Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[RESOLU] Infecté par XP security center

FOIN

Par FOIN
dans Analyses et éradication malwares

 Partager

Messages recommandés

FOIN Member

FOIN

Posté(e)
  • Auteur
Posté(e)
Vire panpan.exe, je vais le renommer moi-même avec une autre extension; l'icône sera donc différente.

Si tu ne sais pas arrêter le résident Avast, désinstalle-le, je voulais de toute façon te le faire remplacer un peu plus tard.

 

Je re.

 

@++

 

En fait je voudrais bien le désinstaller mais je ne peux pas accéder à ajout/suppression de programme dans le panneau de configuration.

De plus quand j'essaye de terminer les processus d'Avast via le gestionnaire des tâches l'accès m'est refusé.

 

Je pensais que peut être rkill pourrait l'arrêter j'ai cru comprendre qu'il désactivait ou stoppait les logiciels en route.

Enfin en même temps c'est juste ce que j'ai pu deviner car je ne m'y connais pas.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Télécharge ComboFix renommé en panpan.com ici: http://senduit.com/e6bf47 et enregistre-le sur le bureau (et pas ailleurs).

 

Suis alors rigoureusement les instructions données plus haut pour ComboFix.

 

Si tu ne peux pas désactiver Avast, lance ComboFix en mode sans échec: http://www.vista-xp.fr/forum/topic93.html

 

@++

FOIN Member

FOIN

Posté(e)
  • Auteur
Posté(e) (modifié)

Je suis en mode sans echec et après avoir accepté (cliqué sur "oui") aux limitations de garantie, j'ai un message me disant qu'Avast est actif et qu'il faut que je le désactive avant de cliquer sur "ok".

 

Que faire ?

 

edit: J'ai désactivé Avast via le gestionnaire des processus (enfin je pense)

processus aaw(quelque chose)

Est-ce bon ? Puis-je continuer ?

Modifié par FOIN
Apollo Devil Member !

Apollo

Posté(e)
Posté(e) (modifié)

Passe outre, sinon on n'en sortira jamais :P

On installera la console de récupération plus tard.

 

@++

 

EDIT: oui c'est ok.

Modifié par Apollo
FOIN Member

FOIN

Posté(e)
  • Auteur
Posté(e)

Ok combofix m'a demandé de redémarrer donc je me suis retrouvé en mode normal (impossible de désactiver Avast).

J'ai téléchargé les mises à jour combofix puis j'ai du redémarrer l'ordinateur pour combofix à nouveau. malgré 3-4 messages identiques aux précédents j'en suis à l'installation de la console de récupération de Microsoft Windows.

FOIN Member

FOIN

Posté(e)
  • Auteur
Posté(e)

Ok j'ai enfin un rapport !

 

Rapport combofix :

 

ComboFix 10-03-20.04 - Morgane 21/03/2010 11:53:50.1.2 - x86

Micro
s
oft Window
s
XP
É
dition familiale 5.1.2600.2.1252.33.1036.18.1022.542 [GMT 1:00]

Lanc
é
depui
s
: c:\document
s
and
s
etting
s
\Admini
s
trateur\Bureau\panpan.com

AV: ava
s
t! antiviru
s
4.8.1351 [VP
S
100320-1] *On-acce
s
s
s
canning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((((((((((((((((((((((( Autre
s
s
uppre
s
s
ion
s
))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Micro
s
oft\Window
s
Defender\M
S
A
S
Cui.exe

c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\vma.exe

c:\document
s
and
s
etting
s
\David\Application Data\Do
s
s
ier de t
é
l
é
chargement
S
hare-to-Web

c:\document
s
and
s
etting
s
\Jo
s
ette\Application Data\Do
s
s
ier de t
é
l
é
chargement
S
hare-to-Web

c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Do
s
s
ier de t
é
l
é
chargement
S
hare-to-Web

c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\ave.exe

c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\M
S
A
S
Cui.exe

c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\vma.exe

c:\document
s
and
s
etting
s
\Morgane.HENRIO\oa
s
hdiha
s
idha
s
uidhia
s
dhia
s
hdiua
s
dha
s
d

c:\document
s
and
s
etting
s
\Olivier.HENRIO\Application Data\Do
s
s
ier de t
é
l
é
chargement
S
hare-to-Web

c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\Do
s
s
ier de t
é
l
é
chargement
S
hare-to-Web

c:\window
s
\
s
y
s
tem32\config\
s
y
s
temprofile\oa
s
hdiha
s
idha
s
uidhia
s
dhia
s
hdiua
s
dha
s
d

c:\window
s
\
s
y
s
tem32\config\
s
y
s
temprofile\wuaucldt.exe

c:\window
s
\
s
y
s
tem32\
S
Intf16.dll

c:\window
s
\
s
y
s
tem32\unin
s
tall.exe

c:\window
s
\
s
y
s
tem32\wuaucldt.exe

 

c:\window
s
\
s
y
s
tem32\driver
s
\cdrom.
s
y
s
é
tait ab
s
ent

Copie re
s
taur
é
e
à
partir de - c:\
s
y
s
tem volume information\_re
s
tore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP911\A0189695.
s
y
s

 

.

((((((((((((((((((((((((((((( Fichier
s
cr
é
é
s
du 2010-02-21 au 2010-03-21 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-21 10:59 . 2004-08-05 12:00 49536 -c--a-w- c:\window
s
\
s
y
s
tem32\dllcache\cdrom.
s
y
s

2010-03-21 10:59 . 2004-08-05 12:00 49536 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\cdrom.
s
y
s

2010-03-21 10:36 . 2010-03-21 10:46 -------- d-----w- C:\panpan

2010-03-21 09:06 . 2010-03-21 09:06 -------- d-----w- C:\_OTM

2010-03-21 07:38 . 2010-03-21 07:38 -------- d-----w- C:\r
s
it

2010-03-21 07:38 . 2010-03-21 07:38 -------- d-----w- c:\program file
s
\trend micro

2010-03-20 23:25 . 2010-03-20 23:25 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Malwarebyte
s

2010-03-20 23:24 . 2010-01-07 15:07 38224 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\mbam
s
wi
s
s
army.
s
y
s

2010-03-20 23:24 . 2010-03-20 23:24 -------- d-----w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Malwarebyte
s

2010-03-20 23:24 . 2010-03-20 23:24 -------- d-----w- c:\program file
s
\Malwarebyte
s
' Anti-Malware

2010-03-20 23:24 . 2010-01-07 15:07 19160 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\mbam.
s
y
s

2010-03-20 00:00 . 2010-03-20 00:47 -------- d-----w- c:\program file
s
\ZHPDiag

2010-03-19 23:07 . 2010-03-19 23:07 -------- d-----w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG

2010-03-19 23:07 . 2010-03-19 23:07 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\avG

2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\window
s
\
s
y
s
tem32\xfcodec.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 08:30 . 2010-03-21 08:30 8 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\ja
s
ltw.dat

2010-03-19 23:56 . 2010-03-19 23:56 8 ----a-w- c:\document
s
and
s
etting
s
\Networ
k
S
ervice\Application Data\ja
s
ltw.dat

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\vma.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\M
S
A
S
Cui.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\ave.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\av.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Micro
s
oft\Window
s
Defender\vma.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Micro
s
oft\Window
s
Defender\ave.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Micro
s
oft\Window
s
Defender\av.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\M
S
A
S
Cui.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\M
S
A
S
Cui.exe

2010-03-19 22:54 . 2010-03-19 22:54 8 ----a-w- c:\window
s
\
s
y
s
tem32\config\
s
y
s
temprofile\Application Data\ja
s
ltw.dat

2010-03-19 19:46 . 2009-07-23 19:25 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Winamp

2010-03-17 19:30 . 2007-01-19 17:50 60342 ----a-w- c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\w
k
lnh
s
t.dat

2010-03-15 20:16 . 2009-04-04 21:14 -------- d-----w- c:\document
s
and
s
etting
s
\David\Application Data\Xfire

2010-03-12 16:19 . 2009-04-04 21:14 -------- d-----w- c:\program file
s
\Xfire

2010-03-10 00:06 . 2009-07-14 12:08 -------- d-----w- c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\Xfire

2010-03-07 17:08 . 2009-06-19 19:17 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Xfire

2010-03-01 18:40 . 2007-01-19 17:46 93576 ----a-w- c:\document
s
and
s
etting
s
\Pa
s
cal\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-24 14:12 . 2007-05-03 16:46 16742 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\w
k
lnh
s
t.dat

2010-02-20 22:52 . 2007-03-19 18:01 93576 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-20 18:33 . 2009-05-02 20:22 -------- d-----w- c:\program file
s
\Me
s
s
enger Plu
s
! Live

2010-02-17 18:28 . 2010-02-17 18:28 -------- d-----w- c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\Micro
s
oft Web Folder
s

2010-02-17 02:59 . 2009-12-05 20:45 22328 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\Pn
k
B
s
tr
K
.
s
y
s

2010-02-17 02:59 . 2009-11-27 15:51 107832 ----a-w- c:\window
s
\
s
y
s
tem32\Pn
k
B
s
trB.exe

2010-02-13 23:11 . 2008-08-01 15:59 -------- d-----w- c:\program file
s
\Window
s
Live

2010-02-13 23:01 . 2007-03-16 18:30 85864 ----a-w- c:\document
s
and
s
etting
s
\David\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-09 17:03 . 2009-06-26 18:58 413696 ----a-w- c:\window
s
\
s
y
s
tem32\wrap_oal.dll

2010-02-09 17:03 . 2009-06-26 18:58 110592 ----a-w- c:\window
s
\
s
y
s
tem32\OpenAL32.dll

2010-02-09 16:32 . 2010-01-23 12:08 -------- d-----w- c:\program file
s
\AGEIA Technologie
s

2010-02-09 16:31 . 2007-07-18 21:30 -------- d-----w- c:\program file
s
\Fichier
s
commun
s
\Wi
s
e In
s
tallation Wizard

2010-02-03 14:33 . 2010-02-03 12:12 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\GetRightToGo

2010-02-03 14:32 . 2010-02-03 14:32 -------- d-----w- c:\program file
s
\OpenAL

2010-02-02 17:22 . 2010-02-02 17:22 -------- d-----w- c:\program file
s
\M
S
ECache

2010-02-02 11:20 . 2007-10-07 14:16 -------- d-----w- c:\program file
s
\Guitar Pro 5

2010-02-02 11:16 . 2007-03-09 20:08 81936 ----a-w- c:\document
s
and
s
etting
s
\Olivier.HENRIO\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-01 22:22 . 2009-11-27 16:20 179264 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\ba
s
eq3\uix86.dll

2010-02-01 22:22 . 2009-11-27 16:20 367680 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\ba
s
eq3\cgamex86.dll

2010-02-01 21:24 . 2009-11-27 16:20 887856 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\pb\pbcl.dll

2010-02-01 21:24 . 2009-11-27 16:20 57344 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\pb\pbag.dll

2010-02-01 21:24 . 2009-11-27 16:19 2407488 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\ba
s
eq3\qua
k
elive.dll

2010-01-31 19:32 . 2005-10-19 13:08 -------- d--h--w- c:\program file
s
\In
s
tall
S
hield In
s
tallation Information

2010-01-31 19:31 . 2007-03-11 20:12 -------- d-----w- c:\program file
s
\Wanadoo

2010-01-31 19:23 . 2009-04-20 15:03 -------- d-----w- c:\program file
s
\
S
ingle
s

2010-01-31 19:16 . 2006-02-17 12:58 -------- d-----w- c:\program file
s
\Home Cinema

2010-01-31 19:11 . 2007-04-13 16:44 -------- d-----w- c:\program file
s
\Filzip

2010-01-31 19:04 . 2008-12-17 19:04 -------- d-----w- c:\program file
s
\Micro
s
oft

2010-01-26 17:51 . 2010-01-19 15:58 -------- d-----w- c:\document
s
and
s
etting
s
\Olivier.HENRIO\Application Data\Xfire

2010-01-24 15:56 . 2010-01-24 15:56 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane\Application Data\
S
EGA

2010-01-23 13:10 . 2010-01-23 13:10 278728 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\at
k
s
gt.
s
y
s

2010-01-23 13:10 . 2010-01-23 13:10 25416 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\lir
s
gt.
s
y
s

2010-01-22 16:16 . 2010-01-22 16:11 -------- d-----w- c:\document
s
and
s
etting
s
\David\Application Data\Winamp

2010-01-18 16:37 . 2009-06-02 17:39 32619 ----a-w- c:\window
s
\DIIUnin.dat

2010-01-03 16:30 . 2010-01-03 16:23 68300 ----a-w- c:\window
s
\hpoin
s
05.dat

2009-12-21 19:07 . 2005-10-19 20:41 916480 ----a-w- c:\window
s
\
s
y
s
tem32\wininet.dll

2004-08-05 12:00 . 2005-10-19 20:41 94864 --
s
h--w- c:\window
s
\twain.dll

2004-08-05 12:00 . 2005-10-19 20:41 50688 --
s
h--w- c:\window
s
\twain_32.dll

2005-11-04 12:00 . 2005-11-04 11:59 56 --
s
h--r- c:\window
s
\
s
y
s
tem32\07E9BADCB3.
s
y
s

2005-10-19 19:19 . 2005-10-19 19:19 8 --
s
h--r- c:\window
s
\
s
y
s
tem32\CFE20AE075.
s
y
s

2008-10-24 10:23 . 2008-10-24 10:23 56 --
s
h--r- c:\window
s
\
s
y
s
tem32\EF8D87EC2B.
s
y
s

2008-10-24 10:23 . 2005-10-19 19:19 9812 --
s
ha-w- c:\window
s
\
s
y
s
tem32\
K
GyGaAvL.
s
y
s

2004-08-05 12:00 . 2005-10-19 20:41 1028096 --
s
h--w- c:\window
s
\
s
y
s
tem32\mfc42.dll

2004-08-05 12:00 . 2005-10-19 20:41 54784 --
s
h--w- c:\window
s
\
s
y
s
tem32\m
s
vcirt.dll

2004-08-05 12:00 . 2005-10-19 20:41 343040 --
s
h--w- c:\window
s
\
s
y
s
tem32\m
s
vcrt.dll

2007-12-04 18:41 . 2005-10-19 20:41 550912 --
s
h--w- c:\window
s
\
s
y
s
tem32\oleaut32.dll

2004-08-05 12:00 . 2005-10-19 20:41 83456 --
s
h--w- c:\window
s
\
s
y
s
tem32\olepro32.dll

2004-08-05 12:00 . 2005-10-19 20:41 12288 --
s
h--w- c:\window
s
\
s
y
s
tem32\reg
s
vr32.exe

.

 

((((((((((((((((((((((((((((((((( Point
s
de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* le
s
é
l
é
ment
s
vide
s
& le
s
é
l
é
ment
s
initiaux l
é
gitime
s
ne
s
ont pa
s
li
s
t
é
s

REGEDIT4

 

[H
K
EY_CURRENT_U
S
ER\
S
OFTWARE\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"DAEMON Tool
s
Lite"="c:\program file
s
\DAEMON Tool
s
Lite\daemon.exe" [2008-04-01 486856]

"WMPN
S
CFG"="c:\program file
s
\Window
s
Media Player\WMPN
S
CFG.exe" [2006-11-03 204288]

 

[H
K
EY_LOCAL_MACHINE\
S
OFTWARE\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"IMJPMIG8.1"="c:\window
s
\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"M
S
PY2002"="c:\window
s
\
s
y
s
tem32\IME\PINTLGNT\Im
S
cIn
s
t.exe" [2004-08-05 59392]

"PHIME2002A
S
ync"="c:\window
s
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\window
s
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE" [2004-08-05 455168]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"NvCplDaemon"="c:\window
s
\
s
y
s
tem32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"CmUCRRun"="c:\window
s
\
s
y
s
tem32\CmUCReye.exe" [2005-10-12 241664]

"CHot
k
ey"="mHot
k
ey.exe" [2004-12-08 550912]

"ledpointer"="CNYH
K
ey.exe" [2005-11-10 5585408]

"
S
howwnd"="
s
howwnd.exe" [2003-09-18 36864]

"NeroFilterChec
k
"="c:\window
s
\
s
y
s
tem32\NeroChec
k
.exe" [2001-07-09 155648]

"PCM
S
ervice"="c:\program file
s
\Home Cinema\PowerCinema\PCM
S
ervice.exe" [2006-02-09 143360]

"In
s
tantOn"="c:\program file
s
\CyberLin
k
\PowerCinema Linux\ion_in
s
tall.exe" [2005-09-22 93640]

"Micro
s
oft Wor
k
s
Update Detection"="c:\program file
s
\Fichier
s
commun
s
\Micro
s
oft
S
hared\Wor
k
s
S
hared\W
k
UFind.exe" [2002-07-18 28672]

"
S
hare-to-Web Name
s
pace Daemon"="c:\program file
s
\Hewlett-Pac
k
ard\HP
S
hare-to-Web\hpg
s
2wnd.exe" [2001-07-03 57344]

"VirtualCloneDrive"="c:\program file
s
\Elaborate Byte
s
\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]

"Quic
k
Time Ta
s
k
"="c:\program file
s
\Quic
k
Time\qtta
s
k
.exe" [2005-11-04 155648]

"ava
s
t!"="c:\progra~1\ALWIL
S
~1\Ava
s
t4\a
s
hDi
s
p.exe" [2009-08-17 81000]

"LogitechCommunication
s
Manager"="c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LComMgr\Communication
s
_Helper.exe" [2007-10-25 563984]

"LogitechQuic
k
CamRibbon"="c:\program file
s
\Logitech\Quic
k
Cam\Quic
k
cam.exe" [2007-10-25 2178832]

"WinampAgent"="c:\program file
s
\Winamp\winampa.exe" [2009-07-01 37888]

 

[H
K
EY_U
S
ER
S
\.DEFAULT\
S
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"CTFMON.EXE"="c:\window
s
\
s
y
s
tem32\CTFMON.EXE" [2004-08-05 15360]

 

c:\document
s
and
s
etting
s
\Morgane.HENRIO\Menu D
marrer\Programme
s
\D
marrage\

s
y
s
pc
k
32.exe [2004-8-5 16896]

 

c:\document
s
and
s
etting
s
\All U
s
er
s
\Menu D
marrer\Programme
s
\D
marrage\

HPAiODevice(hp p
s
c 700
s
erie
s
) - 1.ln
k
- c:\program file
s
\Hewlett-Pac
k
ard\AiO\hp p
s
c 700
s
erie
s
\Bin\hpobrt07.exe [2002-4-24 487484]

HPAiODevice(hp p
s
c 700
s
erie
s
) - 2.ln
k
- c:\program file
s
\Hewlett-Pac
k
ard\AiO\hp p
s
c 700
s
erie
s
\Bin\hpobrt07.exe [2002-4-24 487484]

Lancement rapide d'Adobe Reader.ln
k
- c:\program file
s
\Adobe\Acrobat 7.0\Reader\reader_
s
l.exe [2005-9-23 29696]

Micro
s
oft Office.ln
k
- c:\program file
s
\Micro
s
oft Office\Office10\O
S
A.EXE [2001-2-13 83360]

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\CurrentControl
S
et\Control\
S
afeBoot\Minimal\aaw
s
ervice]

@="
S
ervice"

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
ecurity center]

"AntiViru
s
Override"=dword:00000001

"FirewallOverride"=dword:00000001

 

[H
K
LM\~\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile]

"EnableFirewall"= 0 (0x0)

"Di
s
ableNotification
s
"= 1 (0x1)

 

[H
K
LM\~\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile\AuthorizedApplication
s
\Li
s
t]

"c:\\WINDOW
S
\\
s
y
s
tem32\\
s
e
s
s
mgr.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\fx
s
clnt.exe"=

"d:\\Game
s
\\QUA
K
E III ARENA\\qua
k
e3.exe"=

"d:\\eMule\\emule.exe"=

"c:\\Program File
s
\\Me
s
s
enger\\m
s
m
s
g
s
.exe"=

"c:\\Program File
s
\\EA GAME
S
\\Battlefield 2\\BF2.exe"=

"d:\\Game
s
\\Titan Que
s
t\\Titan Que
s
t.exe"=

"d:\\Game
s
\\Titan Que
s
t Immortal Throne\\Tqit.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\dpv
s
etup.exe"=

"%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe"=

"d:\\Game
s
\\Call of duty\\CoDMP.exe"=

"d:\\Game
s
\\FEAR\\FEAR.exe"=

"d:\\Game
s
\\FEAR\\FEARMP.exe"=

"d:\\Game
s
\\Call of duty\\CoDUOMP.exe"=

"d:\\Game
s
\\FEAR COMBAT\\fpupdate.exe"=

"d:\\Game
s
\\FEAR COMBAT\\FEARMP.exe"=

"d:\\Game
s
\\Heroe
s
II\\HEROE
S
2W.EXE"=

"d:\\Game
s
\\3DO\\Heroe
s
II Gold\\HEROE
S
2W.EXE"=

"d:\\Game
s
\\FlatOut2\\FlatOut2.exe"=

"c:\\Program File
s
\\Activi
s
ion\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"d:\\Game
s
\\
S
hadow Warrior\\
S
W.EXE"=

"c:\\DU
K
E3D\\DU
K
E3D.EXE"=

"c:\\Program File
s
\\Xfire\\Xfire.exe"=

"c:\\Program File
s
\\Mozilla Firefox\\firefox.exe"=

"c:\\Program File
s
\\F
S
Ver
s
ion 5 BETA\\FiLoU
S
cRiPt V5.exe"=

"c:\\Temp\\HP_WebRelea
s
e\\
S
etup\\HPZnet01.exe"=

"c:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe"=

"c:\\Program File
s
\\Window
s
Live\\
S
ync\\Window
s
Live
S
ync.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\Pn
k
B
s
trA.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\Pn
k
B
s
trB.exe"=

"c:\\Program File
s
\\
S
k
ype\\Phone\\
S
k
ype.exe"=

"d:\\
S
team\\
S
team.exe"=

"d:\\Game
s
\\
S
ilverfall\\
S
ilverfall.exe"=

"d:\\Game
s
\\Deep
S
ilver\\
S
acred2\\
s
y
s
tem\\
s
2g
s
.exe"=

"d:\\Game
s
\\Deep
S
ilver\\
S
acred2\\
s
y
s
tem\\
s
acred2.exe"=

"d:\\
S
team\\
s
teamapp
s
\\common\\
k
illingfloor\\
S
y
s
tem\\
K
illingFloor.exe"=

 

R0
s
ptd;
s
ptd;c:\window
s
\
s
y
s
tem32\driver
s
\
s
ptd.
s
y
s
[10/08/2007 10:25 717296]

R1 a
s
w
S
P;ava
s
t!
S
elf Protection;c:\window
s
\
s
y
s
tem32\driver
s
\a
s
w
S
P.
s
y
s
[17/06/2008 01:10 114768]

R2 a
s
wF
s
Bl
k
;a
s
wF
s
Bl
k
;c:\window
s
\
s
y
s
tem32\driver
s
\a
s
wF
s
Bl
k
.
s
y
s
[17/06/2008 01:10 20560]

R3 3xHybrid;3xHybrid
s
ervice;c:\window
s
\
s
y
s
tem32\driver
s
\3xHybrid.
s
y
s
[18/10/2005 14:01 826752]

R3 CMI
S
TOR;CMIUCR.
S
Y
S
CM220 Card Reader Driver;c:\window
s
\
s
y
s
tem32\driver
s
\cmiucr.
S
Y
S
[17/02/2006 13:25 72320]

S
0 r
s
eb;r
s
eb; [x]

S
3 bco_1394;bco_1394;c:\window
s
\
s
y
s
tem32\driver
s
\bco_1394.
s
y
s
[21/10/2007 20:31 71936]

S
3 bco_av
s
;bco_av
s
;c:\window
s
\
s
y
s
tem32\driver
s
\bco_av
s
.
s
y
s
[21/10/2007 20:31 24576]

S
3 xu
s
b20;Xbox 360 Wirele
s
s
Receiver for Window
s
Driver
S
ervice;c:\window
s
\
s
y
s
tem32\driver
s
\xu
s
b20.
s
y
s
[25/08/2007 15:41 50048]

.

.

------- Examen
s
uppl
é
mentaire -------

.

u
S
earchMigratedDefaultURL = hxxp://www.google.com/
s
earch?q={
s
earchTerm
s
}&
s
ourceid=ie7&rl
s
=com.micro
s
oft:en-U
S
&ie=utf8&oe=utf8

u
S
tart Page = hxxp://www.deezer.com/fr/

uInternet Connection Wizard,
S
hellNext = iexplore

IE: &Recherche AOL Toolbar - c:\program file
s
\AOL Toolbar\toolbar.dll/
S
EARCH.HTML

IE: E&xporter ver
s
Micro
s
oft Excel - c:\progra~1\MICRO
S
~4\Office10\EXCEL.EXE/3000

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/
s
can_fr/
s
can8/o
s
can8.cab

FF - ProfilePath - c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Mozilla\Firefox\Profile
s
\0nyz4r45.default\

FF - pref
s
.j
s
: brow
s
er.
s
earch.defaulturl - hxxp://
s
earch.live.com/re
s
ult
s
.a
s
px?FORM=IEFM1&q=

FF - pref
s
.j
s
: brow
s
er.
s
tartup.homepage - hxxp://fr.
s
tart3.mozilla.com/firefox?client=firefox-a&rl
s
=org.mozilla:fr:official

FF - pref
s
.j
s
:
k
eyword.URL - hxxp://www.
s
icto.com/
s
earch/?ie=UTF-8&oe=UTF-8&
s
ourceid=navclient&gfn
s
=1&rl
s
=wdLixQ4v&q=

FF - plugin: c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\id
S
oftware\Qua
k
eLive\npqua
k
ezero.dll

FF - plugin: c:\program file
s
\DivX\DivX Plu
s
Web Player\npdivx32.dll

FF - plugin: c:\program file
s
\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program file
s
\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExten
s
ion: Micro
s
oft .NET Framewor
k
A
s
s
i
s
tant: {20a82645-c095-46ed-80e3-08825760534b} - c:\window
s
\Micro
s
oft.NET\Framewor
k
\v3.5\Window
s
Pre
s
entation Foundation\DotNetA
s
s
i
s
tantExten
s
ion\

 

---- PARAMETRE
S
FIREFOX ----

 

FF - u
s
er.j
s
:
k
eyword.URL - hxxp://www.
s
icto.com/
s
earch/?ie=UTF-8&oe=UTF-8&
s
ourceid=navclient&gfn
s
=1&rl
s
=wdLixQ4v&q=

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("ui.u
s
e_native_color
s
", true);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("ui.u
s
e_native_popup_window
s
", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.enable_clic
k
_image_re
s
izing", true);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("acce
s
s
ibility.brow
s
ewithcaret_
s
hortcut.enabled", true);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("java
s
cript.option
s
.mem.high_water_mar
k
", 32);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("java
s
cript.option
s
.mem.gc_frequency", 1600);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("networ
k
.auth.force-generic-ntlm", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("
s
vg.
s
mil.enabled", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("ui.trac
k
point_hac
k
.enabled", -1);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.debug", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.agedWeight", 2);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.buc
k
et
S
ize", 1);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.maxTimeGrouping
s
", 25);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.timeGrouping
S
ize", 604800);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.boundaryWeight", 25);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.prefixWeight", 5);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("html5.enable", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox-branding.j
s
- pref("app.update.download.bac
k
groundInterval", 600);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox-branding.j
s
- pref("app.update.url.manual", "
);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox-branding.j
s
- pref("brow
s
er.
s
earch.param.yahoo-fr-ja", "mozff");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("exten
s
ion
s
.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://brow
s
er/locale/brow
s
er.propertie
s
");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("exten
s
ion
s
.{972ce4c6-7e08-4474-a285-3208198ce6fd}.de
s
cription", "chrome://brow
s
er/locale/brow
s
er.propertie
s
");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("xpin
s
tall.whiteli
s
t.add", "addon
s
.mozilla.org");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("xpin
s
tall.whiteli
s
t.add.36", "getper
s
ona
s
.com");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("lightweightTheme
s
.update.enabled", true);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.allTab
s
.preview
s
", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("plugin
s
.hide_infobar_for_outdated_plugin", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("plugin
s
.update.notifyU
s
er", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("toolbar.cu
s
tomization.u
s
e
s
heet", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.ta
s
k
bar.preview
s
.enable", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.ta
s
k
bar.preview
s
.max", 20);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.ta
s
k
bar.preview
s
.cachetime", 20);

.

- - - - ORPHELIN
S
S
UPPRIME
S
- - - -

 

H
K
CU-Run-
s
yncman - c:\document
s
and
s
etting
s
\morgane.henrio\wuaucldt.exe

H
K
LM-Run-
s
yncman - c:\window
s
\
s
y
s
tem32\wuaucldt.exe

AddRemove-{F7E1CA14-B39D-452A-960B-39423DDDD933} - m:\program file
s
\Runtime
S
oftware\DriveImage XML\Unin
s
tall.exe

AddRemove-{FAF88B432344413595BB2DED98385684} - c:\program file
s
\DivX\DivXU
s
erGuideUnin
s
tall

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2
K
/XP/Vi
s
ta - root
k
it/
s
tealth malware detector by Gmer,

Root
k
it
s
can 2010-03-21 12:02

Window
s
5.1.2600
S
ervice Pac
k
2 NTF
S

 

Recherche de proce
s
s
u
s
cach
é
s
...

 

Recherche d'
é
l
é
ment
s
en d
é
marrage automatique cach
é
s
...

 

Recherche de fichier
s
cach
é
s
...

 

S
can termin
é
avec
s
ucc
è
s

Fichier
s
cach
é
s
: 0

 

**************************************************************************

 

S
tealth MBR root
k
it/Mebroot/
S
inowal detector 0.3.7 by Gmer,

 

device: opened
s
ucce
s
s
fully

u
s
er: MBR read
s
ucce
s
s
fully

called module
s
: nt
k
rnlpa.exe CLA
S
S
PNP.
S
Y
S
di
s
k
.
s
y
s
ACPI.
s
y
s
hal.dll pro
s
ync1.
s
y
s
>>UN
K
NOWN [0x86F671F8]<<

k
ernel: MBR read
s
ucce
s
s
fully

detected MBR root
k
it hoo
k
s
:

\Driver\Di
s
k
-> CLA
S
S
PNP.
S
Y
S
@ 0xf7594fc3

\Driver\ACPI -> ACPI.
s
y
s
@ 0xf730ecb8

\Driver\atapi -> pro
s
ync1.
s
y
s
@ 0xf7a56661

IoDeviceObjectType -> DeleteProcedure -> nt
k
rnlpa.exe @ 0x8058241c

\Device\Harddi
s
k
0\DR0 -> DeleteProcedure -> nt
k
rnlpa.exe @ 0x8058241c

NDI
S
: Carte r
é
s
eau Fa
s
t Ethernet PCI Realte
k
RTL8139 Family ->
S
endCompleteHandler -> NDI
S
.
s
y
s
@ 0xf71c0bc3

Pac
k
etIndicateHandler -> NDI
S
.
s
y
s
@ 0xf71aea0b

S
endHandler -> NDI
S
.
s
y
s
@ 0xf71c2b31

u
s
er &
k
ernel MBR O
K

 

**************************************************************************

.

--------------------- CLE
S
DE REGI
S
TRE BLOQUEE
S
---------------------

 

[H
K
EY_U
S
ER
S
\
S
-1-5-21-421911124-2136637551-3623326990-1010\
S
oftware\
S
ecuROM\Licen
s
e information*]

"data
s
ecu"=hex:ff,c7,b0,c9,6f,af,27,c5,9a,8f,3d,8d,2f,2c,5f,08,e8,e0,d1,77,17,

e3,03,ab,42,00,17,8f,b7,41,5a,f2,33,29,49,9f,b1,79,84,ea,b3,fc,a6,bd,64,0c,\

"r
k
ey
s
ecu"=hex:1e,81,a1,d8,1d,84,df,8c,fd,32,27,f8,29,9e,55,5c

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\In
s
taller\U
s
erData\Local
S
y
s
tem\Component
s
\
Ø
|
ÿ
ÿ
ÿ
ÿ
|
ù
9~*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\
S
oftware\\Adobe\\Feature
S
ub
s
cription
s
\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Regi
s
tered"

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLL
s
charg
é
e
s
dan
s
le
s
proce
s
s
u
s
actif
s
---------------------

 

- - - - - - - > 'explorer.exe'(6980)

c:\program file
s
\Fichier
s
commun
s
\Logi
s
hrd\LVMVFM\LVPrcInj.dll

c:\window
s
\
s
y
s
tem32\webchec
k
.dll

c:\window
s
\
s
y
s
tem32\WPD
S
h
S
erviceObj.dll

c:\window
s
\
s
y
s
tem32\PortableDeviceType
s
.dll

c:\window
s
\
s
y
s
tem32\PortableDeviceApi.dll

.

------------------------ Autre
s
proce
s
s
u
s
actif
s
------------------------

.

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
wUpd
S
v.exe

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
h
S
erv.exe

c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LVMVFM\LVPrc
S
rv.exe

c:\program file
s
\Lava
s
oft\Ad-Aware 2007\aaw
s
ervice.exe

c:\program file
s
\Home Cinema\PowerCinema\
K
ernel\TV\CLCap
S
vc.exe

c:\program file
s
\Home Cinema\PowerCinema\
K
ernel\CLML_NT
S
ervice\CLML
S
erver.exe

c:\program file
s
\Fichier
s
commun
s
\Light
S
cribe\L
S
S
rvc.exe

c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LVCOM
S
ER\LVCom
S
er.exe

c:\window
s
\
s
y
s
tem32\nv
s
vc32.exe

c:\window
s
\
s
y
s
tem32\HPZipm12.exe

c:\window
s
\
s
y
s
tem32\Pn
k
B
s
trA.exe

c:\program file
s
\CyberLin
k
\
S
hared File
s
\RichVideo.exe

c:\program file
s
\Micro
s
oft\
S
earch Enhancement Pac
k
\
S
eaPort\
S
eaPort.exe

c:\program file
s
\Alcohol
S
oft\Alcohol 120\
S
tarWind\
S
tarWind
S
erviceAE.exe

c:\progra~1\COMMON~1\X10\Common\x10net
s
.exe

c:\program file
s
\Home Cinema\PowerCinema\
K
ernel\TV\CL
S
ched.exe

c:\program file
s
\Window
s
Media Player\WMPNetw
k
.exe

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
hMai
S
v.exe

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
hWeb
S
v.exe

c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LVCOM
S
ER\LVCom
S
er.exe

c:\window
s
\RTHDCPL.EXE

c:\window
s
\mHot
k
ey.exe

c:\window
s
\CNYH
K
ey.exe

c:\progra~1\HEWLET~1\HP
S
HAR~1\hpg
s
2wnf.exe

c:\progra~1\HEWLET~1\AiO\
S
hared\Bin\hpoevm07.exe

c:\program file
s
\Hewlett-Pac
k
ard\AiO\
S
hared\bin\hpO
S
T
S
07.exe

c:\program file
s
\Hewlett-Pac
k
ard\AiO\
S
hared\bin\hpO
S
T
S
07.exe

c:\program file
s
\Fichier
s
commun
s
\Logi
s
hrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Heure de fin: 2010-03-21 12:11:00 - La machine a red
é
marr
é

ComboFix-quarantined-file
s
.txt 2010-03-21 11:10

 

Avant-CF: 5
 
276
 
434
 
432 octet
s
libre
s

Apr
è
s
-CF: 5
 
994
 
500
 
096 octet
s
libre
s

 

Window
s
XP-
K
B310994-
S
P2-Home-BootDi
s
k
-FRA.exe

[boot loader]

timeout=2

default=multi(0)di
s
k
(0)rdi
s
k
(0)partition(1)\WINDOW
S

[operating
s
y
s
tem
s
]

c:\cmdcon
s
\BOOT
S
ECT.DAT="Micro
s
oft Window
s
Recovery Con
s
ole" /cmdcon
s

multi(0)di
s
k
(0)rdi
s
k
(0)partition(1)\WINDOW
S
="Micro
s
oft Window
s
XP dition familiale" /noexecute=optin /fa
s
tdetect

 

- - End Of File - - 57ABB5F7ADA7F76D4FEBAAFAEDAC98D5

 

Au redémarrage Avast à trouvé un fichier de type : service caché avec la méthode heuristique. Est-ce le rapport de combofix ou dois-je le supprimer ?

location : C:\DOCUME~1\MORGAN~1.HEN\LOCALS~1\Temp\catchme.sys

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Mouais, Avast détecte des trucs inoffensifs mais pour le reste: zéro!

 

Pour le virer: utilise le mode sans échec si nécessaire, on le remplacera très vite.

 

http://www.avast.com/fre/avast-uninstall-utility.html

 

Après le reboot:

 

Ce script a été rédigé spécialement pour cet utilisateur; ne pas l'utiliser sur une autre machine: dangereux!

 

1. Ferme tous les navigateurs ouverts.

2. Désactive provisoirement l'antivirus.

 

--> connecte les supports amovibles!

 

2. Ferme/désactive tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

 

3. Ouvre le Bloc-notes et fais un copier/coller du texte situé dans la boîte Code ci-dessous dans le Bloc-notes: (sans le mot code)!

 

http://forum.zebulon.fr/index.php?s=&showtopic=174981&view=findpost&p=1475090

KillAll::

Collect::

File::

c:\documents and settings\All Users\Application Data\avG
c:\documents and settings\all users\application data\avg\av.exe
c:\documents and settings\all users\application data\microsoft\windows defender\ave.exe
c:\documents and settings\all users\application data\microsoft\windows defender\av.exe
c:\documents and settings\All Users\Application Data\avG\MSASCui.exe

 

Enregistre le fichier sous le nom CFScript.txt, au même endroit que ComboFix.exe

 

 

img-195530n0pz2.gif

 

Comme sur l'image ci-dessus, fais glisser CFScript puis dépose-le sur ComboFix.exe

 

Lorsque l'outil aura terminé, il t'affichera un rapport nommé C:\ComboFix.txt que tu devras m'envoyer dans ton prochain message.

 

@++

FOIN Member

FOIN

Posté(e)
  • Auteur
Posté(e)

J'ai réussi à désinstaller Avast normalement en passant par l'assistant d'ajout/suppression de programme.

Je n'ai plus le message d'erreur d'accès d'avant.

 

J'ai glissé le fichier CFScript.txt sur panpan.com mais j'ai du retélécharger les mises à jour (j'avais lancé la première fois sur la session administrateur en mode sans echec invisible en mode normal.)

Du coup combofix me rescan le tout et je ne sais pas s'il a pris en compte le fichier CFScript.txt que j'avais glissé avant qu'il reboot pour installer ses MàJ.

 

Quoi qu'il arrive je mettrai le nouveau rapport et dans le doute je vais attendre votre réponse pour me dire si je dois recommencer l'action ou non.

FOIN Member

FOIN

Posté(e)
  • Auteur
Posté(e)

2ème Rapport combofix :

 

ComboFix 10-03-20.04 - Morgane 21/03/2010 13:01:24.2.2 - x86

Micro
s
oft Window
s
XP
É
dition familiale 5.1.2600.2.1252.33.1036.18.1022.585 [GMT 1:00]

Lanc
é
depui
s
: c:\document
s
and
s
etting
s
\Morgane.HENRIO\Bureau\panpan.com

Commutateur
s
utili
s
é
s
:: c:\docume~1\MORGAN~1.HEN\Bureau\CF
S
cript.txt

 

FILE ::

"c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG"

"c:\document
s
and
s
etting
s
\all u
s
er
s
\application data\avg\av.exe"

"c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\M
S
A
S
Cui.exe"

"c:\document
s
and
s
etting
s
\all u
s
er
s
\application data\micro
s
oft\window
s
defender\av.exe"

"c:\document
s
and
s
etting
s
\all u
s
er
s
\application data\micro
s
oft\window
s
defender\ave.exe"

.

 

(((((((((((((((((((((((((((((((((((( Autre
s
s
uppre
s
s
ion
s
))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\document
s
and
s
etting
s
\all u
s
er
s
\application data\avg\av.exe

c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\M
S
A
S
Cui.exe

c:\document
s
and
s
etting
s
\all u
s
er
s
\application data\micro
s
oft\window
s
defender\av.exe

c:\document
s
and
s
etting
s
\all u
s
er
s
\application data\micro
s
oft\window
s
defender\ave.exe

c:\window
s
\
s
y
s
tem32\fjhdyfh
s
n.bat

 

.

((((((((((((((((((((((((((((( Fichier
s
cr
é
é
s
du 2010-02-21 au 2010-03-21 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-21 11:55 . 2010-03-21 12:00 -------- d-----w- C:\panpan11833p

2010-03-21 11:54 . 2010-03-21 11:54 -------- d-
s
h--w- c:\document
s
and
s
etting
s
\Local
S
ervice\IETldCache

2010-03-21 11:52 . 2010-03-21 12:20 838144 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\h
k
gdrbj.
s
y
s

2010-03-21 10:59 . 2004-08-05 12:00 49536 -c--a-w- c:\window
s
\
s
y
s
tem32\dllcache\cdrom.
s
y
s

2010-03-21 10:59 . 2004-08-05 12:00 49536 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\cdrom.
s
y
s

2010-03-21 10:36 . 2010-03-21 10:46 -------- d-----w- C:\panpan

2010-03-21 09:06 . 2010-03-21 09:06 -------- d-----w- C:\_OTM

2010-03-21 07:38 . 2010-03-21 07:38 -------- d-----w- C:\r
s
it

2010-03-21 07:38 . 2010-03-21 07:38 -------- d-----w- c:\program file
s
\trend micro

2010-03-20 23:25 . 2010-03-20 23:25 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Malwarebyte
s

2010-03-20 23:24 . 2010-01-07 15:07 38224 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\mbam
s
wi
s
s
army.
s
y
s

2010-03-20 23:24 . 2010-03-20 23:24 -------- d-----w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Malwarebyte
s

2010-03-20 23:24 . 2010-03-20 23:24 -------- d-----w- c:\program file
s
\Malwarebyte
s
' Anti-Malware

2010-03-20 23:24 . 2010-01-07 15:07 19160 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\mbam.
s
y
s

2010-03-20 00:00 . 2010-03-20 00:47 -------- d-----w- c:\program file
s
\ZHPDiag

2010-03-19 23:07 . 2010-03-21 12:09 -------- d-----w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG

2010-03-19 23:07 . 2010-03-19 23:07 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\avG

2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\window
s
\
s
y
s
tem32\xfcodec.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 11:52 . 2010-03-21 11:52 8 ----a-w- c:\document
s
and
s
etting
s
\Local
S
ervice\Application Data\ja
s
ltw.dat

2010-03-21 08:30 . 2010-03-21 08:30 8 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\ja
s
ltw.dat

2010-03-19 23:56 . 2010-03-19 23:56 8 ----a-w- c:\document
s
and
s
etting
s
\Networ
k
S
ervice\Application Data\ja
s
ltw.dat

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\vma.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\avG\ave.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\Micro
s
oft\Window
s
Defender\vma.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\M
S
A
S
Cui.exe

2010-03-19 23:07 . 2010-03-19 23:07 202240 --
s
ha-w- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\M
S
A
S
Cui.exe

2010-03-19 22:54 . 2010-03-19 22:54 8 ----a-w- c:\window
s
\
s
y
s
tem32\config\
s
y
s
temprofile\Application Data\ja
s
ltw.dat

2010-03-19 19:46 . 2009-07-23 19:25 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Winamp

2010-03-17 19:30 . 2007-01-19 17:50 60342 ----a-w- c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\w
k
lnh
s
t.dat

2010-03-15 20:16 . 2009-04-04 21:14 -------- d-----w- c:\document
s
and
s
etting
s
\David\Application Data\Xfire

2010-03-12 16:19 . 2009-04-04 21:14 -------- d-----w- c:\program file
s
\Xfire

2010-03-10 00:06 . 2009-07-14 12:08 -------- d-----w- c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\Xfire

2010-03-07 17:08 . 2009-06-19 19:17 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Xfire

2010-03-01 18:40 . 2007-01-19 17:46 93576 ----a-w- c:\document
s
and
s
etting
s
\Pa
s
cal\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-24 14:12 . 2007-05-03 16:46 16742 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\w
k
lnh
s
t.dat

2010-02-20 22:52 . 2007-03-19 18:01 93576 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-20 18:33 . 2009-05-02 20:22 -------- d-----w- c:\program file
s
\Me
s
s
enger Plu
s
! Live

2010-02-17 18:28 . 2010-02-17 18:28 -------- d-----w- c:\document
s
and
s
etting
s
\Pa
s
cal\Application Data\Micro
s
oft Web Folder
s

2010-02-17 02:59 . 2009-12-05 20:45 22328 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\Pn
k
B
s
tr
K
.
s
y
s

2010-02-17 02:59 . 2009-11-27 15:51 107832 ----a-w- c:\window
s
\
s
y
s
tem32\Pn
k
B
s
trB.exe

2010-02-13 23:11 . 2008-08-01 15:59 -------- d-----w- c:\program file
s
\Window
s
Live

2010-02-13 23:01 . 2007-03-16 18:30 85864 ----a-w- c:\document
s
and
s
etting
s
\David\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-09 17:03 . 2009-06-26 18:58 413696 ----a-w- c:\window
s
\
s
y
s
tem32\wrap_oal.dll

2010-02-09 17:03 . 2009-06-26 18:58 110592 ----a-w- c:\window
s
\
s
y
s
tem32\OpenAL32.dll

2010-02-09 16:32 . 2010-01-23 12:08 -------- d-----w- c:\program file
s
\AGEIA Technologie
s

2010-02-09 16:31 . 2007-07-18 21:30 -------- d-----w- c:\program file
s
\Fichier
s
commun
s
\Wi
s
e In
s
tallation Wizard

2010-02-03 14:33 . 2010-02-03 12:12 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\GetRightToGo

2010-02-03 14:32 . 2010-02-03 14:32 -------- d-----w- c:\program file
s
\OpenAL

2010-02-02 17:22 . 2010-02-02 17:22 -------- d-----w- c:\program file
s
\M
S
ECache

2010-02-02 11:20 . 2007-10-07 14:16 -------- d-----w- c:\program file
s
\Guitar Pro 5

2010-02-02 11:16 . 2007-03-09 20:08 81936 ----a-w- c:\document
s
and
s
etting
s
\Olivier.HENRIO\Local
S
etting
s
\Application Data\GDIPFONTCACHEV1.DAT

2010-02-01 22:22 . 2009-11-27 16:20 179264 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\ba
s
eq3\uix86.dll

2010-02-01 22:22 . 2009-11-27 16:20 367680 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\ba
s
eq3\cgamex86.dll

2010-02-01 21:24 . 2009-11-27 16:20 887856 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\pb\pbcl.dll

2010-02-01 21:24 . 2009-11-27 16:20 57344 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\pb\pbag.dll

2010-02-01 21:24 . 2009-11-27 16:19 2407488 ----a-w- c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\id
S
oftware\qua
k
elive\home\ba
s
eq3\qua
k
elive.dll

2010-01-31 19:32 . 2005-10-19 13:08 -------- d--h--w- c:\program file
s
\In
s
tall
S
hield In
s
tallation Information

2010-01-31 19:31 . 2007-03-11 20:12 -------- d-----w- c:\program file
s
\Wanadoo

2010-01-31 19:23 . 2009-04-20 15:03 -------- d-----w- c:\program file
s
\
S
ingle
s

2010-01-31 19:16 . 2006-02-17 12:58 -------- d-----w- c:\program file
s
\Home Cinema

2010-01-31 19:11 . 2007-04-13 16:44 -------- d-----w- c:\program file
s
\Filzip

2010-01-31 19:04 . 2008-12-17 19:04 -------- d-----w- c:\program file
s
\Micro
s
oft

2010-01-26 17:51 . 2010-01-19 15:58 -------- d-----w- c:\document
s
and
s
etting
s
\Olivier.HENRIO\Application Data\Xfire

2010-01-24 15:56 . 2010-01-24 15:56 -------- d-----w- c:\document
s
and
s
etting
s
\Morgane\Application Data\
S
EGA

2010-01-23 13:10 . 2010-01-23 13:10 278728 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\at
k
s
gt.
s
y
s

2010-01-23 13:10 . 2010-01-23 13:10 25416 ----a-w- c:\window
s
\
s
y
s
tem32\driver
s
\lir
s
gt.
s
y
s

2010-01-22 16:16 . 2010-01-22 16:11 -------- d-----w- c:\document
s
and
s
etting
s
\David\Application Data\Winamp

2010-01-18 16:37 . 2009-06-02 17:39 32619 ----a-w- c:\window
s
\DIIUnin.dat

2010-01-03 16:30 . 2010-01-03 16:23 68300 ----a-w- c:\window
s
\hpoin
s
05.dat

2009-12-21 19:07 . 2005-10-19 20:41 916480 ------w- c:\window
s
\
s
y
s
tem32\wininet.dll

2004-08-05 12:00 . 2005-10-19 20:41 94864 --
s
h--w- c:\window
s
\twain.dll

2004-08-05 12:00 . 2005-10-19 20:41 50688 --
s
h--w- c:\window
s
\twain_32.dll

2005-11-04 12:00 . 2005-11-04 11:59 56 --
s
h--r- c:\window
s
\
s
y
s
tem32\07E9BADCB3.
s
y
s

2005-10-19 19:19 . 2005-10-19 19:19 8 --
s
h--r- c:\window
s
\
s
y
s
tem32\CFE20AE075.
s
y
s

2008-10-24 10:23 . 2008-10-24 10:23 56 --
s
h--r- c:\window
s
\
s
y
s
tem32\EF8D87EC2B.
s
y
s

2008-10-24 10:23 . 2005-10-19 19:19 9812 --
s
ha-w- c:\window
s
\
s
y
s
tem32\
K
GyGaAvL.
s
y
s

2004-08-05 12:00 . 2005-10-19 20:41 1028096 --
s
h--w- c:\window
s
\
s
y
s
tem32\mfc42.dll

2004-08-05 12:00 . 2005-10-19 20:41 54784 --
s
h--w- c:\window
s
\
s
y
s
tem32\m
s
vcirt.dll

2007-12-04 18:41 . 2005-10-19 20:41 550912 --
s
h--w- c:\window
s
\
s
y
s
tem32\oleaut32.dll

2004-08-05 12:00 . 2005-10-19 20:41 83456 --
s
h--w- c:\window
s
\
s
y
s
tem32\olepro32.dll

2004-08-05 12:00 . 2005-10-19 20:41 12288 --
s
h--w- c:\window
s
\
s
y
s
tem32\reg
s
vr32.exe

.

 

((((((((((((((((((((((((((((((((( Point
s
de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* le
s
é
l
é
ment
s
vide
s
& le
s
é
l
é
ment
s
initiaux l
é
gitime
s
ne
s
ont pa
s
li
s
t
é
s

REGEDIT4

 

[H
K
EY_CURRENT_U
S
ER\
S
OFTWARE\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"DAEMON Tool
s
Lite"="c:\program file
s
\DAEMON Tool
s
Lite\daemon.exe" [2008-04-01 486856]

"WMPN
S
CFG"="c:\program file
s
\Window
s
Media Player\WMPN
S
CFG.exe" [2006-11-03 204288]

 

[H
K
EY_LOCAL_MACHINE\
S
OFTWARE\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"IMJPMIG8.1"="c:\window
s
\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"M
S
PY2002"="c:\window
s
\
s
y
s
tem32\IME\PINTLGNT\Im
S
cIn
s
t.exe" [2004-08-05 59392]

"PHIME2002A
S
ync"="c:\window
s
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\window
s
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE" [2004-08-05 455168]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"NvCplDaemon"="c:\window
s
\
s
y
s
tem32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"CmUCRRun"="c:\window
s
\
s
y
s
tem32\CmUCReye.exe" [2005-10-12 241664]

"CHot
k
ey"="mHot
k
ey.exe" [2004-12-08 550912]

"ledpointer"="CNYH
K
ey.exe" [2005-11-10 5585408]

"
S
howwnd"="
s
howwnd.exe" [2003-09-18 36864]

"NeroFilterChec
k
"="c:\window
s
\
s
y
s
tem32\NeroChec
k
.exe" [2001-07-09 155648]

"PCM
S
ervice"="c:\program file
s
\Home Cinema\PowerCinema\PCM
S
ervice.exe" [2006-02-09 143360]

"In
s
tantOn"="c:\program file
s
\CyberLin
k
\PowerCinema Linux\ion_in
s
tall.exe" [2005-09-22 93640]

"Micro
s
oft Wor
k
s
Update Detection"="c:\program file
s
\Fichier
s
commun
s
\Micro
s
oft
S
hared\Wor
k
s
S
hared\W
k
UFind.exe" [2002-07-18 28672]

"
S
hare-to-Web Name
s
pace Daemon"="c:\program file
s
\Hewlett-Pac
k
ard\HP
S
hare-to-Web\hpg
s
2wnd.exe" [2001-07-03 57344]

"VirtualCloneDrive"="c:\program file
s
\Elaborate Byte
s
\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]

"Quic
k
Time Ta
s
k
"="c:\program file
s
\Quic
k
Time\qtta
s
k
.exe" [2005-11-04 155648]

"LogitechCommunication
s
Manager"="c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LComMgr\Communication
s
_Helper.exe" [2007-10-25 563984]

"LogitechQuic
k
CamRibbon"="c:\program file
s
\Logitech\Quic
k
Cam\Quic
k
cam.exe" [2007-10-25 2178832]

"WinampAgent"="c:\program file
s
\Winamp\winampa.exe" [2009-07-01 37888]

 

[H
K
EY_U
S
ER
S
\.DEFAULT\
S
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"CTFMON.EXE"="c:\window
s
\
s
y
s
tem32\CTFMON.EXE" [2004-08-05 15360]

 

c:\document
s
and
s
etting
s
\Morgane.HENRIO\Menu D
marrer\Programme
s
\D
marrage\

s
y
s
pc
k
32.exe [2004-8-5 16896]

 

c:\document
s
and
s
etting
s
\All U
s
er
s
\Menu D
marrer\Programme
s
\D
marrage\

HPAiODevice(hp p
s
c 700
s
erie
s
) - 1.ln
k
- c:\program file
s
\Hewlett-Pac
k
ard\AiO\hp p
s
c 700
s
erie
s
\Bin\hpobrt07.exe [2002-4-24 487484]

HPAiODevice(hp p
s
c 700
s
erie
s
) - 2.ln
k
- c:\program file
s
\Hewlett-Pac
k
ard\AiO\hp p
s
c 700
s
erie
s
\Bin\hpobrt07.exe [2002-4-24 487484]

Lancement rapide d'Adobe Reader.ln
k
- c:\program file
s
\Adobe\Acrobat 7.0\Reader\reader_
s
l.exe [2005-9-23 29696]

Micro
s
oft Office.ln
k
- c:\program file
s
\Micro
s
oft Office\Office10\O
S
A.EXE [2001-2-13 83360]

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\CurrentControl
S
et\Control\
S
afeBoot\Minimal\aaw
s
ervice]

@="
S
ervice"

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
ecurity center]

"AntiViru
s
Override"=dword:00000001

"FirewallOverride"=dword:00000001

 

[H
K
LM\~\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile]

"EnableFirewall"= 0 (0x0)

"Di
s
ableNotification
s
"= 1 (0x1)

 

[H
K
LM\~\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile\AuthorizedApplication
s
\Li
s
t]

"c:\\WINDOW
S
\\
s
y
s
tem32\\
s
e
s
s
mgr.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\fx
s
clnt.exe"=

"d:\\Game
s
\\QUA
K
E III ARENA\\qua
k
e3.exe"=

"d:\\eMule\\emule.exe"=

"c:\\Program File
s
\\Me
s
s
enger\\m
s
m
s
g
s
.exe"=

"c:\\Program File
s
\\EA GAME
S
\\Battlefield 2\\BF2.exe"=

"d:\\Game
s
\\Titan Que
s
t\\Titan Que
s
t.exe"=

"d:\\Game
s
\\Titan Que
s
t Immortal Throne\\Tqit.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\dpv
s
etup.exe"=

"%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe"=

"d:\\Game
s
\\Call of duty\\CoDMP.exe"=

"d:\\Game
s
\\FEAR\\FEAR.exe"=

"d:\\Game
s
\\FEAR\\FEARMP.exe"=

"d:\\Game
s
\\Call of duty\\CoDUOMP.exe"=

"d:\\Game
s
\\FEAR COMBAT\\fpupdate.exe"=

"d:\\Game
s
\\FEAR COMBAT\\FEARMP.exe"=

"d:\\Game
s
\\Heroe
s
II\\HEROE
S
2W.EXE"=

"d:\\Game
s
\\3DO\\Heroe
s
II Gold\\HEROE
S
2W.EXE"=

"d:\\Game
s
\\FlatOut2\\FlatOut2.exe"=

"c:\\Program File
s
\\Activi
s
ion\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"d:\\Game
s
\\
S
hadow Warrior\\
S
W.EXE"=

"c:\\DU
K
E3D\\DU
K
E3D.EXE"=

"c:\\Program File
s
\\Xfire\\Xfire.exe"=

"c:\\Program File
s
\\Mozilla Firefox\\firefox.exe"=

"c:\\Program File
s
\\F
S
Ver
s
ion 5 BETA\\FiLoU
S
cRiPt V5.exe"=

"c:\\Temp\\HP_WebRelea
s
e\\
S
etup\\HPZnet01.exe"=

"c:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe"=

"c:\\Program File
s
\\Window
s
Live\\
S
ync\\Window
s
Live
S
ync.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\Pn
k
B
s
trA.exe"=

"c:\\WINDOW
S
\\
s
y
s
tem32\\Pn
k
B
s
trB.exe"=

"c:\\Program File
s
\\
S
k
ype\\Phone\\
S
k
ype.exe"=

"d:\\
S
team\\
S
team.exe"=

"d:\\Game
s
\\
S
ilverfall\\
S
ilverfall.exe"=

"d:\\Game
s
\\Deep
S
ilver\\
S
acred2\\
s
y
s
tem\\
s
2g
s
.exe"=

"d:\\Game
s
\\Deep
S
ilver\\
S
acred2\\
s
y
s
tem\\
s
acred2.exe"=

"d:\\
S
team\\
s
teamapp
s
\\common\\
k
illingfloor\\
S
y
s
tem\\
K
illingFloor.exe"=

 

R0
s
ptd;
s
ptd;c:\window
s
\
s
y
s
tem32\driver
s
\
s
ptd.
s
y
s
[10/08/2007 10:25 717296]

R3 3xHybrid;3xHybrid
s
ervice;c:\window
s
\
s
y
s
tem32\driver
s
\3xHybrid.
s
y
s
[18/10/2005 14:01 826752]

R3 CMI
S
TOR;CMIUCR.
S
Y
S
CM220 Card Reader Driver;c:\window
s
\
s
y
s
tem32\driver
s
\cmiucr.
S
Y
S
[17/02/2006 13:25 72320]

S
0 r
s
eb;r
s
eb; [x]

S
3 bco_1394;bco_1394;c:\window
s
\
s
y
s
tem32\driver
s
\bco_1394.
s
y
s
[21/10/2007 20:31 71936]

S
3 bco_av
s
;bco_av
s
;c:\window
s
\
s
y
s
tem32\driver
s
\bco_av
s
.
s
y
s
[21/10/2007 20:31 24576]

S
3 xu
s
b20;Xbox 360 Wirele
s
s
Receiver for Window
s
Driver
S
ervice;c:\window
s
\
s
y
s
tem32\driver
s
\xu
s
b20.
s
y
s
[25/08/2007 15:41 50048]

 

--- Autre
s
S
ervice
s
/Pilote
s
en m
é
moire ---

 

*Deregi
s
tered* - h
k
gdrbj

.

.

------- Examen
s
uppl
é
mentaire -------

.

u
S
earchMigratedDefaultURL = hxxp://www.google.com/
s
earch?q={
s
earchTerm
s
}&
s
ourceid=ie7&rl
s
=com.micro
s
oft:en-U
S
&ie=utf8&oe=utf8

u
S
tart Page = hxxp://www.deezer.com/fr/

uInternet Connection Wizard,
S
hellNext = iexplore

IE: &Recherche AOL Toolbar - c:\program file
s
\AOL Toolbar\toolbar.dll/
S
EARCH.HTML

IE: E&xporter ver
s
Micro
s
oft Excel - c:\progra~1\MICRO
S
~4\Office10\EXCEL.EXE/3000

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/
s
can_fr/
s
can8/o
s
can8.cab

FF - ProfilePath - c:\document
s
and
s
etting
s
\Morgane.HENRIO\Application Data\Mozilla\Firefox\Profile
s
\0nyz4r45.default\

FF - pref
s
.j
s
: brow
s
er.
s
earch.defaulturl - hxxp://
s
earch.live.com/re
s
ult
s
.a
s
px?FORM=IEFM1&q=

FF - pref
s
.j
s
: brow
s
er.
s
tartup.homepage - hxxp://fr.
s
tart3.mozilla.com/firefox?client=firefox-a&rl
s
=org.mozilla:fr:official

FF - pref
s
.j
s
:
k
eyword.URL - hxxp://www.
s
icto.com/
s
earch/?ie=UTF-8&oe=UTF-8&
s
ourceid=navclient&gfn
s
=1&rl
s
=wdLixQ4v&q=

FF - plugin: c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\id
S
oftware\Qua
k
eLive\npqua
k
ezero.dll

FF - plugin: c:\program file
s
\DivX\DivX Plu
s
Web Player\npdivx32.dll

FF - plugin: c:\program file
s
\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program file
s
\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExten
s
ion: Micro
s
oft .NET Framewor
k
A
s
s
i
s
tant: {20a82645-c095-46ed-80e3-08825760534b} - c:\window
s
\Micro
s
oft.NET\Framewor
k
\v3.5\Window
s
Pre
s
entation Foundation\DotNetA
s
s
i
s
tantExten
s
ion\

 

---- PARAMETRE
S
FIREFOX ----

 

FF - u
s
er.j
s
:
k
eyword.URL - hxxp://www.
s
icto.com/
s
earch/?ie=UTF-8&oe=UTF-8&
s
ourceid=navclient&gfn
s
=1&rl
s
=wdLixQ4v&q=

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("ui.u
s
e_native_color
s
", true);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("ui.u
s
e_native_popup_window
s
", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.enable_clic
k
_image_re
s
izing", true);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("acce
s
s
ibility.brow
s
ewithcaret_
s
hortcut.enabled", true);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("java
s
cript.option
s
.mem.high_water_mar
k
", 32);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("java
s
cript.option
s
.mem.gc_frequency", 1600);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("networ
k
.auth.force-generic-ntlm", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("
s
vg.
s
mil.enabled", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("ui.trac
k
point_hac
k
.enabled", -1);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.debug", fal
s
e);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.agedWeight", 2);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.buc
k
et
S
ize", 1);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.maxTimeGrouping
s
", 25);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.timeGrouping
S
ize", 604800);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.boundaryWeight", 25);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("brow
s
er.formfill.prefixWeight", 5);

c:\program file
s
\Mozilla Firefox\grepref
s
\all.j
s
- pref("html5.enable", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox-branding.j
s
- pref("app.update.download.bac
k
groundInterval", 600);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox-branding.j
s
- pref("app.update.url.manual", "
);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox-branding.j
s
- pref("brow
s
er.
s
earch.param.yahoo-fr-ja", "mozff");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("exten
s
ion
s
.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://brow
s
er/locale/brow
s
er.propertie
s
");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("exten
s
ion
s
.{972ce4c6-7e08-4474-a285-3208198ce6fd}.de
s
cription", "chrome://brow
s
er/locale/brow
s
er.propertie
s
");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("xpin
s
tall.whiteli
s
t.add", "addon
s
.mozilla.org");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("xpin
s
tall.whiteli
s
t.add.36", "getper
s
ona
s
.com");

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("lightweightTheme
s
.update.enabled", true);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.allTab
s
.preview
s
", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("plugin
s
.hide_infobar_for_outdated_plugin", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("plugin
s
.update.notifyU
s
er", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("toolbar.cu
s
tomization.u
s
e
s
heet", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.ta
s
k
bar.preview
s
.enable", fal
s
e);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.ta
s
k
bar.preview
s
.max", 20);

c:\program file
s
\Mozilla Firefox\default
s
\pref\firefox.j
s
- pref("brow
s
er.ta
s
k
bar.preview
s
.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2
K
/XP/Vi
s
ta - root
k
it/
s
tealth malware detector by Gmer,

Root
k
it
s
can 2010-03-21 13:19

Window
s
5.1.2600
S
ervice Pac
k
2 NTF
S

 

Recherche de proce
s
s
u
s
cach
é
s
...

 

Recherche d'
é
l
é
ment
s
en d
é
marrage automatique cach
é
s
...

 

Recherche de fichier
s
cach
é
s
...

 

S
can termin
é
avec
s
ucc
è
s

Fichier
s
cach
é
s
: 0

 

**************************************************************************

 

S
tealth MBR root
k
it/Mebroot/
S
inowal detector 0.3.7 by Gmer,

 

device: opened
s
ucce
s
s
fully

u
s
er: MBR read
s
ucce
s
s
fully

called module
s
: nt
k
rnlpa.exe CLA
S
S
PNP.
S
Y
S
di
s
k
.
s
y
s
ACPI.
s
y
s
hal.dll pro
s
ync1.
s
y
s
>>UN
K
NOWN [0x86FD81F8]<<

k
ernel: MBR read
s
ucce
s
s
fully

detected MBR root
k
it hoo
k
s
:

\Driver\Di
s
k
-> CLA
S
S
PNP.
S
Y
S
@ 0xf7594fc3

\Driver\ACPI -> ACPI.
s
y
s
@ 0xf730ecb8

\Driver\atapi -> pro
s
ync1.
s
y
s
@ 0xf7a56661

IoDeviceObjectType -> DeleteProcedure -> nt
k
rnlpa.exe @ 0x8058241c

\Device\Harddi
s
k
0\DR0 -> DeleteProcedure -> nt
k
rnlpa.exe @ 0x8058241c

NDI
S
: Carte r
é
s
eau Fa
s
t Ethernet PCI Realte
k
RTL8139 Family ->
S
endCompleteHandler -> NDI
S
.
s
y
s
@ 0xf7081bc3

Pac
k
etIndicateHandler -> NDI
S
.
s
y
s
@ 0xf706fa0b

S
endHandler -> NDI
S
.
s
y
s
@ 0xf7083b31

u
s
er &
k
ernel MBR O
K

 

**************************************************************************

 

[H
K
EY_LOCAL_MACHINE\
S
y
s
tem\Control
S
et001\
S
ervice
s
\h
k
gdrbj]

 

.

--------------------- CLE
S
DE REGI
S
TRE BLOQUEE
S
---------------------

 

[H
K
EY_U
S
ER
S
\
S
-1-5-21-421911124-2136637551-3623326990-1010\
S
oftware\
S
ecuROM\Licen
s
e information*]

"data
s
ecu"=hex:ff,c7,b0,c9,6f,af,27,c5,9a,8f,3d,8d,2f,2c,5f,08,e8,e0,d1,77,17,

e3,03,ab,42,00,17,8f,b7,41,5a,f2,33,29,49,9f,b1,79,84,ea,b3,fc,a6,bd,64,0c,\

"r
k
ey
s
ecu"=hex:1e,81,a1,d8,1d,84,df,8c,fd,32,27,f8,29,9e,55,5c

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\In
s
taller\U
s
erData\Local
S
y
s
tem\Component
s
\
Ø
|
ÿ
ÿ
ÿ
ÿ
|
ù
9~*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\
S
oftware\\Adobe\\Feature
S
ub
s
cription
s
\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Regi
s
tered"

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLL
s
charg
é
e
s
dan
s
le
s
proce
s
s
u
s
actif
s
---------------------

 

- - - - - - - > 'explorer.exe'(7864)

c:\program file
s
\Fichier
s
commun
s
\Logi
s
hrd\LVMVFM\LVPrcInj.dll

c:\window
s
\
s
y
s
tem32\webchec
k
.dll

c:\window
s
\
s
y
s
tem32\WPD
S
h
S
erviceObj.dll

c:\window
s
\
s
y
s
tem32\PortableDeviceType
s
.dll

c:\window
s
\
s
y
s
tem32\PortableDeviceApi.dll

.

------------------------ Autre
s
proce
s
s
u
s
actif
s
------------------------

.

c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LVMVFM\LVPrc
S
rv.exe

c:\program file
s
\Lava
s
oft\Ad-Aware 2007\aaw
s
ervice.exe

c:\program file
s
\Home Cinema\PowerCinema\
K
ernel\TV\CLCap
S
vc.exe

c:\program file
s
\Home Cinema\PowerCinema\
K
ernel\CLML_NT
S
ervice\CLML
S
erver.exe

c:\program file
s
\Fichier
s
commun
s
\Light
S
cribe\L
S
S
rvc.exe

c:\program file
s
\Fichier
s
commun
s
\Logi
S
hrd\LVCOM
S
ER\LVCom
S
er.exe

c:\window
s
\
s
y
s
tem32\nv
s
vc32.exe

c:\window
s
\
s
y
s
tem32\HPZipm12.exe

c:\window
s
\
s
y
s
tem32\Pn
k
B
s
trA.exe

c:\program file
s
\CyberLin
k
\
S
hared File
s
\RichVideo.exe

c:\program file
s
\Micro
s
oft\
S
earch Enhancement Pac
k
\
S
eaPort\
S
eaPort.exe

c:\program file
s
\Alcohol
S
oft\Alcohol 120\
S
tarWind\
S
tarWind
S
erviceAE.exe

c:\progra~1\COMMON~1\X10\Common\x10net
s
.exe

c:\program file
s
\Window
s
Media Player\WMPNetw
k
.exe

c:\program file
s
\Home Cinema\PowerCinema\
K
ernel\TV\CL
S
ched.exe

c:\window
s
\RTHDCPL.EXE

c:\window
s
\mHot
k
ey.exe

c:\window
s
\CNYH
K
ey.exe

c:\progra~1\HEWLET~1\HP
S
HAR~1\hpg
s
2wnf.exe

c:\progra~1\HEWLET~1\AiO\
S
hared\Bin\hpoevm07.exe

c:\program file
s
\Fichier
s
commun
s
\Logi
s
hrd\LQCVFX\COCIManager.exe

c:\program file
s
\Hewlett-Pac
k
ard\AiO\
S
hared\bin\hpO
S
T
S
07.exe

c:\program file
s
\Hewlett-Pac
k
ard\AiO\
S
hared\bin\hpO
S
T
S
07.exe

.

**************************************************************************

.

Heure de fin: 2010-03-21 13:25:51 - La machine a red
é
marr
é

ComboFix-quarantined-file
s
.txt 2010-03-21 12:25

ComboFix2.txt 2010-03-21 11:11

 

Avant-CF: 6
 
133
 
981
 
184 octet
s
libre
s

Apr
è
s
-CF: 6
 
092
 
005
 
376 octet
s
libre
s

 

- - End Of File - - 326438A187E5FF81BE57F0AC6D81F7B4

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Antivir va sûrement beaucoup réagir, notamment sur la quarantaine de comboFix, donc ne te formalise pas trop, suis les instructions normalement.

 

Pour le rapport Antivir, il est indiqué dans ma signature comment le trouver et le poster.

 

Antivir est un antivirus gratuit, efficace et léger, maintenant en français, dont les mises à jour sont quotidiennes et les nouvelles menaces sont rapidement intégrées dans sa base virale. (D'où la meilleure protection).

 

 

 

PS: Quand un fichier infecté est détecté par Antivir, une fenêtre semblable à celle-ci s'ouvre:

 

Avira-Francais-037.jpg

 

Antivir te demande ce qu'il doit faire du fichier infecté.

Choisis Déplacer en quarantaine puis clique sur OK.

 

Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

img-221315ynxxt.jpg

Cela permet de ne pas rester à la surveiller.:P

 

Mets-le à jour puis lance une analyse complète.

Poste le rapport obtenu stp.

 

@++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...