Pc semble infecte
annsosimon
Messages postés
2
Statut
Membre
-
annsosimon Messages postés 2 Statut Membre -
annsosimon Messages postés 2 Statut Membre -
Bonjour,
Mon PC m'envoie un message me disant qu'un virus se trouve dans mse documents : application\data\google\shell32.dll
Mon anti virus Trend le détecte mais n'arrive pas à le nettoyer,
Spybot ne le voit pas.
J'ai effectué un scan en ligne via kaspersky comme vu sur le forum,
puis téléchargement d'un antivirus windows, RAS.
Puis, encore vu sur le forum,
j'ai exécuté combofx et voici le rapport qu'il me donne :
ComboFix 09-08-04.04 - AnnSo 06/08/2009 11:33.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.391 [GMT 2:00]
Running from: c:\documents and settings\AnnSo\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\AnnSo\Application Data\Google\ocprg23017248.exe
c:\documents and settings\AnnSo\Application Data\Google\Shell32.dll
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (2).JPG
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (2).JPG
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (3).JPG
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (3).JPG
c:\windows\system32\Ijl11.dll
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NWCWORKSTATION
-------\Service_Boonty Games
-------\Service_NWCWorkstation
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-08-05 15:14 . 2009-08-05 15:15 -------- d-----w- C:\rsit
2009-07-24 19:23 . 2009-07-24 19:23 4956408 ----a-w- c:\documents and settings\AnnSo\Application Data\pdinstall.exe
2009-07-24 19:18 . 2009-07-24 19:18 422 ----a-w- c:\documents and settings\AnnSo\Application Data\AdobeUM\mario.exe
2009-07-24 19:18 . 2009-07-24 19:18 16141 ----a-w- c:\documents and settings\AnnSo\Application Data\Anuman Interactive\flamiks32.exe
2009-07-24 19:18 . 2009-07-24 19:18 145131 ----a-w- c:\documents and settings\AnnSo\Application Data\Ahead\pingo.dll
2009-07-24 19:18 . 2009-07-24 19:18 13221 ----a-w- c:\documents and settings\AnnSo\Application Data\Adobe\xl12.exe
2009-07-24 19:18 . 2009-07-24 19:18 11232 ----a-w- c:\documents and settings\AnnSo\Application Data\2020 Fusion\norigami.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 08:54 . 2007-11-14 13:08 -------- d-----w- c:\program files\Trend Micro
2009-08-06 07:22 . 2006-12-15 15:43 -------- d-----w- c:\program files\Lavalys
2009-08-06 07:20 . 2007-08-16 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-03 18:28 . 2007-08-16 13:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 15:05 . 2006-12-25 19:25 24606 ----a-w- c:\documents and settings\AnnSo\Application Data\wklnhst.dat
2009-06-28 21:56 . 2009-06-27 22:29 -------- d-----w- c:\documents and settings\AnnSo\Application Data\dvdcss
2009-06-27 12:50 . 2009-06-27 12:50 -------- d-----w- c:\documents and settings\AnnSo\Application Data\teamspeak2
2009-06-26 16:50 . 2002-08-29 10:45 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-12-15 14:49 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2001-08-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2002-08-29 10:44 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-06-18 20:42 . 2006-12-15 14:44 274425064 ----a-w- c:\program files\WindowsXP-KB835935-SP2-FRA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\System32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\System32\sw24.exe" [2006-05-17 69632]
"TM Outbreak Agent"="c:\program files\Trend Micro\Internet Security\TMOAgent.exe" [2003-11-14 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-08-26 122941]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-04 185896]
"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:French
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R2 PccPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\PCCPFW.exe [14/11/2003 20:01 704571]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [22/08/2003 16:17 205328]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Internet Security\Tmntsrv.exe [14/11/2003 20:05 241734]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [22/08/2003 16:17 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\tmproxy.exe [14/11/2003 20:06 204870]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [01/04/2007 11:22 1240576]
S3 CA500AI;GSmart Mini Still Image Capture Version 1.00;c:\windows\system32\Drivers\2NFMin.sys --> c:\windows\system32\Drivers\2NFMin.sys [?]
S3 CA500AV;GSmart Mini WDM Video Capture;c:\windows\system32\DRIVERS\MinAV.SYS --> c:\windows\system32\DRIVERS\MinAV.SYS [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\OGPlanet\Albatross18\GameGuard\dump_wmimmc.sys --> c:\program files\OGPlanet\Albatross18\GameGuard\dump_wmimmc.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\DRIVERS\FLASHSYS.sys --> c:\windows\system32\DRIVERS\FLASHSYS.sys [?]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [11/02/2008 16:35 402432]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [05/03/2009 20:35 27072]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dartybox.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
FF - ProfilePath - c:\documents and settings\AnnSo\Application Data\Mozilla\Firefox\Profiles\w1ax2ldz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 11:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2009-08-06 11:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 09:46
Pre-Run: 191 943 696 384 octets libres
Post-Run: 192 094 871 552 octets libres
169 --- E O F --- 2009-08-06 07:02
Pouvez-vous m'aider svp ?
Merci,
AnneSo et Simon
Mon PC m'envoie un message me disant qu'un virus se trouve dans mse documents : application\data\google\shell32.dll
Mon anti virus Trend le détecte mais n'arrive pas à le nettoyer,
Spybot ne le voit pas.
J'ai effectué un scan en ligne via kaspersky comme vu sur le forum,
puis téléchargement d'un antivirus windows, RAS.
Puis, encore vu sur le forum,
j'ai exécuté combofx et voici le rapport qu'il me donne :
ComboFix 09-08-04.04 - AnnSo 06/08/2009 11:33.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.391 [GMT 2:00]
Running from: c:\documents and settings\AnnSo\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\AnnSo\Application Data\Google\ocprg23017248.exe
c:\documents and settings\AnnSo\Application Data\Google\Shell32.dll
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (2).JPG
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (2).JPG
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (3).JPG
c:\documents and settings\AnnSo\Bureau\shortbread ou gâteau lunette (3).JPG
c:\windows\system32\Ijl11.dll
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NWCWORKSTATION
-------\Service_Boonty Games
-------\Service_NWCWorkstation
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-08-05 15:14 . 2009-08-05 15:15 -------- d-----w- C:\rsit
2009-07-24 19:23 . 2009-07-24 19:23 4956408 ----a-w- c:\documents and settings\AnnSo\Application Data\pdinstall.exe
2009-07-24 19:18 . 2009-07-24 19:18 422 ----a-w- c:\documents and settings\AnnSo\Application Data\AdobeUM\mario.exe
2009-07-24 19:18 . 2009-07-24 19:18 16141 ----a-w- c:\documents and settings\AnnSo\Application Data\Anuman Interactive\flamiks32.exe
2009-07-24 19:18 . 2009-07-24 19:18 145131 ----a-w- c:\documents and settings\AnnSo\Application Data\Ahead\pingo.dll
2009-07-24 19:18 . 2009-07-24 19:18 13221 ----a-w- c:\documents and settings\AnnSo\Application Data\Adobe\xl12.exe
2009-07-24 19:18 . 2009-07-24 19:18 11232 ----a-w- c:\documents and settings\AnnSo\Application Data\2020 Fusion\norigami.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 08:54 . 2007-11-14 13:08 -------- d-----w- c:\program files\Trend Micro
2009-08-06 07:22 . 2006-12-15 15:43 -------- d-----w- c:\program files\Lavalys
2009-08-06 07:20 . 2007-08-16 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-03 18:28 . 2007-08-16 13:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 15:05 . 2006-12-25 19:25 24606 ----a-w- c:\documents and settings\AnnSo\Application Data\wklnhst.dat
2009-06-28 21:56 . 2009-06-27 22:29 -------- d-----w- c:\documents and settings\AnnSo\Application Data\dvdcss
2009-06-27 12:50 . 2009-06-27 12:50 -------- d-----w- c:\documents and settings\AnnSo\Application Data\teamspeak2
2009-06-26 16:50 . 2002-08-29 10:45 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-12-15 14:49 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2001-08-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2002-08-29 10:44 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-06-18 20:42 . 2006-12-15 14:44 274425064 ----a-w- c:\program files\WindowsXP-KB835935-SP2-FRA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\System32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\System32\sw24.exe" [2006-05-17 69632]
"TM Outbreak Agent"="c:\program files\Trend Micro\Internet Security\TMOAgent.exe" [2003-11-14 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-08-26 122941]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-04 185896]
"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:French
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R2 PccPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\PCCPFW.exe [14/11/2003 20:01 704571]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [22/08/2003 16:17 205328]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Internet Security\Tmntsrv.exe [14/11/2003 20:05 241734]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [22/08/2003 16:17 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\tmproxy.exe [14/11/2003 20:06 204870]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [01/04/2007 11:22 1240576]
S3 CA500AI;GSmart Mini Still Image Capture Version 1.00;c:\windows\system32\Drivers\2NFMin.sys --> c:\windows\system32\Drivers\2NFMin.sys [?]
S3 CA500AV;GSmart Mini WDM Video Capture;c:\windows\system32\DRIVERS\MinAV.SYS --> c:\windows\system32\DRIVERS\MinAV.SYS [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\OGPlanet\Albatross18\GameGuard\dump_wmimmc.sys --> c:\program files\OGPlanet\Albatross18\GameGuard\dump_wmimmc.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\DRIVERS\FLASHSYS.sys --> c:\windows\system32\DRIVERS\FLASHSYS.sys [?]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [11/02/2008 16:35 402432]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [05/03/2009 20:35 27072]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dartybox.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
FF - ProfilePath - c:\documents and settings\AnnSo\Application Data\Mozilla\Firefox\Profiles\w1ax2ldz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 11:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2009-08-06 11:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 09:46
Pre-Run: 191 943 696 384 octets libres
Post-Run: 192 094 871 552 octets libres
169 --- E O F --- 2009-08-06 07:02
Pouvez-vous m'aider svp ?
Merci,
AnneSo et Simon
A voir également:
- Pc semble infecte
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
