Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

fast browser search et igraal

greemlins

Par greemlins
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e)

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Folder::

Driver::

gtermddo.sys

File::

c:\program files\Bonjour

c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys

c:\documents and settings\Jean Michel\Application Data\QUAD Utilities

c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit

Firefox::

FF -: ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\

FF -: prefs.js: browser.search.defaulturl -

FF -: prefs.js: browser.search.selectedEngine -

FF -: prefs.js: keyword.URL -

Fcopy::

Rootkit::

Registry::

greemlins Member

greemlins

Posté(e)
  • Auteur
Posté(e)

rapport combo: j'en peux plus de ce rootkit....

 

ComboFix 10-01-20.06 - Jean Michel 24/01/2010 19:42:55.9.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.668 [GMT 1:00]

Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 

FILE ::

"c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys"

"c:\documents and settings\Jean Michel\Application Data\QUAD Utilities"

"c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit"

"c:\program files\Bonjour"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://armmf.adobe.com

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-24 au 2010-01-24 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- C:\tdsskiller

2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer

2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX

2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET

2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll

2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll

2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll

2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll

2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll

2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java

2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll

2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll

2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll

2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll

2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover

2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD

2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira

2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner

2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET

2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan

2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET

2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path

2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP

2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner

2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData

2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation

2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application

2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat

2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software

2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll

2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent

2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP

2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe

2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP

2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi

2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll

2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp

2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate

2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard

2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe

2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft

2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab

2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab

2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun

2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal

2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel

2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel

2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities

2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate

2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs

2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids

2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit

2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft

2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft

2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue

2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite

2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-24 18:47 . 2004-08-10 12:00 585390 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-24 18:47 . 2004-08-10 12:00 124776 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-24 16:39 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour

2010-01-24 00:20 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc

2010-01-23 18:53 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache

2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM

2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java

2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss

2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com

2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works

2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information

2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-22 05:09 . 2006-03-04 03:35 671232 ------w- c:\windows\system32\wininet.dll

2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll

2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER

2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe

2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe

2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser

2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA

2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC

2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer

2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2

2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live

2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer

2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot

2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft

2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live

2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf

2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes

2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod

2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime

2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update

2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS

2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-01-23_12.34.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-24 18:49 . 2010-01-24 18:49 16384 c:\windows\temp\Perflib_Perfdata_468.dat

+ 2004-08-10 12:00 . 2010-01-24 18:47 492176 c:\windows\system32\perfh009.dat

+ 2004-08-10 12:00 . 2010-01-24 18:47 102106 c:\windows\system32\perfc009.dat

+ 2006-03-04 03:35 . 2009-12-22 05:09 671232 c:\windows\system32\dllcache\wininet.dll

- 2006-03-04 03:35 . 2009-10-29 05:25 671232 c:\windows\system32\dllcache\wininet.dll

+ 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\mshtml.dll

+ 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\dllcache\mshtml.dll

+ 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\system32\dllcache\explorer.exe

+ 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520]

"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\lxdrcoms.exe"=

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

 

R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]

S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408]

S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289]

S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

Trusted Zone: mappy.com

Trusted Zone: orange.fr

Trusted Zone: voila.fr\rw.search.ke

Trusted Zone: weborama.fr\orange

FF - ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={A089A227-7EF1-C52E-39D8-DDA53E68E3DF}&q=

FF - component: c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-24 19:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28

\Driver\ACPI -> ACPI.sys @ 0xf7474cb8

\Driver\atapi -> atapi.sys @ 0xf73f4852

\Driver\iaStor -> 0x865e7150

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0

PacketIndicateHandler -> NDIS.sys @ 0xf721ba21

SendHandler -> NDIS.sys @ 0xf71f987b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a,

a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}]

@Denied: (Full) (Everyone)

"Model"=dword:00000130

"Therad"=dword:00000020

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1268)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'lsass.exe'(1444)

c:\windows\system32\scecli.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(3132)

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\igfxsrvc.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdrcoms.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2010-01-24 19:53:30 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-24 18:53

ComboFix2.txt 2010-01-24 16:44

ComboFix3.txt 2010-01-23 15:06

ComboFix4.txt 2010-01-23 14:29

ComboFix5.txt 2010-01-24 18:37

 

Avant-CF: 24 709 160 960 octets libres

Après-CF: 24 675 151 872 octets libres

 

- - End Of File - - CC0E7730E9FB4C4AC118081EDEF0CB08

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

 

Il y a quelque chose d'anormal.

J'ai demandé de l'aide.

 

En attendant, relancez la dernière procédure en mode sans échec, svp.

 

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Driver::

gtermddo.sys

File::

c:\program files\Bonjour

c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys

c:\documents and settings\Jean Michel\Application Data\QUAD Utilities

c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit

Firefox::

FF -: ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\

FF -: prefs.js: browser.search.defaulturl -

FF -: prefs.js: browser.search.selectedEngine -

FF -: prefs.js: keyword.URL -

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

greemlins Member

greemlins

Posté(e)
  • Auteur
Posté(e)

ComboFix 10-01-20.06 - Jean Michel 24/01/2010 21:44:38.10.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.669 [GMT 1:00]

Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 

FILE ::

"c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys"

"c:\documents and settings\Jean Michel\Application Data\QUAD Utilities"

"c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit"

"c:\program files\Bonjour"

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-24 au 2010-01-24 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- C:\tdsskiller

2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer

2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX

2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET

2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll

2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll

2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll

2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll

2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll

2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java

2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll

2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll

2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll

2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll

2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover

2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD

2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira

2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner

2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET

2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan

2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET

2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path

2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP

2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner

2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData

2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation

2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application

2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat

2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software

2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll

2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent

2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP

2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe

2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP

2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi

2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll

2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll

2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp

2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate

2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard

2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe

2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft

2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab

2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab

2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun

2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal

2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel

2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel

2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities

2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate

2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs

2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids

2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit

2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft

2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft

2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue

2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite

2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-24 20:31 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache

2010-01-24 18:47 . 2004-08-10 12:00 585390 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-24 18:47 . 2004-08-10 12:00 124776 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-24 16:39 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour

2010-01-24 00:20 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc

2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM

2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java

2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss

2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com

2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works

2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information

2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-22 05:09 . 2006-03-04 03:35 671232 ------w- c:\windows\system32\wininet.dll

2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll

2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER

2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe

2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe

2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser

2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA

2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC

2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer

2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2

2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live

2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer

2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot

2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft

2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live

2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf

2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes

2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod

2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime

2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update

2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS

2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-01-23_12.34.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-24 20:50 . 2010-01-24 20:50 16384 c:\windows\temp\Perflib_Perfdata_318.dat

+ 2004-08-10 12:00 . 2010-01-24 18:47 492176 c:\windows\system32\perfh009.dat

+ 2004-08-10 12:00 . 2010-01-24 18:47 102106 c:\windows\system32\perfc009.dat

+ 2006-03-04 03:35 . 2009-12-22 05:09 671232 c:\windows\system32\dllcache\wininet.dll

- 2006-03-04 03:35 . 2009-10-29 05:25 671232 c:\windows\system32\dllcache\wininet.dll

+ 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\mshtml.dll

+ 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\dllcache\mshtml.dll

+ 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\system32\dllcache\explorer.exe

+ 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520]

"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\lxdrcoms.exe"=

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

 

R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]

S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408]

S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289]

S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.fr/

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

Trusted Zone: mappy.com

Trusted Zone: orange.fr

Trusted Zone: voila.fr\rw.search.ke

Trusted Zone: weborama.fr\orange

FF - ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={A089A227-7EF1-C52E-39D8-DDA53E68E3DF}&q=

FF - component: c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-24 21:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28

\Driver\ACPI -> ACPI.sys @ 0xf7474cb8

\Driver\atapi -> atapi.sys @ 0xf73f4852

\Driver\iaStor -> 0x865e7150

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf720fbd4

PacketIndicateHandler -> NDIS.sys @ 0xf71fda0d

SendHandler -> NDIS.sys @ 0xf7211b40

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a,

a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}]

@Denied: (Full) (Everyone)

"Model"=dword:00000130

"Therad"=dword:00000020

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1452)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'lsass.exe'(1540)

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(2024)

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdrcoms.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Heure de fin: 2010-01-24 21:55:22 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-24 20:55

ComboFix2.txt 2010-01-24 18:53

ComboFix3.txt 2010-01-24 16:44

ComboFix4.txt 2010-01-23 15:06

ComboFix5.txt 2010-01-24 20:39

 

Avant-CF: 25 226 555 392 octets libres

Après-CF: 25 193 287 680 octets libres

 

- - End Of File - - F9FA3A3392CDC68F3AEDEF64FA0FA6FF

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Bonjour à vous deux :P

 

Pear m'a demandé de jeté un oeil et je préfère poster ici directement, vu une situation particulière :

 

ComboFix vient tout juste d'être retiré car il y a un problème à résoudre avec la toute nouvelle version.

 

greemlins : normalement, ComboFix aurait dû te demander de télécharger une version à jour lors de son lancement. Heureusement que tu ne l'as pas prise et il faudra attendre une nouvelle version avant de poursuivre, la version courante (plus récente que celle que tu as présentement) n'étant plus disponible, temporairement. Ne repasse pas ComboFix avant d'avoir le feu vert ici.

 

Il y a un backdoor toujours présent sur la machine, mais ce n'est pas lui qui cause ces soucis pour la détection du supposé rootkit ; les responsables sont Alcohol et Daemon Tools Lite. Prière de les désinstaller. Tu pourras les réinstaller ultérieurement.

 

La suite bientôt

 

Merci :P

 

Mark

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

A deux reprises Combofix n'a pas modifié ceci:

prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=

prefs.js: browser.search.selectedEngine - Fast Browser Search

prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={A089A227-7EF1-C52E-39D8-DDA53E68E3DF}&q=

 

Je vous suggère de la faire à la main.

Dans la barre d'adresse de Firefox, tapez about:config

validez l'avertissement

déroulez jusqu'à ceslignes et clic droit "Réinitialiser"

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...