier repar.bat : il doit t'afficher plusieurs copies de fichiers, et ensuite demander d'appuyer sur une touche. Ca doit marquer plusieurs fois "1 fichier(s) copié(s)" et ça ferme tout seul après avoir demandé à appuyer sur une touche : normal.

 

Passe vite après à la suite, même si windows met des messages désagréables.

 

3) Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Fais un glisser/déposer du fichier CFscriptCube2 sur l'icône de combofix comme sur cet exemple :

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Combofix va faire redémarrer la machine, et te faire le rapport.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...