baaz | Bonjour,
Et tout d'abord merci pour l'existence de ce forum et les gens qui y passent du temps
J'ai réçemment subi une infection et je n'arrive pas à m'en débarasser! A chaque fois que je surfe sur Internet, NOD32 m'annonce régulièrement des attaques de type Win32/Injector.NX ou même le fameux Win32/Sality.NAR (mais qui n'apparait heureusement plus...)
Elles sont localisées dans CDocuments and Settings/NetworkService/Local Settings/Temporary Internet Files, ...
Puis on m'annonce un fichier suspect genre cwindows/system32/65.scr
J'ai fait tourner NOD32 (à jour) + Malwarebyte's Antimalware mais ils n'arrivent pas à l'éradiquer! Ils arrêtent les attaques mais le virus revient tout le temps
Suite à des lectures sur ce forum j'ai téléchargé AVPTool de Kaspersky, fait plusieurs scans en mode sans echec, il m'a supprimé des trucs. j'ai également essay rmsality.exe, et rien de son côté.
J'ai téléchargé le fameux ComboFix, je l'ai fait tourner en mode sans echec (en ayant désinstallé l'antivirus), il m'a effectivement supprimé des choses...
Suite à tout ces scans et utilitaires exécutés, je resurfe et PAM, même chose (Trojan Injector, fichier douteux windows system32 blabla.scr.
Je n'arrive pas à m'en débarasser, HELP!
d'après ce que je comprends il faudrait que je fasse un scan ComboFix puis que quelqu'un m'indique un fichier .txt à lui balancer dedans pour effacer les malicieux et ça je ne sais pas faire tout seul!
Un grand merci d'avance pour votre aide
baz
Ci joint un log HikackThis
Code :
- Logfile of Trend Micro HijackThis v2.0.2
- Scan saved at 21:11:57, on 15/07/2010
- Platform: Windows XP SP3 (WinNT 5.01.2600)
- MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
- Boot mode: Normal
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\WINDOWS\system32\acs.exe
- C:\Program Files\Bonjour\mDNSResponder.exe
- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
- C:\Program Files\Java\jre6\bin\jqs.exe
- C:\Program Files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe
- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\system32\Tablet.exe
- C:\WINDOWS\Explorer.EXE
- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
- C:\WINDOWS\system32\wscntfy.exe
- C:\WINDOWS\System32\DeltaIITray.exe
- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
- C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
- C:\WINDOWS\system32\WTablet\TabUserW.exe
- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
- C:\Program Files\Mozilla Firefox\firefox.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\NOTEPAD.EXE
- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
- R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
- O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
- O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
- O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
- O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
- O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
- O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
- O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
- O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
- O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
- O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
- O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
- O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
- O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
- O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
- O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
- O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
- O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
- O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
- O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
- O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
- O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
- O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
- O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
- O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
- O4 - S-1-5-18 Startup: Suitcase 11.0.lnk = C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe (User 'SYSTEM')
- O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
- O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
- O4 - .DEFAULT Startup: Suitcase 11.0.lnk = C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe (User 'Default user')
- O4 - Startup: PowerReg Scheduler.exe
- O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
- O4 - Startup: Suitcase 11.0.lnk = C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
- O4 - Global Startup: Suitcase 11.0.lnk = ?
- O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
- O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
- O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
- O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
- O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
- O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
- O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
- O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
- O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
- O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
- O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
- O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
- O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
- O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
- O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
- O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
- O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
- O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
- O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
- O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
- O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (file missing)
- O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe
- O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
- O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
- O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
- O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
- --
- End of file - 10221 bytes
|
Et le dernier log ComboFix (juste avant que je redémarre que que le Virus revienne...)
Code :
- ComboFix 10-07-13.08 - Admin 15/07/2010 18:41:04.7.4 - x86 MINIMAL
- Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.3053 [GMT 2:00]
- Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
- FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
- .
- ((((((((((((((((((((((((((((( Fichiers créés du 2010-06-15 au 2010-07-15 ))))))))))))))))))))))))))))))))))))
- .
- 2010-07-15 16:34 . 2010-07-15 16:34 -------- d-----w- C:\Kaspersky
- 2010-07-15 09:49 . 2010-07-15 16:33 -------- d-----w- c:\windows\LastGood
- 2010-07-15 09:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-07-15 09:39 . 2010-07-15 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
- 2010-07-15 09:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
- 2010-07-14 22:54 . 2010-07-14 22:54 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft
- 2010-07-14 22:54 . 2010-07-14 22:54 -------- d-sh--w- c:\documents and settings\LocalService.AUTORITE NT
- 2010-07-14 22:43 . 2008-04-13 17:33 221184 ----a-w- c:\windows\system32\wmpns.dll
- 2010-07-14 22:37 . 2010-07-14 22:37 -------- d--h--w- c:\windows\system32\GroupPolicy
- 2010-07-14 10:43 . 2010-07-14 14:16 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
- 2010-07-06 21:00 . 2010-07-13 18:44 -------- d-----w- c:\program files\Camera Assistant Software for ViewSonic
- 2010-06-26 08:07 . 2007-12-14 02:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
- 2010-06-26 06:46 . 2010-06-26 06:46 -------- d-----w- c:\program files\Atheros
- 2010-06-24 16:51 . 2010-06-24 16:51 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros
- 2010-06-24 16:49 . 2010-06-24 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR
- 2010-06-22 21:52 . 2010-06-22 21:52 -------- d-----w- c:\documents and settings\Admin\Application Data\AdSigner
- .
- (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2010-07-15 09:47 . 2009-06-21 13:56 -------- d-----w- c:\program files\ESET
- 2010-07-15 09:43 . 2009-06-28 08:45 336 ----a-w- c:\windows\system32\tablet.dat
- 2010-07-15 09:43 . 2009-06-25 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Extensis
- 2010-07-15 09:43 . 2009-07-25 08:10 50312 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
- 2010-07-15 09:33 . 2001-10-02 16:17 71248 ----a-w- c:\windows\system32\perfc00C.dat
- 2010-07-15 09:33 . 2001-10-02 16:17 458230 ----a-w- c:\windows\system32\perfh00C.dat
- 2010-07-14 14:40 . 2009-11-14 08:50 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
- 2010-07-13 18:44 . 2009-06-21 14:03 -------- d--h--w- c:\program files\InstallShield Installation Information
- 2010-07-13 18:44 . 2010-04-04 12:04 -------- d-----w- c:\program files\Fichiers communs\Apple
- 2010-07-13 15:00 . 2009-11-20 08:49 -------- d-----w- c:\program files\Mozilla Thunderbird
- 2010-07-06 06:47 . 2010-04-10 09:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
- 2010-07-05 19:34 . 2009-06-22 21:58 58720 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
- 2010-07-03 17:13 . 2009-06-24 23:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Spotify
- 2010-07-02 07:46 . 2009-07-06 12:59 -------- d-----w- c:\program files\CCleaner
- 2010-06-30 23:31 . 2009-06-24 23:51 -------- d-----w- c:\program files\FlashFXP
- 2010-06-27 07:10 . 2009-06-22 21:31 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
- 2010-06-26 08:31 . 2010-06-13 11:53 -------- d-----r- c:\program files\Skype
- 2010-06-12 13:32 . 2010-03-14 12:21 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
- 2010-06-12 13:32 . 2010-07-14 15:51 53632 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
- 2010-06-12 13:32 . 2010-06-12 13:33 53632 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
- 2010-06-12 11:33 . 2009-07-07 08:24 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
- 2010-06-12 11:32 . 2009-07-07 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
- 2010-06-04 06:58 . 2010-04-27 20:40 -------- d-----w- c:\program files\TweetDeck
- 2010-05-31 21:13 . 2009-06-25 23:02 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
- 2010-05-24 12:20 . 2010-05-24 12:20 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30665fa3-n\decora-sse.dll
- 2010-05-24 12:20 . 2010-05-24 12:20 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-316fe6ef-n\msvcp71.dll
- 2010-05-24 12:20 . 2010-05-24 12:20 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-316fe6ef-n\jmc.dll
- 2010-05-24 12:20 . 2010-05-24 12:20 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-316fe6ef-n\msvcr71.dll
- 2010-05-24 12:20 . 2010-05-24 12:20 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30665fa3-n\decora-d3d.dll
- 2010-05-15 05:41 . 2010-05-15 05:41 411368 ----a-w- c:\windows\system32\deployJava1.dll
- 2010-04-27 21:16 . 2010-04-27 21:16 655360 ----a-w- c:\documents and settings\Admin\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
- 2010-04-27 21:16 . 2010-04-27 21:16 282624 ----a-w- c:\documents and settings\Admin\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
- 2010-04-27 21:16 . 2010-04-27 21:16 208896 ----a-w- c:\documents and settings\Admin\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
- 2009-07-06 12:59 . 2009-07-06 12:59 1548 ----a-w- c:\program files\CCleaner.lnk
- 2009-07-06 12:26 . 2009-07-06 12:26 645 ----a-w- c:\program files\RegCleaner.lnk
- 2002-08-27 16:40 . 2009-06-21 08:50 55313 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
- .
- ((((((((((((((((((((((((((((( SnapShot@2010-07-14_22.31.56 )))))))))))))))))))))))))))))))))))))))))
- .
- - 2001-10-02 16:17 . 2010-07-14 15:32 58596 c:\windows\system32\perfc009.dat
- + 2001-10-02 16:17 . 2010-07-15 09:33 58596 c:\windows\system32\perfc009.dat
- + 2010-07-15 13:17 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\89607492.sys
- + 2010-07-15 16:33 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\65845702.sys
- + 2001-10-02 16:17 . 2010-07-15 09:33 392296 c:\windows\system32\perfh009.dat
- - 2001-10-02 16:17 . 2010-07-14 15:32 392296 c:\windows\system32\perfh009.dat
- + 2010-07-15 13:17 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\89607491.sys
- + 2010-07-15 13:17 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\8960749.sys
- + 2010-07-15 16:33 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\65845701.sys
- + 2010-07-15 16:33 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\6584570.sys
- + 2009-06-20 23:34 . 2010-07-15 09:48 2086200 c:\windows\system32\FNTCACHE.DAT
- .
- ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
- REGEDIT4
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-02 135664]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
- "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
- "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
- "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
- "M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
- "DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
- "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
- "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
- "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
- "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
- "nlsf"="move" [X]
- "Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
- "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
- c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
- PowerReg Scheduler.exe [2009-6-21 0]
- Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
- Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
- c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
- PowerReg Scheduler.exe [2009-6-21 0]
- Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
- Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
- c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
- PowerReg Scheduler.exe [2009-6-21 0]
- Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
- Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
- c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
- Suitcase 11.0.lnk - c:\windows\Installer\{7451C9B5-3E10-4E59-AD37-AB7438D84288}\_01D57C9244869186542E24.exe [2009-6-25 9062]
- TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-6-28 114688]
- c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
- PowerReg Scheduler.exe [2009-6-21 0]
- Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
- Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
- "NoSMHelp"= 1 (0x1)
- "MemCheckBoxInRunDlg"= 1 (0x1)
- "NoSMBalloonTip"= 1 (0x1)
- "NoWelcomeScreen"= 1 (0x1)
- "NoAutoUpdate"= 1 (0x1)
- [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
- "NoSMHelp"= 1 (0x1)
- "MemCheckBoxInRunDlg"= 1 (0x1)
- "NoSMBalloonTip"= 1 (0x1)
- "NoWelcomeScreen"= 1 (0x1)
- "NoAutoUpdate"= 1 (0x1)
- [HKEY_LOCAL_MACHINE\software\microsoft\security center]
- "AntiVirusOverride"=dword:00000001
- "FirewallOverride"=dword:00000001
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
- "EnableFirewall"= 0 (0x0)
- "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
- "%windir%\\system32\\sessmgr.exe"=
- "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
- "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
- "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
- "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
- "c:\\Program Files\\Spotify\\spotify.exe"=
- "c:\\Program Files\\Extensis\\Extensis Suitcase 11\\Bonjour\\mDNSResponder.exe"=
- "c:\\Program Files\\uTorrent\\uTorrent.exe"=
- "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
- "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
- "c:\\Program Files\\MediaMonkey\\MediaMonkey.exe"=
- "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
- "5353:TCP"= 5353:TCP:Adobe CSI CS4
- "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
- "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
- "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
- "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
- "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
- "3689:TCP"= 3689:TCP:MonkeyTunes
- "5353:UDP"= 5353:UDP:Bonjour
- R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [03/10/2009 12:24 16384]
- R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22/07/2008 10:01 151592]
- R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [23/06/2009 00:29 270888]
- S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/12/2009 16:08 691696]
- S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
- S2 NIHardwareService;NIHardwareService;c:\program files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe [17/07/2009 15:32 3576320]
- S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
- S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
- S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 288112]
- S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [25/06/2009 00:36 302728]
- S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
- S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe --> c:\program files\NETGEAR\WN111v2\jswpsapi.exe [?]
- S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
- S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [23/06/2009 00:29 65576]
- S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2.sys --> c:\windows\system32\DRIVERS\WN111v2.sys [?]
- .
- Contenu du dossier 'Tâches planifiées'
- 2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1060284298-725345543-1003Core.job
- - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 09:07]
- 2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1060284298-725345543-1003UA.job
- - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 09:07]
- .
- .
- ------- Examen supplémentaire -------
- .
- uStart Page = hxxp://www.google.fr/
- uInternet Settings,ProxyOverride = *.local
- uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
- IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
- IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
- IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
- IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
- IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
- FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\idma7jh1.default\
- FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
- FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
- FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
- ---- PARAMETRES FIREFOX ----
- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "" );
- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
- .
- **************************************************************************
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2010-07-15 18:45
- Windows 5.1.2600 Service Pack 3 NTFS
- Recherche de processus cachés ...
- Recherche d'éléments en démarrage automatique cachés ...
- Recherche de fichiers cachés ...
- Scan terminé avec succès
- Fichiers cachés: 0
- **************************************************************************
- .
- --------------------- CLES DE REGISTRE BLOQUEES ---------------------
- [HKEY_USERS\S-1-5-21-1202660629-1060284298-725345543-1003\SOFTWARE\SecuROM\License information*]
- "datasecu"=hex:63,55,2b,f4,b8,34,65,db,8a,69,2a,d9,fc,84,ae,44,96,85,ff,d6,4c,
- 66,30,16,10,e0,90,6c,53,09,25,d0,3c,6e,b9,e1,b0,e8,e9,a9,9d,22,1c,e5,16,e5,\
- "rkeysecu"=hex:c9,3f,58,4e,9e,46,f4,ad,2c,e0,9e,84,61,4e,63,40
- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
- "Version"=hex:51,20,f8,30,6b,57,ac,7b,ba,d6,10,cd,f1,f7,42,2d,47,66,77,d2,5f,
- 3b,5f,1b,98,31,ed,60,4c,57,e6,6a,be,31,b7,b1,19,c3,d9,f0,da,a3,0d,c1,e5,5b,\
- [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
- "Version"=hex:51,20,f8,30,6b,57,ac,7b,ba,d6,10,cd,f1,f7,42,2d,47,66,77,d2,5f,
- 3b,5f,1b,98,31,ed,60,4c,57,e6,6a,be,31,b7,b1,19,c3,d9,f0,da,a3,0d,c1,e5,5b,\
- .
- --------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - - > 'winlogon.exe'(244)
- c:\windows\system32\Ati2evxx.dll
- c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- .
- Heure de fin: 2010-07-15 18:47:00
- ComboFix-quarantined-files.txt 2010-07-15 16:46
- ComboFix2.txt 2010-07-15 14:18
- ComboFix3.txt 2010-07-15 09:26
- ComboFix4.txt 2010-07-14 23:23
- ComboFix5.txt 2010-07-15 16:35
- Avant-CF: 56 150 528 000 octets libres
- Après-CF: 56 138 510 336 octets libres
- - - End Of File - - 1F6B4408618E7697C8D37D25BDC5B6DD
|
|