Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

help probleme virus perssistant

lulu1323

Par lulu1323
dans Analyses et éradication malwares

 Partager

Messages recommandés

lulu1323 Junior Member

lulu1323

Posté(e)
Posté(e) (modifié)

Bonjour

 

J'ai subit recemment une infection du a un virus HOTMAIL ou il fallait cliquer sur un lien (photo). Je suis une novice en informatique. Je suis allé sur les forums qui m'ont conseillé de faire une analyse COMBOFIX mais je ne comprend pas le rapport. De plus le tuto que j'ai utilisé pour ce programme me conseil de venir sur ce site pour analyser le rapport et supprimer les risidus de l'infection.

 

merci de m'aider voici le rapport

 

ComboFix 10-09-06.04 - lulucastagnette 07/09/2010 18:44:37.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.419 [GMT 2:00]

Lancé depuis: c:\documents and settings\lulucastagnette\Bureau\ComboFix.exe

AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\scrrnfr.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-07 au 2010-09-07 ))))))))))))))))))))))))))))))))))))

.

 

2010-09-06 15:28 . 2010-09-06 15:28 -------- d-----w- c:\program files\AxBx

2010-09-06 14:34 . 2010-09-07 15:21 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-09-05 10:50 . 2010-09-06 08:10 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Conduit

2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Conduit

2010-09-05 10:50 . 2010-09-06 08:11 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Softonic_France

2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Softonic_France

2010-09-04 11:18 . 2010-09-06 12:27 853 ----a-w- C:\FindyKill_Upload_Me_LULU-2FC8CMFJN9.zip

2010-09-04 10:05 . 2010-09-06 12:54 -------- d-----w- C:\FyK

2010-08-31 18:31 . 2010-09-04 08:30 -------- d-----w- c:\program files\Ad-Remover

2010-08-31 16:12 . 2010-08-31 16:12 -------- d-----w- c:\documents and settings\NetworkService\Bureau

2010-08-30 16:20 . 2010-08-30 16:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Spyware Terminator

2010-08-30 09:18 . 2010-08-30 09:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-29 20:33 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-29 10:00 . 2010-09-06 10:32 -------- d-----w- c:\program files\WinClamAVShield

2010-08-28 21:52 . 2010-08-28 21:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Tific

2010-08-28 10:08 . 2010-08-28 10:08 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Sunbelt Software

2010-08-28 10:06 . 2010-08-28 10:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-28 10:05 . 2010-08-28 10:05 -------- d-----w- c:\program files\Lavasoft

2010-08-27 21:32 . 2010-08-27 21:32 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-08-27 21:32 . 2010-09-04 09:32 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Spyware Terminator

2010-08-27 21:32 . 2010-09-06 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2010-08-27 21:32 . 2010-09-03 09:38 -------- d-----w- c:\program files\Spyware Terminator

2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Malwarebytes

2010-08-27 20:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-27 20:52 . 2010-08-29 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 20:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 20:31 . 2010-08-27 21:02 -------- d-----w- c:\windows\BDOSCAN8

2010-08-21 17:16 . 2010-08-21 17:16 -------- d-----w- c:\program files\Fichiers communs\Java

2010-08-17 05:22 . 2010-08-17 05:22 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-07 17:16 . 2009-01-14 14:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-06 07:52 . 2001-09-28 12:00 94622 ----a-w- c:\windows\system32\perfc00C.dat

2010-09-06 07:52 . 2001-09-28 12:00 535444 ----a-w- c:\windows\system32\perfh00C.dat

2010-09-05 13:34 . 2010-03-13 17:43 -------- d-----w- c:\program files\Norton Utilities 14

2010-09-05 09:17 . 2009-01-14 11:23 -------- d-----w- c:\program files\Windows Live

2010-08-27 21:32 . 2010-08-27 21:32 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

2010-08-27 21:32 . 2010-08-27 21:32 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

2010-08-21 17:15 . 2009-01-14 15:55 -------- d-----w- c:\program files\Java

2010-08-15 20:44 . 2009-01-14 14:46 -------- d-----w- c:\program files\Google

2010-08-15 20:40 . 2009-03-16 14:50 -------- d-----w- c:\program files\Yahoo!

2010-08-15 20:38 . 2010-05-14 13:49 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\OfferBox

2010-08-15 07:04 . 2008-09-23 18:29 94208 -c--a-w- c:\windows\DUMP8963.tmp

2010-08-12 12:16 . 2010-08-28 10:06 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-06 07:45 . 2009-01-14 11:26 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\MSN6

2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcp71.dll

2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\jmc.dll

2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcr71.dll

2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-sse.dll

2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-d3d.dll

2010-07-17 03:00 . 2010-05-09 17:49 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:32 . 2001-09-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:17 . 2006-06-23 11:28 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:17 . 2010-04-15 09:21 78336 -c--a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:17 . 2001-09-28 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll

2010-06-24 09:02 . 2001-09-28 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2001-09-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2001-09-28 12:00 80384 -c--a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-09-23 17:33 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe

2010-06-14 07:42 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

 

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_France\tbSoft.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

 

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

 

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-12 4093288]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-27 3037696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]

"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]

"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]

"BuyObaB-Update"="c:\program files\ReducBarre\update.exe" [2010-03-07 532992]

"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]

"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-07-26 3634568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\lulucastagnette\Menu D‚marrer\Programmes\D‚marrage\

Outil de notification Live Search.lnk - c:\documents and settings\lulucastagnette\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-14 143360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk]

backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

backupExtension=Common Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]

2007-12-17 06:00 188928 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GDI Manager]

2008-05-06 00:10 741376 ------w- c:\program files\MFP Server\App\Common\MFPAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-12-11 09:56 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

2010-08-27 21:32 2176512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]

2010-08-27 21:32 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-04-08 10:38 251240 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\MFP Server\\App\\Common\\MFPAgent.exe"=

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [25/05/2010 08:46 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [25/05/2010 08:46 173104]

R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [06/09/2010 16:34 41816]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [06/09/2010 16:34 11776]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [19/08/2010 13:09 692272]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [25/05/2010 08:46 501888]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27/08/2010 23:32 142592]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [25/05/2010 08:46 116784]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [06/09/2010 16:34 1935656]

R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [08/09/2009 18:42 34944]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 08:45 126392]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [28/09/2001 14:00 5120]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [06/09/2010 16:34 71008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/08/2010 20:48 102448]

R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [23/09/2008 19:35 72192]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100906.001\IDSXpx86.sys [07/09/2010 17:59 331640]

R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [24/09/2009 10:56 7936]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 18:13 1562096]

R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [08/09/2009 18:42 10240]

S2 gupdate1c9b472eaf50a6e;Service Google Update (gupdate1c9b472eaf50a6e);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2009 17:43 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14:15 1355928]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14:15 15008]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 15:46 216232]

.

Contenu du dossier 'Tâches planifiées'

 

2010-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:07]

 

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42]

 

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42]

 

2010-09-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

 

2010-09-07 c:\windows\Tasks\User_Feed_Synchronization-{0DF3917A-FA90-4F87-A1CE-635EF589C0C4}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115

Trusted Zone: orange.fr\www

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-HijackThis - c:\documents and settings\lulucastagnette\Local Settings\Temporary Internet Files\Content.IE5\HLJ9IE4L\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-07 19:16

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]

"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]

"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Autres processus actifs ------------------------

.

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\System32\msdtc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\SOUNDMAN.EXE

c:\documents and settings\lulucastagnette\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

c:\program files\Orange\Launcher\Launcher.exe

.

**************************************************************************

.

Heure de fin: 2010-09-07 19:26:57 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-09-07 17:26

 

Avant-CF: 93 296 283 648 octets libres

Après-CF: 93 300 899 840 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /usepmtimer /NoExecute=OptIn

 

- - End Of File - - 42C1015C32E142E9F228799DE23D41EF

Modifié par lulu1323
  • Upvote 1

lulu1323 Junior Member

lulu1323

Posté(e)
  • Auteur
Posté(e)

bonjour

 

il y a 3 jours je vous avez demandé de l'aide et pas de reponse.....

 

depuis le virus et revenu avec toute ses contraintes: desactivation de mon anti virus (norton 2010), désactivation de mes pare feu windows, bloquage de emule, bloquage des mises a jours windowx....

 

svp, svp, aidez moi

 

j'ai refait un combofix voici le rapport

 

ComboFix 10-09-09.04 - lulucastagnette 10/09/2010 15:16:23.2.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.175 [GMT 2:00]

Lancé depuis: c:\documents and settings\lulucastagnette\Bureau\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-10 au 2010-09-10 ))))))))))))))))))))))))))))))))))))

.

 

2010-09-05 10:50 . 2010-09-06 08:10 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Conduit

2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Conduit

2010-09-05 10:50 . 2010-09-06 08:11 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Softonic_France

2010-09-05 10:50 . 2010-09-05 10:50 -------- d-----w- c:\program files\Softonic_France

2010-09-04 11:18 . 2010-09-06 12:27 853 ----a-w- C:\FindyKill_Upload_Me_LULU-2FC8CMFJN9.zip

2010-09-04 10:05 . 2010-09-06 12:54 -------- d-----w- C:\FyK

2010-08-31 18:31 . 2010-09-04 08:30 -------- d-----w- c:\program files\Ad-Remover

2010-08-31 16:12 . 2010-08-31 16:12 -------- d-----w- c:\documents and settings\NetworkService\Bureau

2010-08-30 16:20 . 2010-08-30 16:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Spyware Terminator

2010-08-30 09:18 . 2010-08-30 09:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-29 20:33 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-29 10:00 . 2010-09-09 08:40 -------- d-----w- c:\program files\WinClamAVShield

2010-08-28 21:52 . 2010-08-28 21:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Tific

2010-08-28 10:08 . 2010-08-28 10:08 -------- d-----w- c:\documents and settings\lulucastagnette\Local Settings\Application Data\Sunbelt Software

2010-08-28 10:06 . 2010-08-28 10:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-28 10:05 . 2010-08-28 10:05 -------- d-----w- c:\program files\Lavasoft

2010-08-27 21:32 . 2010-08-27 21:32 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-08-27 21:32 . 2010-09-09 08:26 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Spyware Terminator

2010-08-27 21:32 . 2010-09-09 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2010-08-27 21:32 . 2010-09-09 08:56 -------- d-----w- c:\program files\Spyware Terminator

2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\Malwarebytes

2010-08-27 20:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 20:52 . 2010-08-27 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-27 20:52 . 2010-08-29 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 20:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 20:31 . 2010-09-07 19:31 -------- d-----w- c:\windows\BDOSCAN8

2010-08-21 17:16 . 2010-08-21 17:16 -------- d-----w- c:\program files\Fichiers communs\Java

2010-08-17 05:22 . 2010-08-17 05:22 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-10 12:52 . 2009-01-14 14:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-10 11:22 . 2009-01-14 15:49 -------- d-----w- c:\program files\eMule

2010-09-06 07:52 . 2001-09-28 12:00 94622 ----a-w- c:\windows\system32\perfc00C.dat

2010-09-06 07:52 . 2001-09-28 12:00 535444 ----a-w- c:\windows\system32\perfh00C.dat

2010-09-05 13:34 . 2010-03-13 17:43 -------- d-----w- c:\program files\Norton Utilities 14

2010-09-05 09:17 . 2009-01-14 11:23 -------- d-----w- c:\program files\Windows Live

2010-08-27 21:32 . 2010-08-27 21:32 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

2010-08-27 21:32 . 2010-08-27 21:32 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

2010-08-21 17:15 . 2009-01-14 15:55 -------- d-----w- c:\program files\Java

2010-08-15 20:44 . 2009-01-14 14:46 -------- d-----w- c:\program files\Google

2010-08-15 20:40 . 2009-03-16 14:50 -------- d-----w- c:\program files\Yahoo!

2010-08-15 20:38 . 2010-05-14 13:49 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\OfferBox

2010-08-15 07:04 . 2008-09-23 18:29 94208 -c--a-w- c:\windows\DUMP8963.tmp

2010-08-12 12:16 . 2010-08-28 10:06 2979848 begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting begin_of_the_skype_highlighting 06 2979848 end_of_the_skype_highlighting -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-06 07:45 . 2009-01-14 11:26 -------- d-----w- c:\documents and settings\lulucastagnette\Application Data\MSN6

2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcp71.dll

2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\jmc.dll

2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7427945d-n\msvcr71.dll

2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-sse.dll

2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\lulucastagnette\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-60cbb00e-n\decora-d3d.dll

2010-07-17 03:00 . 2010-05-09 17:49 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:32 . 2001-09-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:17 . 2006-06-23 11:28 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:17 . 2010-04-15 09:21 78336 -c--a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:17 . 2001-09-28 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll

2010-06-24 09:02 . 2001-09-28 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2001-09-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2001-09-28 12:00 80384 -c--a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-09-23 17:33 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe

2010-06-14 07:42 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

 

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

2010-06-13 17:10 2734688 ----a-w- c:\program files\Softonic_France\tbSoft.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

 

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-06-13 2734688]

 

[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-12 4093288]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-27 3037696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]

"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]

"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]

"BuyObaB-Update"="c:\program files\ReducBarre\update.exe" [2010-03-07 532992]

"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-08-27 2176512]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\lulucastagnette\Menu D‚marrer\Programmes\D‚marrage\

Outil de notification Live Search.lnk - c:\documents and settings\lulucastagnette\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-14 143360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk]

backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup

backupExtension=Common Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 -c--a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]

2007-12-17 06:00 188928 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GDI Manager]

2008-05-06 00:10 741376 ------w- c:\program files\MFP Server\App\Common\MFPAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-12-11 09:56 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

2010-08-27 21:32 2176512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]

2010-08-27 21:32 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-04-08 10:38 251240 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\MFP Server\\App\\Common\\MFPAgent.exe"=

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [25/05/2010 08:46 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [25/05/2010 08:46 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [19/08/2010 13:09 692272]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [25/05/2010 08:46 501888]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [27/08/2010 23:32 142592]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [25/05/2010 08:46 116784]

R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [08/09/2009 18:42 34944]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 08:45 126392]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [28/09/2001 14:00 5120]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/08/2010 20:48 102448]

R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [23/09/2008 19:35 72192]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100909.001\IDSXpx86.sys [10/09/2010 11:39 331640]

R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [24/09/2009 10:56 7936]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 18:13 1562096]

R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [08/09/2009 18:42 10240]

S2 gupdate1c9b472eaf50a6e;Service Google Update (gupdate1c9b472eaf50a6e);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2009 17:43 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14:15 1355928]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14:15 15008]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 15:46 216232]

.

Contenu du dossier 'Tâches planifiées'

 

2010-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:07]

 

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42]

 

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 15:42]

 

2010-09-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

 

2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{0DF3917A-FA90-4F87-A1CE-635EF589C0C4}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.foozir.com/

mStart Page = hxxp://www.foozir.com/

TCP: {91E4EF5D-E9B5-483A-9F75-B4A9F6CE5573} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-10 15:26

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]

"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]

"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(3184)

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Heure de fin: 2010-09-10 15:35:02

ComboFix-quarantined-files.txt 2010-09-10 13:34

ComboFix2.txt 2010-09-07 17:27

 

Avant-CF: 88 388 980 736 octets libres

Après-CF: 88 383 766 528 octets libres

 

- - End Of File - - 55B1024A466242D325134913907B7C9E

Edition Thanos: j'ai fusionné tes deux sujets lulu123

  • Upvote 1

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...