Trojan-gamethief
pakko
Messages postés
660
Statut
Membre
-
pakko Messages postés 660 Statut Membre -
pakko Messages postés 660 Statut Membre -
Bonsoir,
Ma machine est infecté par une multitude de cheval (chevaux?) de troie Trojan-gamethief, le problème c'est que a chaque fois que mon Antivirus les supprime ils réapparaissent de nouveau.
j'ai téléchargé Combofix voici le rapport on espérant de l'aide :
ComboFix 09-09-18.01 - Amine 18/09/2009 19:14.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.284 [GMT 0:00]
Lancé depuis: c:\documents and settings\Amine\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.
2009-09-18 16:27 . 2009-09-18 16:27 -------- d-----w- c:\windows\system32\Adobe
2009-09-17 15:34 . 2009-09-17 15:34 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-17 15:28 . 2009-09-17 15:42 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-17 15:28 . 2009-09-17 15:42 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-17 15:22 . 2009-09-18 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-16 12:20 . 2009-09-16 12:20 -------- d-----w- C:\found.000
2009-09-13 12:29 . 2009-09-13 12:31 -------- d-----w- c:\program files\Anti Keylogger Shield
2009-09-13 12:15 . 2009-09-17 15:49 -------- d-----w- c:\program files\rkfree
2009-09-13 12:15 . 2009-09-13 12:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\rkfree
2009-09-11 14:29 . 2009-09-11 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-11 14:19 . 2009-09-11 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:17 . 2002-10-15 00:00 44875 ----a-w- c:\windows\system32\IPrtCnst.dll
2009-09-11 14:17 . 2002-10-15 00:00 13891 ----a-w- c:\windows\system32\drivers\IdeBusDr.sys
2009-09-11 14:17 . 2002-10-15 00:00 101431 ----a-w- c:\windows\system32\drivers\IdeChnDr.sys
2009-09-11 14:15 . 2009-09-11 15:28 -------- d-----w- c:\program files\Intel
2009-09-11 14:08 . 2001-08-24 15:47 442168 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-09-11 14:08 . 2001-08-24 14:07 2619 ----a-w- c:\windows\system32\drivers\sensupgd.sys
2009-09-11 14:08 . 2009-09-11 14:09 -------- d-----w- c:\program files\Analog Devices
2009-09-11 14:08 . 2001-08-10 09:28 28672 ----a-w- c:\windows\system32\Aud2Full.exe
2009-09-11 14:00 . 2009-09-11 14:28 -------- d-----w- c:\windows\nview
2009-09-11 14:00 . 2004-04-13 15:25 110592 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-11 13:25 . 2009-09-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 13:23 . 2009-09-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 13:23 . 2009-09-11 13:23 -------- d-----w- c:\program files\NOS
2009-09-09 14:42 . 2009-09-09 14:42 -------- d-----w- c:\program files\Axon Data
2009-09-09 14:10 . 2009-09-09 14:10 -------- d-----w- c:\documents and settings\Amine\Application Data\Desktopicon
2009-09-09 14:10 . 2009-09-09 14:14 -------- d-----w- c:\program files\Unlocker
2009-09-09 13:57 . 2009-09-09 14:28 -------- d-----w- c:\program files\SafeSoft
2009-09-03 10:24 . 2009-09-11 13:51 -------- d-----w- c:\program files\ma-config.com
2009-09-03 10:24 . 2009-09-11 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-09-03 01:20 . 2009-09-03 01:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-03 01:20 . 2009-09-12 03:35 -------- d-----w- c:\documents and settings\Amine\Application Data\skypePM
2009-09-03 01:17 . 2009-09-12 03:36 -------- d-----w- c:\documents and settings\Amine\Application Data\Skype
2009-09-03 01:14 . 2009-09-03 01:14 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-03 01:14 . 2009-09-04 00:22 -------- d-----r- c:\program files\Skype
2009-09-03 01:14 . 2009-09-03 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-03 00:12 . 2009-09-03 00:12 -------- d-----w- c:\documents and settings\Amine\Application Data\teamspeak2
2009-09-03 00:12 . 2009-09-03 00:12 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-09-01 03:21 . 2009-09-01 05:29 -------- d-----w- c:\program files\Valve
2009-09-01 01:35 . 2009-09-01 14:33 -------- d-----w- c:\program files\Steam
2009-08-31 20:31 . 2009-08-31 20:32 -------- d-----w- c:\program files\eMule
2009-08-31 02:21 . 2009-08-31 02:21 -------- d--h--w- c:\windows\PIF
2009-08-28 17:11 . 2009-08-29 01:27 -------- d-----w- c:\program files\A4Proxy
2009-08-28 16:38 . 2009-08-28 16:38 -------- d-----w- c:\program files\SurfNolimit
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 09:25 . 2009-03-17 21:02 -------- d-----w- c:\program files\DofusBeta
2009-09-17 15:16 . 2008-03-24 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-16 12:38 . 2008-06-10 15:44 -------- d-----w- c:\program files\Dofus
2009-09-15 23:30 . 2009-02-14 11:54 -------- d-----w- c:\program files\MSECache
2009-09-15 13:22 . 2008-03-25 01:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-15 03:33 . 2008-06-23 22:35 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-13 15:42 . 2008-03-25 00:59 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-12 16:54 . 2008-04-04 02:02 -------- d-----w- c:\program files\Java
2009-09-12 15:46 . 2001-08-24 12:00 73260 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-12 15:46 . 2001-08-24 12:00 464892 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-11 14:17 . 2008-03-24 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 05:45 . 2008-06-03 20:31 -------- d-----w- c:\program files\Mp3 My Mp3 2.0
2009-08-31 05:13 . 2008-03-24 22:31 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-29 01:27 . 2008-05-01 10:46 -------- d-----w- c:\program files\Notepad++
2009-08-29 01:27 . 2008-05-01 10:46 -------- d-----w- c:\documents and settings\Amine\Application Data\Notepad++
2009-08-29 01:17 . 2008-05-13 20:23 -------- d-----w- c:\program files\Website Layout Maker
2009-08-29 01:15 . 2008-04-13 21:13 -------- d-----w- c:\program files\Easy GIF Animator
2009-08-28 18:10 . 2008-03-29 16:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 12:49 . 2009-08-17 12:49 -------- d-----w- c:\documents and settings\Souad\Application Data\vlc
2009-08-06 15:18 . 2009-08-06 15:18 -------- d-----w- c:\documents and settings\Amine\Application Data\Malwarebytes
2009-08-06 15:18 . 2009-08-06 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:17 . 2009-08-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 14:50 . 2009-08-06 14:50 -------- d-----w- c:\program files\Uniblue
2009-08-03 12:36 . 2009-08-06 15:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-08-06 15:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 . 2008-11-23 14:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 03:35 . 2009-07-21 03:35 -------- d-----w- c:\documents and settings\Amine\Application Data\SystemRequirementsLab
2009-07-03 15:48 . 2009-07-03 15:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 15:45 . 2009-07-03 15:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
.
------- Sigcheck -------
[7] 2007-12-07 . 906D0EC58033A9475BF8C7F885B7ED45 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2007-12-07 . F4FD487241D3AC291046A22CEBD2CF71 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
[-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-03 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-04-13 46080]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-08-08 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-04-13 782336]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-10-18 839680]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [03/08/2004 22:55 14336]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/09/2009 08:07 234864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-746137067-1801674531-1003Core.job
- c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 16:19]
2009-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-746137067-1801674531-1003UA.job
- c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 16:19]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: {DB4549D2-D348-4750-ACC7-F450855E2FB5} = 62.251.229.237 62.251.229.223
FF - ProfilePath - c:\documents and settings\Amine\Application Data\Mozilla\Firefox\Profiles\1uv4kbz8.default\
FF - prefs.js: browser.search.selectedEngine - Dilandau
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Amine\Application Data\Mozilla\Firefox\Profiles\1uv4kbz8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 19:20
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-09-18 19:22
ComboFix-quarantined-files.txt 2009-09-18 19:22
Avant-CF: 6 973 865 984 octets libres
Après-CF: 6 963 580 928 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
229 --- E O F --- 2009-02-20 09:34
Ma machine est infecté par une multitude de cheval (chevaux?) de troie Trojan-gamethief, le problème c'est que a chaque fois que mon Antivirus les supprime ils réapparaissent de nouveau.
j'ai téléchargé Combofix voici le rapport on espérant de l'aide :
ComboFix 09-09-18.01 - Amine 18/09/2009 19:14.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.284 [GMT 0:00]
Lancé depuis: c:\documents and settings\Amine\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.
2009-09-18 16:27 . 2009-09-18 16:27 -------- d-----w- c:\windows\system32\Adobe
2009-09-17 15:34 . 2009-09-17 15:34 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-17 15:28 . 2009-09-17 15:42 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-17 15:28 . 2009-09-17 15:42 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-17 15:22 . 2009-09-18 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-16 12:20 . 2009-09-16 12:20 -------- d-----w- C:\found.000
2009-09-13 12:29 . 2009-09-13 12:31 -------- d-----w- c:\program files\Anti Keylogger Shield
2009-09-13 12:15 . 2009-09-17 15:49 -------- d-----w- c:\program files\rkfree
2009-09-13 12:15 . 2009-09-13 12:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\rkfree
2009-09-11 14:29 . 2009-09-11 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-11 14:19 . 2009-09-11 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:17 . 2002-10-15 00:00 44875 ----a-w- c:\windows\system32\IPrtCnst.dll
2009-09-11 14:17 . 2002-10-15 00:00 13891 ----a-w- c:\windows\system32\drivers\IdeBusDr.sys
2009-09-11 14:17 . 2002-10-15 00:00 101431 ----a-w- c:\windows\system32\drivers\IdeChnDr.sys
2009-09-11 14:15 . 2009-09-11 15:28 -------- d-----w- c:\program files\Intel
2009-09-11 14:08 . 2001-08-24 15:47 442168 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-09-11 14:08 . 2001-08-24 14:07 2619 ----a-w- c:\windows\system32\drivers\sensupgd.sys
2009-09-11 14:08 . 2009-09-11 14:09 -------- d-----w- c:\program files\Analog Devices
2009-09-11 14:08 . 2001-08-10 09:28 28672 ----a-w- c:\windows\system32\Aud2Full.exe
2009-09-11 14:00 . 2009-09-11 14:28 -------- d-----w- c:\windows\nview
2009-09-11 14:00 . 2004-04-13 15:25 110592 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-11 13:25 . 2009-09-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 13:23 . 2009-09-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 13:23 . 2009-09-11 13:23 -------- d-----w- c:\program files\NOS
2009-09-09 14:42 . 2009-09-09 14:42 -------- d-----w- c:\program files\Axon Data
2009-09-09 14:10 . 2009-09-09 14:10 -------- d-----w- c:\documents and settings\Amine\Application Data\Desktopicon
2009-09-09 14:10 . 2009-09-09 14:14 -------- d-----w- c:\program files\Unlocker
2009-09-09 13:57 . 2009-09-09 14:28 -------- d-----w- c:\program files\SafeSoft
2009-09-03 10:24 . 2009-09-11 13:51 -------- d-----w- c:\program files\ma-config.com
2009-09-03 10:24 . 2009-09-11 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-09-03 01:20 . 2009-09-03 01:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-03 01:20 . 2009-09-12 03:35 -------- d-----w- c:\documents and settings\Amine\Application Data\skypePM
2009-09-03 01:17 . 2009-09-12 03:36 -------- d-----w- c:\documents and settings\Amine\Application Data\Skype
2009-09-03 01:14 . 2009-09-03 01:14 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-03 01:14 . 2009-09-04 00:22 -------- d-----r- c:\program files\Skype
2009-09-03 01:14 . 2009-09-03 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-03 00:12 . 2009-09-03 00:12 -------- d-----w- c:\documents and settings\Amine\Application Data\teamspeak2
2009-09-03 00:12 . 2009-09-03 00:12 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-09-01 03:21 . 2009-09-01 05:29 -------- d-----w- c:\program files\Valve
2009-09-01 01:35 . 2009-09-01 14:33 -------- d-----w- c:\program files\Steam
2009-08-31 20:31 . 2009-08-31 20:32 -------- d-----w- c:\program files\eMule
2009-08-31 02:21 . 2009-08-31 02:21 -------- d--h--w- c:\windows\PIF
2009-08-28 17:11 . 2009-08-29 01:27 -------- d-----w- c:\program files\A4Proxy
2009-08-28 16:38 . 2009-08-28 16:38 -------- d-----w- c:\program files\SurfNolimit
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 09:25 . 2009-03-17 21:02 -------- d-----w- c:\program files\DofusBeta
2009-09-17 15:16 . 2008-03-24 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-16 12:38 . 2008-06-10 15:44 -------- d-----w- c:\program files\Dofus
2009-09-15 23:30 . 2009-02-14 11:54 -------- d-----w- c:\program files\MSECache
2009-09-15 13:22 . 2008-03-25 01:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-15 03:33 . 2008-06-23 22:35 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-13 15:42 . 2008-03-25 00:59 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-12 16:54 . 2008-04-04 02:02 -------- d-----w- c:\program files\Java
2009-09-12 15:46 . 2001-08-24 12:00 73260 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-12 15:46 . 2001-08-24 12:00 464892 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-11 14:17 . 2008-03-24 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 05:45 . 2008-06-03 20:31 -------- d-----w- c:\program files\Mp3 My Mp3 2.0
2009-08-31 05:13 . 2008-03-24 22:31 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-29 01:27 . 2008-05-01 10:46 -------- d-----w- c:\program files\Notepad++
2009-08-29 01:27 . 2008-05-01 10:46 -------- d-----w- c:\documents and settings\Amine\Application Data\Notepad++
2009-08-29 01:17 . 2008-05-13 20:23 -------- d-----w- c:\program files\Website Layout Maker
2009-08-29 01:15 . 2008-04-13 21:13 -------- d-----w- c:\program files\Easy GIF Animator
2009-08-28 18:10 . 2008-03-29 16:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 12:49 . 2009-08-17 12:49 -------- d-----w- c:\documents and settings\Souad\Application Data\vlc
2009-08-06 15:18 . 2009-08-06 15:18 -------- d-----w- c:\documents and settings\Amine\Application Data\Malwarebytes
2009-08-06 15:18 . 2009-08-06 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:17 . 2009-08-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 14:50 . 2009-08-06 14:50 -------- d-----w- c:\program files\Uniblue
2009-08-03 12:36 . 2009-08-06 15:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-08-06 15:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 . 2008-11-23 14:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 03:35 . 2009-07-21 03:35 -------- d-----w- c:\documents and settings\Amine\Application Data\SystemRequirementsLab
2009-07-03 15:48 . 2009-07-03 15:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 15:45 . 2009-07-03 15:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
.
------- Sigcheck -------
[7] 2007-12-07 . 906D0EC58033A9475BF8C7F885B7ED45 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2007-12-07 . F4FD487241D3AC291046A22CEBD2CF71 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
[-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-03 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-04-13 46080]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-08-08 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-04-13 782336]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-10-18 839680]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [03/08/2004 22:55 14336]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/09/2009 08:07 234864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-746137067-1801674531-1003Core.job
- c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 16:19]
2009-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-746137067-1801674531-1003UA.job
- c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 16:19]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: {DB4549D2-D348-4750-ACC7-F450855E2FB5} = 62.251.229.237 62.251.229.223
FF - ProfilePath - c:\documents and settings\Amine\Application Data\Mozilla\Firefox\Profiles\1uv4kbz8.default\
FF - prefs.js: browser.search.selectedEngine - Dilandau
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Amine\Application Data\Mozilla\Firefox\Profiles\1uv4kbz8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Amine\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 19:20
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-09-18 19:22
ComboFix-quarantined-files.txt 2009-09-18 19:22
Avant-CF: 6 973 865 984 octets libres
Après-CF: 6 963 580 928 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
229 --- E O F --- 2009-02-20 09:34
A voir également:
- Trojan-gamethief
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
