System security 4.51 Help !
yannae
Messages postés
3
Statut
Membre
-
smart025 Messages postés 193 Statut Membre -
smart025 Messages postés 193 Statut Membre -
Bonjour,
Mon ordinateur est infecté par le virus System Security version 4.51 depuis avant-hier. Il n'a pas manifesté hier donc j'en ai profité pour lancer Combofix.
Voici le rapport :
ComboFix 09-06-13.03 - Microsoft 06/14/2009 13:25.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.460 [GMT 2:00]
Running from: c:\documents and settings\Microsoft\Desktop\combofix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\18862654
c:\documents and settings\All Users\Application Data\98872646
c:\documents and settings\All Users\Application Data\18862654\18862654.exe
c:\documents and settings\All Users\Application Data\18862654\pc18862654cnf
c:\documents and settings\All Users\Application Data\18862654\pc18862654ins
c:\documents and settings\All Users\Application Data\98872646\98872646.exe
C:\GHOST.EXE
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
C:\tj.vbs
c:\windows\ld09.exe
c:\windows\run_1244898236.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 11:21 . 2009-06-14 11:21 -------- d-s---w- C:\bibite
2009-06-13 11:18 . 2009-06-13 11:18 2 ---h--w- c:\windows\zaponce53290.dat
2009-06-13 11:18 . 2009-06-13 11:18 2 ---h--w- c:\windows\zaponce53198.dat
2009-06-13 11:17 . 2009-06-13 11:17 -------- d-sh--r- c:\program files\Manson
2009-06-10 10:57 . 2009-06-10 10:57 -------- d-----w- c:\program files\Yontoo Layers Client for Internet Explorer
2009-06-10 10:57 . 2009-04-03 00:37 36864 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2009-06-10 10:57 . 2009-03-30 01:09 222208 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2009-06-10 10:57 . 2008-08-30 09:05 4608 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-06-10 10:57 . 2009-06-10 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-06-07 19:08 . 2009-06-07 19:08 -------- d-----w- c:\program files\Virtools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 11:10 . 2008-03-10 15:24 2048 ----a-w- c:\windows\vknt.tmp
2009-05-16 10:07 . 2008-07-30 13:30 114 ----a-w- c:\windows\system32\{EC4C8FCB-8A0D-47f6-8F3E-2A34527102F5}.dat
2009-04-06 13:58 . 2009-04-06 13:58 1915520 ----a-w- c:\documents and settings\Microsoft\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
------- Sigcheck -------
[-] 2007-08-02 04:52 1580544 0A874046BB7B547864811CFF0DD19724 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-04-01 17:16 193472 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-05-07 10:54 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\Lenovo\Power2Go\Power2GoExpress.exe" [2007-05-04 2483760]
"mtd2002Svr"="c:\program files\mtd2002\mtdserver.exe" [2002-10-05 544768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vietkey"="c:\program files\Vietkey2000\VKNT.EXE" [2001-10-16 78848]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-11-20 502544]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-20 630784]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-04-29 1486848]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-04-29 1191936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-11-20 151552]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2008-05-07 241664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-20 138008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-20 162584]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-06 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-20 16342528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-10 21:34 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2008-05-07 10:54 589824 ----a-w- c:\windows\system32\PicNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\mtd2002\\mtdserver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\BIN\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\JRE\\BIN\\java.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5/6/2008 11:02 PM 15424]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [3/10/2008 5:34 PM 9344]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [9/10/2008 11:38 PM 57376]
S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [5/7/2008 12:52 PM 17536]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Bewan\Box\Wizard\jswpsapi.exe [9/10/2008 11:38 PM 352338]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [9/10/2008 11:36 PM 27072]
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-kell - c:\program files\Manson\liser.exe
HKLM-Run-98872646 - c:\documents and settings\All Users\Application Data\98872646\98872646.exe
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Explorer_Run-dllcache32.exe - c:\windows\system32\dllcache32.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mido.dauphine.fr/
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.12/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{035E680E-B668-472F-91F3-E850BCC5051F} - c:\program files\Crawler\Notes\CNotes.exe
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 13:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1284)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
c:\windows\system32\PicNotify.dll
c:\windows\system32\Momo.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\picn.dll
- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\imon.dll
.
Completion time: 2009-06-14 13:29
ComboFix-quarantined-files.txt 2009-06-14 11:29
Pre-Run: 8,411,807,744 bytes free
Post-Run: 8,560,787,456 bytes free
166
Quelqu'un pourrait-il m'aider, s'il-vous-plait!
Merci d'avance
Mon ordinateur est infecté par le virus System Security version 4.51 depuis avant-hier. Il n'a pas manifesté hier donc j'en ai profité pour lancer Combofix.
Voici le rapport :
ComboFix 09-06-13.03 - Microsoft 06/14/2009 13:25.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.460 [GMT 2:00]
Running from: c:\documents and settings\Microsoft\Desktop\combofix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\18862654
c:\documents and settings\All Users\Application Data\98872646
c:\documents and settings\All Users\Application Data\18862654\18862654.exe
c:\documents and settings\All Users\Application Data\18862654\pc18862654cnf
c:\documents and settings\All Users\Application Data\18862654\pc18862654ins
c:\documents and settings\All Users\Application Data\98872646\98872646.exe
C:\GHOST.EXE
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
C:\tj.vbs
c:\windows\ld09.exe
c:\windows\run_1244898236.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 11:21 . 2009-06-14 11:21 -------- d-s---w- C:\bibite
2009-06-13 11:18 . 2009-06-13 11:18 2 ---h--w- c:\windows\zaponce53290.dat
2009-06-13 11:18 . 2009-06-13 11:18 2 ---h--w- c:\windows\zaponce53198.dat
2009-06-13 11:17 . 2009-06-13 11:17 -------- d-sh--r- c:\program files\Manson
2009-06-10 10:57 . 2009-06-10 10:57 -------- d-----w- c:\program files\Yontoo Layers Client for Internet Explorer
2009-06-10 10:57 . 2009-04-03 00:37 36864 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2009-06-10 10:57 . 2009-03-30 01:09 222208 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2009-06-10 10:57 . 2008-08-30 09:05 4608 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-06-10 10:57 . 2009-06-10 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-06-07 19:08 . 2009-06-07 19:08 -------- d-----w- c:\program files\Virtools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 11:10 . 2008-03-10 15:24 2048 ----a-w- c:\windows\vknt.tmp
2009-05-16 10:07 . 2008-07-30 13:30 114 ----a-w- c:\windows\system32\{EC4C8FCB-8A0D-47f6-8F3E-2A34527102F5}.dat
2009-04-06 13:58 . 2009-04-06 13:58 1915520 ----a-w- c:\documents and settings\Microsoft\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
------- Sigcheck -------
[-] 2007-08-02 04:52 1580544 0A874046BB7B547864811CFF0DD19724 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-04-01 17:16 193472 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-05-07 10:54 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\Lenovo\Power2Go\Power2GoExpress.exe" [2007-05-04 2483760]
"mtd2002Svr"="c:\program files\mtd2002\mtdserver.exe" [2002-10-05 544768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vietkey"="c:\program files\Vietkey2000\VKNT.EXE" [2001-10-16 78848]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-11-20 502544]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-20 630784]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-04-29 1486848]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-04-29 1191936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-11-20 151552]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2008-05-07 241664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-20 138008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-20 162584]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-06 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-20 16342528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-10 21:34 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2008-05-07 10:54 589824 ----a-w- c:\windows\system32\PicNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\mtd2002\\mtdserver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\BIN\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\JRE\\BIN\\java.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5/6/2008 11:02 PM 15424]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [3/10/2008 5:34 PM 9344]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [9/10/2008 11:38 PM 57376]
S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [5/7/2008 12:52 PM 17536]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Bewan\Box\Wizard\jswpsapi.exe [9/10/2008 11:38 PM 352338]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [9/10/2008 11:36 PM 27072]
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-kell - c:\program files\Manson\liser.exe
HKLM-Run-98872646 - c:\documents and settings\All Users\Application Data\98872646\98872646.exe
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Explorer_Run-dllcache32.exe - c:\windows\system32\dllcache32.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mido.dauphine.fr/
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.12/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{035E680E-B668-472F-91F3-E850BCC5051F} - c:\program files\Crawler\Notes\CNotes.exe
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 13:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1284)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
c:\windows\system32\PicNotify.dll
c:\windows\system32\Momo.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\picn.dll
- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\imon.dll
.
Completion time: 2009-06-14 13:29
ComboFix-quarantined-files.txt 2009-06-14 11:29
Pre-Run: 8,411,807,744 bytes free
Post-Run: 8,560,787,456 bytes free
166
Quelqu'un pourrait-il m'aider, s'il-vous-plait!
Merci d'avance
A voir également:
- System security 4.51 Help !
- Reboot system now - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Ai security avis - Forum Mobile
- Cette action ne peut pas être réalisée car le fichier est ouvert dans system - Guide
- Mail delivery system ✓ - Forum Virus
