Malware defense...
Résolu/Fermé
Gloupi 72
-
3 janv. 2010 à 23:57
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 6 janv. 2010 à 13:44
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 6 janv. 2010 à 13:44
A voir également:
- Malware defense...
- Malware byte - Télécharger - Antivirus & Antimalwares
- Supprimer malware - Guide
- Tor.jack malware - Forum Virus
- Url defense - Forum Virus
- Roguekiller anti-malware - Télécharger - Antivirus & Antimalwares
11 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
4 janv. 2010 à 00:18
4 janv. 2010 à 00:18
Bonjour,
Pour arrêter provisoirement l'infection :
• Télécharge Rkill (de Grinler) sur ton Bureau.
• Désactive ton antivirus
• Double clique sur Rkill.exe pour le lancer
• Une fenêtre à fond noir va apparaître quelques instants et se refermer (si rien ne se passe, dis le moi avant de passer à la suite).
Ensuite, utilise directement Combofix :
/!\ Attention /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts en cas de mauvaise utilisation ! A utiliser uniquement avec une aide appropriée.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Pour arrêter provisoirement l'infection :
• Télécharge Rkill (de Grinler) sur ton Bureau.
• Désactive ton antivirus
• Double clique sur Rkill.exe pour le lancer
• Une fenêtre à fond noir va apparaître quelques instants et se refermer (si rien ne se passe, dis le moi avant de passer à la suite).
Ensuite, utilise directement Combofix :
/!\ Attention /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts en cas de mauvaise utilisation ! A utiliser uniquement avec une aide appropriée.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Merci pour la réponse, Rkill calme effectivement la bête un temps (jusqu'au prochain démarrage j'ai l'impression) ; par contre impossible de lancer Combo Fix ...
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
4 janv. 2010 à 00:49
4 janv. 2010 à 00:49
Si tu as redémarré ton ordinateur depuis tout à l'heure, relance Rkill
Ensuite, télécharge Combofix depuis ce lien (je l'ai renommé winlogon.exe)
Puis lance le en suivant la procédure indiquée au premier message ;)
Ensuite, télécharge Combofix depuis ce lien (je l'ai renommé winlogon.exe)
Puis lance le en suivant la procédure indiquée au premier message ;)
Des fois que tu ne sois pas encore couché, voilà la bête :
ComboFix 10-01-03.03 - Carcharias 13/12/2009 17:09:53.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.214 [GMT 1:00]
Lancé depuis: c:\documents and settings\Carcharias\Mes documents\Téléchargements\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\docume~1\CARCHA~1\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Bureau\nudetube.com.lnk
c:\documents and settings\All Users\Bureau\pornotube.com.lnk
c:\documents and settings\All Users\Bureau\youporn.com.lnk
C:\MS32DLL.dll.vbs
c:\program files\Malware Defense
c:\program files\Malware Defense\help.ico
c:\program files\Malware Defense\md.db
c:\program files\Malware Defense\mdefense.exe
c:\program files\Malware Defense\mdext.dll
c:\program files\Malware Defense\uninstall.exe
c:\windows\MS32DLL.dll.vbs
c:\windows\system32\drivers\H8SRTftkbiagvxe.sys
c:\windows\system32\H8SRTmpebevpehq.dat
c:\windows\system32\H8SRTpcfmqyrxll.dll
c:\windows\system32\H8SRTrahxyqjpiq.dll
c:\windows\system32\H8SRTwswvbxuxdk.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\srcr.dat
c:\windows\system32\sstray.exe
c:\windows\explorer.exe . . . est infecté!!
c:\windows\hh.exe . . . est infecté!!
c:\windows\system32\calc.exe . . . est infecté!!
c:\windows\system32\mmc.exe . . . est infecté!!
c:\windows\system32\mshta.exe . . . est infecté!!
c:\windows\system32\proquota.exe . . . est infecté!!
c:\windows\system32\wuauclt1.exe . . . est infecté!!
c:\windows\system32\usmt\migload.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz_a.exe . . . est infecté!!
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-13 au 2009-12-13 ))))))))))))))))))))))))))))))))))))
.
2009-12-12 13:15 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-12 13:15 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-12 13:15 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-12 13:15 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-12 13:15 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-12 13:15 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-12 13:15 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-12 13:15 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-12 13:15 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-12 11:06 . 2009-12-12 11:06 -------- d-----w- c:\program files\AVG
2009-12-12 11:06 . 2009-12-12 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-12 10:23 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 02:56 . 2009-12-13 12:32 860 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-11 02:53 . 2009-12-11 02:53 -------- d-----w- c:\documents and settings\Carcharias\Application Data\AskToolbar
2009-12-10 13:48 . 2009-12-13 15:29 -------- d-----w- c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar
2009-12-06 13:32 . 2009-12-06 13:32 -------- d-----w- c:\documents and settings\Carcharias\Local Settings\Application Data\Nero
2009-12-06 13:31 . 2009-12-07 08:14 -------- d-----w- c:\documents and settings\Carcharias\Application Data\Nero
2009-12-05 23:50 . 2009-12-05 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-05 23:50 . 2009-12-05 23:59 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-12-05 23:49 . 2009-12-05 23:49 -------- d-----w- c:\program files\Ask.com
2009-12-05 23:48 . 2009-12-06 13:19 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 10:18 . 2009-11-28 10:18 -------- d-----w- c:\program files\Alwil Software
2009-11-25 04:05 . 2009-10-21 05:50 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-11-25 04:05 . 2009-10-21 05:50 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-11-25 04:05 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-11-25 04:05 . 2009-10-12 13:52 69632 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-11-25 04:05 . 2009-10-12 13:52 113152 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-11-25 04:03 . 2009-10-13 10:44 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 16:18 . 2009-06-30 05:20 -------- d-----w- c:\program files\DNA
2009-12-13 16:18 . 2009-06-30 05:20 -------- d-----w- c:\documents and settings\Carcharias\Application Data\DNA
2009-12-12 12:24 . 2009-06-30 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-12-12 10:20 . 2009-06-30 04:22 -------- d-----w- c:\program files\Avast4
2009-12-11 17:31 . 2009-07-07 10:44 -------- d-----w- c:\documents and settings\Carcharias\Application Data\vlc
2009-12-09 23:27 . 2009-07-07 10:52 -------- d-----w- c:\documents and settings\Carcharias\Application Data\dvdcss
2009-12-07 08:28 . 2009-09-19 20:51 1 ----a-w- c:\documents and settings\Carcharias\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 00:05 . 2009-06-30 02:44 -------- d-----w- c:\program files\Nero
2009-12-04 20:48 . 2009-06-30 05:21 -------- d-----w- c:\documents and settings\Carcharias\Application Data\BitTorrent
2009-11-13 03:28 . 2009-06-30 02:57 280144 ----a-w- c:\documents and settings\Carcharias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 03:27 . 2009-06-30 03:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 01:02 . 2009-11-03 01:02 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-11-03 00:05 . 2009-06-30 03:04 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-02 19:42 . 2009-10-01 15:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:37 . 2004-08-28 13:00 841216 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:37 . 2004-08-28 13:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:37 . 2004-08-28 13:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 23:31 . 2009-10-28 23:31 -------- d-----w- c:\program files\MagicISO
2009-10-25 04:07 . 2004-08-28 13:00 97382 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 04:07 . 2004-08-28 13:00 552540 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-24 07:21 . 2009-06-30 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-21 05:50 . 2004-08-28 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-28 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2004-08-28 13:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 06:06 . 2009-10-19 06:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-10-19 06:06 . 2009-10-19 06:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-10-19 06:05 . 2009-10-19 06:05 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-10-13 10:44 . 2004-08-28 13:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-28 13:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-28 13:00 113152 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 15:51 . 2009-10-09 15:51 152576 ----a-w- c:\documents and settings\Carcharias\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-17 12:51 . 2009-09-17 12:51 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-09-17 11:58 . 2009-09-17 11:58 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
.
------- Sigcheck -------
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
[-] 2004-08-28 . ADDC47DFD517F2143D71E9310E414B50 . 1789952 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2004-08-28 . 2B1CDC3C0A56D6878323F591FE4E972A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-28 . 43836CFFABAC8D6779E8EE55E308DF2C . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-28 13:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
c:\windows\System32\drivers\beep.sys ... manque !!
c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 09:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-04 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
"Vistadrv"="c:\windows\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"TransBar"="c:\windows\system32\transbar.exe" [2004-08-28 139264]
"Styler"="c:\program files\styler\Styler.exe" [2006-05-03 307200]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2004-08-28 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-28 44544]
"nltide_3"="advpack.dll" [2009-10-29 124928]
c:\documents and settings\Carcharias\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [28/08/2004 14:00 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [28/08/2004 14:00 210224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/12/2009 14:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/12/2009 14:15 20560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/07/2009 10:25 721904]
.
Contenu du dossier 'Tâches planifiées'
2009-12-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 09:40]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
mStart Page = hxxp://www.google.fr
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Carcharias\Application Data\Mozilla\Firefox\Profiles\5e8irjad.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll
Notify-AtiExtEvent - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Carcharias\Mes documents\Téléchargements\HijackThis.exe
AddRemove-Malware Defense - c:\program files\Malware Defense\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 17:18
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\midimap.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(3912)
c:\windows\System32\VttHooks.dll
c:\program files\UberIcon\UberIcon.dll
c:\program files\styler\StylerHelper.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Heure de fin: 2009-12-13 17:25:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-13 16:25
Avant-CF: 126 556 655 616 octets libres
Après-CF: 128 615 280 640 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 1D1ECCB270048986FE4A451FF12DF62C
En tout cas merci de m'aider à une heure si tardive !
ComboFix 10-01-03.03 - Carcharias 13/12/2009 17:09:53.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.214 [GMT 1:00]
Lancé depuis: c:\documents and settings\Carcharias\Mes documents\Téléchargements\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\docume~1\CARCHA~1\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Bureau\nudetube.com.lnk
c:\documents and settings\All Users\Bureau\pornotube.com.lnk
c:\documents and settings\All Users\Bureau\youporn.com.lnk
C:\MS32DLL.dll.vbs
c:\program files\Malware Defense
c:\program files\Malware Defense\help.ico
c:\program files\Malware Defense\md.db
c:\program files\Malware Defense\mdefense.exe
c:\program files\Malware Defense\mdext.dll
c:\program files\Malware Defense\uninstall.exe
c:\windows\MS32DLL.dll.vbs
c:\windows\system32\drivers\H8SRTftkbiagvxe.sys
c:\windows\system32\H8SRTmpebevpehq.dat
c:\windows\system32\H8SRTpcfmqyrxll.dll
c:\windows\system32\H8SRTrahxyqjpiq.dll
c:\windows\system32\H8SRTwswvbxuxdk.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\srcr.dat
c:\windows\system32\sstray.exe
c:\windows\explorer.exe . . . est infecté!!
c:\windows\hh.exe . . . est infecté!!
c:\windows\system32\calc.exe . . . est infecté!!
c:\windows\system32\mmc.exe . . . est infecté!!
c:\windows\system32\mshta.exe . . . est infecté!!
c:\windows\system32\proquota.exe . . . est infecté!!
c:\windows\system32\wuauclt1.exe . . . est infecté!!
c:\windows\system32\usmt\migload.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz_a.exe . . . est infecté!!
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-13 au 2009-12-13 ))))))))))))))))))))))))))))))))))))
.
2009-12-12 13:15 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-12 13:15 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-12 13:15 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-12 13:15 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-12 13:15 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-12 13:15 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-12 13:15 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-12 13:15 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-12 13:15 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-12 11:06 . 2009-12-12 11:06 -------- d-----w- c:\program files\AVG
2009-12-12 11:06 . 2009-12-12 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-12 10:23 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 02:56 . 2009-12-13 12:32 860 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-11 02:53 . 2009-12-11 02:53 -------- d-----w- c:\documents and settings\Carcharias\Application Data\AskToolbar
2009-12-10 13:48 . 2009-12-13 15:29 -------- d-----w- c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar
2009-12-06 13:32 . 2009-12-06 13:32 -------- d-----w- c:\documents and settings\Carcharias\Local Settings\Application Data\Nero
2009-12-06 13:31 . 2009-12-07 08:14 -------- d-----w- c:\documents and settings\Carcharias\Application Data\Nero
2009-12-05 23:50 . 2009-12-05 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-05 23:50 . 2009-12-05 23:59 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-12-05 23:49 . 2009-12-05 23:49 -------- d-----w- c:\program files\Ask.com
2009-12-05 23:48 . 2009-12-06 13:19 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-28 10:18 . 2009-11-28 10:18 -------- d-----w- c:\program files\Alwil Software
2009-11-25 04:05 . 2009-10-21 05:50 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-11-25 04:05 . 2009-10-21 05:50 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-11-25 04:05 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-11-25 04:05 . 2009-10-12 13:52 69632 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-11-25 04:05 . 2009-10-12 13:52 113152 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-11-25 04:03 . 2009-10-13 10:44 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 16:18 . 2009-06-30 05:20 -------- d-----w- c:\program files\DNA
2009-12-13 16:18 . 2009-06-30 05:20 -------- d-----w- c:\documents and settings\Carcharias\Application Data\DNA
2009-12-12 12:24 . 2009-06-30 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-12-12 10:20 . 2009-06-30 04:22 -------- d-----w- c:\program files\Avast4
2009-12-11 17:31 . 2009-07-07 10:44 -------- d-----w- c:\documents and settings\Carcharias\Application Data\vlc
2009-12-09 23:27 . 2009-07-07 10:52 -------- d-----w- c:\documents and settings\Carcharias\Application Data\dvdcss
2009-12-07 08:28 . 2009-09-19 20:51 1 ----a-w- c:\documents and settings\Carcharias\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 00:05 . 2009-06-30 02:44 -------- d-----w- c:\program files\Nero
2009-12-04 20:48 . 2009-06-30 05:21 -------- d-----w- c:\documents and settings\Carcharias\Application Data\BitTorrent
2009-11-13 03:28 . 2009-06-30 02:57 280144 ----a-w- c:\documents and settings\Carcharias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 03:27 . 2009-06-30 03:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 01:02 . 2009-11-03 01:02 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-11-03 00:05 . 2009-06-30 03:04 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-02 19:42 . 2009-10-01 15:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:37 . 2004-08-28 13:00 841216 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:37 . 2004-08-28 13:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:37 . 2004-08-28 13:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 23:31 . 2009-10-28 23:31 -------- d-----w- c:\program files\MagicISO
2009-10-25 04:07 . 2004-08-28 13:00 97382 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 04:07 . 2004-08-28 13:00 552540 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-24 07:21 . 2009-06-30 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-21 05:50 . 2004-08-28 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-28 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2004-08-28 13:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 06:06 . 2009-10-19 06:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-10-19 06:06 . 2009-10-19 06:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-10-19 06:05 . 2009-10-19 06:05 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-10-13 10:44 . 2004-08-28 13:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-28 13:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-28 13:00 113152 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 15:51 . 2009-10-09 15:51 152576 ----a-w- c:\documents and settings\Carcharias\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-17 12:51 . 2009-09-17 12:51 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-09-17 11:58 . 2009-09-17 11:58 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
.
------- Sigcheck -------
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
[-] 2004-08-28 . ADDC47DFD517F2143D71E9310E414B50 . 1789952 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2004-08-28 . 2B1CDC3C0A56D6878323F591FE4E972A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-28 . 43836CFFABAC8D6779E8EE55E308DF2C . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-28 13:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
c:\windows\System32\drivers\beep.sys ... manque !!
c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 09:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-04 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
"Vistadrv"="c:\windows\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"TransBar"="c:\windows\system32\transbar.exe" [2004-08-28 139264]
"Styler"="c:\program files\styler\Styler.exe" [2006-05-03 307200]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2004-08-28 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-28 44544]
"nltide_3"="advpack.dll" [2009-10-29 124928]
c:\documents and settings\Carcharias\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [28/08/2004 14:00 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [28/08/2004 14:00 210224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/12/2009 14:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/12/2009 14:15 20560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/07/2009 10:25 721904]
.
Contenu du dossier 'Tâches planifiées'
2009-12-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 09:40]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
mStart Page = hxxp://www.google.fr
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Carcharias\Application Data\Mozilla\Firefox\Profiles\5e8irjad.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll
Notify-AtiExtEvent - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Carcharias\Mes documents\Téléchargements\HijackThis.exe
AddRemove-Malware Defense - c:\program files\Malware Defense\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 17:18
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\midimap.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(3912)
c:\windows\System32\VttHooks.dll
c:\program files\UberIcon\UberIcon.dll
c:\program files\styler\StylerHelper.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Heure de fin: 2009-12-13 17:25:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-13 16:25
Avant-CF: 126 556 655 616 octets libres
Après-CF: 128 615 280 640 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 1D1ECCB270048986FE4A451FF12DF62C
En tout cas merci de m'aider à une heure si tardive !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
4 janv. 2010 à 02:34
4 janv. 2010 à 02:34
Il reste encore des fichiers néfastes à supprimer, et des fichiers systèmes à désinfecter...
Par contre, il semble que Combofix ait supprimé un élément de ton Windows, voilà ce que c'est d'utiliser une version non-officielle de Windows... Si jamais Windows ne démarre pas au prochain démarrage de ton ordinateur, ne panique pas et essaye de revenir ici avec un autre ordinateur.
As-tu un CD de Windows ?
• Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau
• Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus → Exécuter en temps qu'administrateur
• L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
• A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
Par contre, il semble que Combofix ait supprimé un élément de ton Windows, voilà ce que c'est d'utiliser une version non-officielle de Windows... Si jamais Windows ne démarre pas au prochain démarrage de ton ordinateur, ne panique pas et essaye de revenir ici avec un autre ordinateur.
As-tu un CD de Windows ?
• Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau
• Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus → Exécuter en temps qu'administrateur
• L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
• A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
Mon windows redémarre correctement, le malware semble s'être calmé et TDSSKiller n'a rien trouvé :
04:20:58:953 1192 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
04:20:58:953 1192 ================================================================================
04:20:58:953 1192 SystemInfo:
04:20:58:953 1192 OS Version: 5.1.2600 ServicePack: 2.0
04:20:58:953 1192 Product type: Workstation
04:20:58:953 1192 ComputerName: 9154A4A0FD04425
04:20:58:953 1192 UserName: Carcharias
04:20:58:953 1192 Windows directory: C:\WINDOWS
04:20:58:953 1192 Processor architecture: Intel x86
04:20:58:953 1192 Number of processors: 1
04:20:58:953 1192 Page size: 0x1000
04:20:58:953 1192 Boot type: Normal boot
04:20:58:953 1192 ================================================================================
04:20:59:046 1192 ForceUnloadDriver: NtUnloadDriver error 2
04:20:59:140 1192 ForceUnloadDriver: NtUnloadDriver error 2
04:20:59:140 1192 ForceUnloadDriver: NtUnloadDriver error 2
04:20:59:156 1192 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
04:20:59:156 1192 main: Driver KLMD successfully dropped
04:20:59:312 1192 main: Driver KLMD successfully loaded
04:20:59:312 1192
Scanning Registry ...
04:20:59:343 1192 ScanServices: Searching service UACd.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service TDSSserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service gaopdxserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service gxvxcserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service MSIVXserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:531 1192 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
04:21:00:000 1192 UnhookRegistry: Kernel local addr: D20000
04:21:00:015 1192 UnhookRegistry: KeServiceDescriptorTable addr: DA3120
04:21:00:140 1192 UnhookRegistry: KiServiceTable addr: D2B6A8
04:21:00:140 1192 UnhookRegistry: NtEnumerateKey service number (local): 47
04:21:00:140 1192 UnhookRegistry: NtEnumerateKey local addr: DB9D3E
04:21:00:156 1192 KLMD_OpenDevice: Trying to open KLMD device
04:21:00:156 1192 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
04:21:00:156 1192 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
04:21:00:156 1192 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
04:21:00:156 1192 UnhookRegistry: NtEnumerateKey service number (kernel): 47
04:21:00:156 1192 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
04:21:00:156 1192 UnhookRegistry: NtEnumerateKey real addr: 80570D3E
04:21:00:156 1192 UnhookRegistry: NtEnumerateKey calc addr: 80570D3E
04:21:00:156 1192 UnhookRegistry: No SDT hooks found on NtEnumerateKey
04:21:00:156 1192 KLMD_ReadMem: Trying to ReadMemory 0x80570D3E[0xA]
04:21:00:156 1192 UnhookRegistry: No splicing found on NtEnumerateKey
04:21:00:171 1192
Scanning Kernel memory ...
04:21:00:171 1192 KLMD_OpenDevice: Trying to open KLMD device
04:21:00:171 1192 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
04:21:00:171 1192 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
04:21:00:171 1192 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 822C1218
04:21:00:171 1192 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
04:21:00:171 1192 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 821E19F0
04:21:00:171 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 821E19F0
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0x821E19F0[0x38]
04:21:00:171 1192 DetectCureTDL3: DRIVER_OBJECT addr: 822C1218
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0x822C1218[0xA8]
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0xE13B4B70[0x208]
04:21:00:171 1192 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
04:21:00:171 1192 DetectCureTDL3: IrpHandler (0) addr: F8515BB0
04:21:00:171 1192 DetectCureTDL3: IrpHandler (1) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (2) addr: F8515BB0
04:21:00:171 1192 DetectCureTDL3: IrpHandler (3) addr: F850FD1B
04:21:00:171 1192 DetectCureTDL3: IrpHandler (4) addr: F850FD1B
04:21:00:171 1192 DetectCureTDL3: IrpHandler (5) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (6) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (7) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (8) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (9) addr: F85102DA
04:21:00:171 1192 DetectCureTDL3: IrpHandler (10) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (11) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (12) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (13) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (14) addr: F85103B1
04:21:00:171 1192 DetectCureTDL3: IrpHandler (15) addr: F8513F10
04:21:00:171 1192 DetectCureTDL3: IrpHandler (16) addr: F85102DA
04:21:00:171 1192 DetectCureTDL3: IrpHandler (17) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (18) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (19) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (20) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (21) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (22) addr: F8511C74
04:21:00:171 1192 DetectCureTDL3: IrpHandler (23) addr: F851699A
04:21:00:171 1192 DetectCureTDL3: IrpHandler (24) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (25) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (26) addr: 804FA88E
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
04:21:00:171 1192 KLMD_ReadMem: DeviceIoControl error 1
04:21:00:171 1192 TDL3_StartIoHookDetect: Unable to get StartIo handler code
04:21:00:171 1192 TDL3_FileDetect: Processing driver: Disk
04:21:00:171 1192 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
04:21:00:171 1192 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
04:21:00:171 1192 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
04:21:00:203 1192 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 822299D0
04:21:00:203 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 822299D0
04:21:00:203 1192 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 822EB1A8
04:21:00:203 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 822EB1A8
04:21:00:203 1192 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82305868
04:21:00:203 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82305868
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0x82305868[0x38]
04:21:00:203 1192 DetectCureTDL3: DRIVER_OBJECT addr: 8229D3E0
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0x8229D3E0[0xA8]
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0xE13A4928[0x208]
04:21:00:203 1192 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvidesm, Driver Name: nvidesm
04:21:00:203 1192 DetectCureTDL3: IrpHandler (0) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (1) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (2) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (3) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (4) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (5) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (6) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (7) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (8) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (9) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (10) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (11) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (12) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (13) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (14) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (15) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (16) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (17) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (18) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (19) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (20) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (21) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (22) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (23) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (24) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (25) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (26) addr: 804FA88E
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0xF83B340E[0x400]
04:21:00:203 1192 TDL3_StartIoHookDetect: CheckParameters: 1, F83B717C, 618, 0
04:21:00:203 1192 TDL3_FileDetect: Processing driver: nvidesm
04:21:00:203 1192 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvidesm.sys, C:\WINDOWS\system32\Drivers\nvidesm.tsk, SYSTEM\CurrentControlSet\Services\nvidesm, system32\Drivers\nvidesm.tsk
04:21:00:203 1192 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvidesm.sys
04:21:00:203 1192 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvidesm.sys
04:21:00:265 1192
Completed
Results:
04:21:00:265 1192 Infected objects in memory: 0
04:21:00:281 1192 Cured objects in memory: 0
04:21:00:281 1192 Infected objects on disk: 0
04:21:00:281 1192 Objects on disk cured on reboot: 0
04:21:00:281 1192 Objects on disk deleted on reboot: 0
04:21:00:281 1192 Registry nodes deleted on reboot: 0
04:21:00:281 1192
Ceci dit j'ai toujours les icônes de Malware Defense qui traînent, je n'ose pas trop les toucher...
04:20:58:953 1192 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
04:20:58:953 1192 ================================================================================
04:20:58:953 1192 SystemInfo:
04:20:58:953 1192 OS Version: 5.1.2600 ServicePack: 2.0
04:20:58:953 1192 Product type: Workstation
04:20:58:953 1192 ComputerName: 9154A4A0FD04425
04:20:58:953 1192 UserName: Carcharias
04:20:58:953 1192 Windows directory: C:\WINDOWS
04:20:58:953 1192 Processor architecture: Intel x86
04:20:58:953 1192 Number of processors: 1
04:20:58:953 1192 Page size: 0x1000
04:20:58:953 1192 Boot type: Normal boot
04:20:58:953 1192 ================================================================================
04:20:59:046 1192 ForceUnloadDriver: NtUnloadDriver error 2
04:20:59:140 1192 ForceUnloadDriver: NtUnloadDriver error 2
04:20:59:140 1192 ForceUnloadDriver: NtUnloadDriver error 2
04:20:59:156 1192 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
04:20:59:156 1192 main: Driver KLMD successfully dropped
04:20:59:312 1192 main: Driver KLMD successfully loaded
04:20:59:312 1192
Scanning Registry ...
04:20:59:343 1192 ScanServices: Searching service UACd.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service TDSSserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service gaopdxserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service gxvxcserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:343 1192 ScanServices: Searching service MSIVXserv.sys
04:20:59:343 1192 ScanServices: Open/Create key error 2
04:20:59:531 1192 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
04:21:00:000 1192 UnhookRegistry: Kernel local addr: D20000
04:21:00:015 1192 UnhookRegistry: KeServiceDescriptorTable addr: DA3120
04:21:00:140 1192 UnhookRegistry: KiServiceTable addr: D2B6A8
04:21:00:140 1192 UnhookRegistry: NtEnumerateKey service number (local): 47
04:21:00:140 1192 UnhookRegistry: NtEnumerateKey local addr: DB9D3E
04:21:00:156 1192 KLMD_OpenDevice: Trying to open KLMD device
04:21:00:156 1192 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
04:21:00:156 1192 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
04:21:00:156 1192 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
04:21:00:156 1192 UnhookRegistry: NtEnumerateKey service number (kernel): 47
04:21:00:156 1192 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
04:21:00:156 1192 UnhookRegistry: NtEnumerateKey real addr: 80570D3E
04:21:00:156 1192 UnhookRegistry: NtEnumerateKey calc addr: 80570D3E
04:21:00:156 1192 UnhookRegistry: No SDT hooks found on NtEnumerateKey
04:21:00:156 1192 KLMD_ReadMem: Trying to ReadMemory 0x80570D3E[0xA]
04:21:00:156 1192 UnhookRegistry: No splicing found on NtEnumerateKey
04:21:00:171 1192
Scanning Kernel memory ...
04:21:00:171 1192 KLMD_OpenDevice: Trying to open KLMD device
04:21:00:171 1192 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
04:21:00:171 1192 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
04:21:00:171 1192 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 822C1218
04:21:00:171 1192 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
04:21:00:171 1192 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 821E19F0
04:21:00:171 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 821E19F0
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0x821E19F0[0x38]
04:21:00:171 1192 DetectCureTDL3: DRIVER_OBJECT addr: 822C1218
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0x822C1218[0xA8]
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0xE13B4B70[0x208]
04:21:00:171 1192 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
04:21:00:171 1192 DetectCureTDL3: IrpHandler (0) addr: F8515BB0
04:21:00:171 1192 DetectCureTDL3: IrpHandler (1) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (2) addr: F8515BB0
04:21:00:171 1192 DetectCureTDL3: IrpHandler (3) addr: F850FD1B
04:21:00:171 1192 DetectCureTDL3: IrpHandler (4) addr: F850FD1B
04:21:00:171 1192 DetectCureTDL3: IrpHandler (5) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (6) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (7) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (8) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (9) addr: F85102DA
04:21:00:171 1192 DetectCureTDL3: IrpHandler (10) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (11) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (12) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (13) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (14) addr: F85103B1
04:21:00:171 1192 DetectCureTDL3: IrpHandler (15) addr: F8513F10
04:21:00:171 1192 DetectCureTDL3: IrpHandler (16) addr: F85102DA
04:21:00:171 1192 DetectCureTDL3: IrpHandler (17) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (18) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (19) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (20) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (21) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (22) addr: F8511C74
04:21:00:171 1192 DetectCureTDL3: IrpHandler (23) addr: F851699A
04:21:00:171 1192 DetectCureTDL3: IrpHandler (24) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (25) addr: 804FA88E
04:21:00:171 1192 DetectCureTDL3: IrpHandler (26) addr: 804FA88E
04:21:00:171 1192 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
04:21:00:171 1192 KLMD_ReadMem: DeviceIoControl error 1
04:21:00:171 1192 TDL3_StartIoHookDetect: Unable to get StartIo handler code
04:21:00:171 1192 TDL3_FileDetect: Processing driver: Disk
04:21:00:171 1192 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
04:21:00:171 1192 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
04:21:00:171 1192 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
04:21:00:203 1192 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 822299D0
04:21:00:203 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 822299D0
04:21:00:203 1192 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 822EB1A8
04:21:00:203 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 822EB1A8
04:21:00:203 1192 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82305868
04:21:00:203 1192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82305868
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0x82305868[0x38]
04:21:00:203 1192 DetectCureTDL3: DRIVER_OBJECT addr: 8229D3E0
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0x8229D3E0[0xA8]
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0xE13A4928[0x208]
04:21:00:203 1192 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvidesm, Driver Name: nvidesm
04:21:00:203 1192 DetectCureTDL3: IrpHandler (0) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (1) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (2) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (3) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (4) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (5) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (6) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (7) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (8) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (9) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (10) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (11) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (12) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (13) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (14) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (15) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (16) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (17) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (18) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (19) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (20) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (21) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (22) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (23) addr: F83B044C
04:21:00:203 1192 DetectCureTDL3: IrpHandler (24) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (25) addr: 804FA88E
04:21:00:203 1192 DetectCureTDL3: IrpHandler (26) addr: 804FA88E
04:21:00:203 1192 KLMD_ReadMem: Trying to ReadMemory 0xF83B340E[0x400]
04:21:00:203 1192 TDL3_StartIoHookDetect: CheckParameters: 1, F83B717C, 618, 0
04:21:00:203 1192 TDL3_FileDetect: Processing driver: nvidesm
04:21:00:203 1192 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvidesm.sys, C:\WINDOWS\system32\Drivers\nvidesm.tsk, SYSTEM\CurrentControlSet\Services\nvidesm, system32\Drivers\nvidesm.tsk
04:21:00:203 1192 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvidesm.sys
04:21:00:203 1192 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvidesm.sys
04:21:00:265 1192
Completed
Results:
04:21:00:265 1192 Infected objects in memory: 0
04:21:00:281 1192 Cured objects in memory: 0
04:21:00:281 1192 Infected objects on disk: 0
04:21:00:281 1192 Objects on disk cured on reboot: 0
04:21:00:281 1192 Objects on disk deleted on reboot: 0
04:21:00:281 1192 Registry nodes deleted on reboot: 0
04:21:00:281 1192
Ceci dit j'ai toujours les icônes de Malware Defense qui traînent, je n'ose pas trop les toucher...
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
5 janv. 2010 à 04:55
5 janv. 2010 à 04:55
D'accord, on continue :
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour gloupi72, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier gloupi72.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour gloupi72, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier gloupi72.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
Merci !
Alors voilà le résultat de la manip' :
omboFix 10-01-03.03 - Carcharias 05/01/2010 16:25:07.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.248 [GMT 1:00]
Lancé depuis: c:\documents and settings\Carcharias\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Carcharias\Bureau\CFScript.txt
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Carcharias\Application Data\AskToolbar
c:\documents and settings\Carcharias\Application Data\AskToolbar\Nero.config
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\almost.xml
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\config.xml
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\Downloaded Program Files\Nero.dll
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\Downloaded Program Files\Nero.inf
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\nero.cab
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\explorer.exe . . . est infecté!!
c:\windows\hh.exe . . . est infecté!!
c:\windows\system32\calc.exe . . . est infecté!!
c:\windows\system32\mmc.exe . . . est infecté!!
c:\windows\system32\mshta.exe . . . est infecté!!
c:\windows\system32\proquota.exe . . . est infecté!!
c:\windows\system32\wuauclt1.exe . . . est infecté!!
c:\windows\system32\usmt\migload.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz_a.exe . . . est infecté!!
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
.
2009-12-14 11:15 . 2009-12-14 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo
2009-12-14 11:15 . 2009-12-14 11:15 87056 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-14 11:15 . 2009-12-14 11:15 79760 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-14 11:15 . 2009-12-14 11:15 24208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-14 11:15 . 2009-12-14 11:15 143104 ----a-w- c:\windows\system32\guard32.dll
2009-12-14 11:01 . 2009-12-14 11:15 -------- d-----w- c:\documents and settings\Carcharias\Application Data\Comodo
2009-12-14 11:01 . 2009-12-14 11:15 -------- d-----w- c:\program files\COMODO
2009-12-14 03:20 . 2009-12-14 03:20 -------- d-----w- C:\tdsskiller
2009-12-13 16:55 . 2009-12-13 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-13 16:55 . 2005-08-25 18:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-12-13 16:55 . 2009-12-13 16:55 -------- d-----w- c:\program files\SpywareBlaster
2009-12-13 16:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-13 16:46 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-13 16:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-13 16:46 . 2009-12-13 16:46 -------- d-----w- c:\program files\Avira
2009-12-13 16:46 . 2009-12-13 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-12 11:06 . 2009-12-12 11:06 -------- d-----w- c:\program files\AVG
2009-12-12 11:06 . 2009-12-12 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-12 10:23 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 13:32 . 2009-12-06 13:32 -------- d-----w- c:\documents and settings\Carcharias\Local Settings\Application Data\Nero
2009-12-06 13:31 . 2009-12-07 08:14 -------- d-----w- c:\documents and settings\Carcharias\Application Data\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 09:11 . 2009-06-30 05:20 -------- d-----w- c:\program files\DNA
2010-01-05 09:11 . 2009-06-30 05:20 -------- d-----w- c:\documents and settings\Carcharias\Application Data\DNA
2009-12-14 15:07 . 2009-07-07 10:44 -------- d-----w- c:\documents and settings\Carcharias\Application Data\vlc
2009-12-12 12:24 . 2009-06-30 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-12-12 10:20 . 2009-06-30 04:22 -------- d-----w- c:\program files\Avast4
2009-12-09 23:27 . 2009-07-07 10:52 -------- d-----w- c:\documents and settings\Carcharias\Application Data\dvdcss
2009-12-07 08:28 . 2009-09-19 20:51 1 ----a-w- c:\documents and settings\Carcharias\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 00:05 . 2009-06-30 02:44 -------- d-----w- c:\program files\Nero
2009-12-05 23:59 . 2009-12-05 23:50 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-12-05 23:54 . 2009-12-05 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-04 20:48 . 2009-06-30 05:21 -------- d-----w- c:\documents and settings\Carcharias\Application Data\BitTorrent
2009-11-28 10:18 . 2009-11-28 10:18 -------- d-----w- c:\program files\Alwil Software
2009-11-13 03:28 . 2009-06-30 02:57 280144 ----a-w- c:\documents and settings\Carcharias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 03:27 . 2009-06-30 03:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 19:42 . 2009-10-01 15:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:37 . 2004-08-28 13:00 841216 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:37 . 2004-08-28 13:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:37 . 2004-08-28 13:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-25 04:07 . 2004-08-28 13:00 97382 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 04:07 . 2004-08-28 13:00 552540 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 05:50 . 2004-08-28 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-28 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2004-08-28 13:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:44 . 2004-08-28 13:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-28 13:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-28 13:00 113152 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 15:51 . 2009-10-09 15:51 152576 ----a-w- c:\documents and settings\Carcharias\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
------- Sigcheck -------
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
[-] 2004-08-28 . ADDC47DFD517F2143D71E9310E414B50 . 1789952 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2004-08-28 . 2B1CDC3C0A56D6878323F591FE4E972A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-28 . 43836CFFABAC8D6779E8EE55E308DF2C . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-28 13:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
c:\windows\System32\drivers\beep.sys ... manque !!
c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-04 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
"Vistadrv"="c:\windows\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"TransBar"="c:\windows\system32\transbar.exe" [2004-08-28 139264]
"Styler"="c:\program files\styler\Styler.exe" [2006-05-03 307200]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-12-14 1655552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2004-08-28 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-28 44544]
"nltide_3"="advpack.dll" [2009-10-29 124928]
c:\documents and settings\Carcharias\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [28/08/2004 14:00 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [28/08/2004 14:00 210224]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [14/12/2009 12:15 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [14/12/2009 12:15 24208]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [13/12/2009 17:46 108289]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/07/2009 10:25 721904]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
mStart Page = hxxp://www.google.fr
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Carcharias\Application Data\Mozilla\Firefox\Profiles\5e8irjad.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 10:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2304)
c:\windows\System32\VttHooks.dll
c:\program files\UberIcon\UberIcon.dll
c:\program files\styler\StylerHelper.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WgaTray.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\taskmgr.exe
c:\program files\Avira\AntiVir Desktop\update.exe
.
**************************************************************************
.
Heure de fin: 2010-01-05 10:16:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-05 09:16
ComboFix2.txt 2009-12-13 16:25
Avant-CF: 126 906 576 896 octets libres
Après-CF: 126 880 366 592 octets libres
- - End Of File - - 2EABD5708B57F31BD098F15B398551E7
Alors voilà le résultat de la manip' :
omboFix 10-01-03.03 - Carcharias 05/01/2010 16:25:07.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.248 [GMT 1:00]
Lancé depuis: c:\documents and settings\Carcharias\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Carcharias\Bureau\CFScript.txt
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Carcharias\Application Data\AskToolbar
c:\documents and settings\Carcharias\Application Data\AskToolbar\Nero.config
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\almost.xml
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\config.xml
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\Downloaded Program Files\Nero.dll
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\Downloaded Program Files\Nero.inf
c:\documents and settings\Carcharias\Local Settings\Application Data\AskToolbar\nero.cab
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\explorer.exe . . . est infecté!!
c:\windows\hh.exe . . . est infecté!!
c:\windows\system32\calc.exe . . . est infecté!!
c:\windows\system32\mmc.exe . . . est infecté!!
c:\windows\system32\mshta.exe . . . est infecté!!
c:\windows\system32\proquota.exe . . . est infecté!!
c:\windows\system32\wuauclt1.exe . . . est infecté!!
c:\windows\system32\usmt\migload.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz.exe . . . est infecté!!
c:\windows\system32\usmt\migwiz_a.exe . . . est infecté!!
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))
.
2009-12-14 11:15 . 2009-12-14 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo
2009-12-14 11:15 . 2009-12-14 11:15 87056 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-14 11:15 . 2009-12-14 11:15 79760 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-12-14 11:15 . 2009-12-14 11:15 24208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-14 11:15 . 2009-12-14 11:15 143104 ----a-w- c:\windows\system32\guard32.dll
2009-12-14 11:01 . 2009-12-14 11:15 -------- d-----w- c:\documents and settings\Carcharias\Application Data\Comodo
2009-12-14 11:01 . 2009-12-14 11:15 -------- d-----w- c:\program files\COMODO
2009-12-14 03:20 . 2009-12-14 03:20 -------- d-----w- C:\tdsskiller
2009-12-13 16:55 . 2009-12-13 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-13 16:55 . 2005-08-25 18:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-12-13 16:55 . 2009-12-13 16:55 -------- d-----w- c:\program files\SpywareBlaster
2009-12-13 16:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-13 16:46 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-13 16:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-13 16:46 . 2009-12-13 16:46 -------- d-----w- c:\program files\Avira
2009-12-13 16:46 . 2009-12-13 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-12 11:06 . 2009-12-12 11:06 -------- d-----w- c:\program files\AVG
2009-12-12 11:06 . 2009-12-12 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-12 10:23 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 13:32 . 2009-12-06 13:32 -------- d-----w- c:\documents and settings\Carcharias\Local Settings\Application Data\Nero
2009-12-06 13:31 . 2009-12-07 08:14 -------- d-----w- c:\documents and settings\Carcharias\Application Data\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 09:11 . 2009-06-30 05:20 -------- d-----w- c:\program files\DNA
2010-01-05 09:11 . 2009-06-30 05:20 -------- d-----w- c:\documents and settings\Carcharias\Application Data\DNA
2009-12-14 15:07 . 2009-07-07 10:44 -------- d-----w- c:\documents and settings\Carcharias\Application Data\vlc
2009-12-12 12:24 . 2009-06-30 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-12-12 10:20 . 2009-06-30 04:22 -------- d-----w- c:\program files\Avast4
2009-12-09 23:27 . 2009-07-07 10:52 -------- d-----w- c:\documents and settings\Carcharias\Application Data\dvdcss
2009-12-07 08:28 . 2009-09-19 20:51 1 ----a-w- c:\documents and settings\Carcharias\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 00:05 . 2009-06-30 02:44 -------- d-----w- c:\program files\Nero
2009-12-05 23:59 . 2009-12-05 23:50 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-12-05 23:54 . 2009-12-05 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-04 20:48 . 2009-06-30 05:21 -------- d-----w- c:\documents and settings\Carcharias\Application Data\BitTorrent
2009-11-28 10:18 . 2009-11-28 10:18 -------- d-----w- c:\program files\Alwil Software
2009-11-13 03:28 . 2009-06-30 02:57 280144 ----a-w- c:\documents and settings\Carcharias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 03:27 . 2009-06-30 03:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 19:42 . 2009-10-01 15:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:37 . 2004-08-28 13:00 841216 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:37 . 2004-08-28 13:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:37 . 2004-08-28 13:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-25 04:07 . 2004-08-28 13:00 97382 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 04:07 . 2004-08-28 13:00 552540 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 05:50 . 2004-08-28 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-28 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2004-08-28 13:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:44 . 2004-08-28 13:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-28 13:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-28 13:00 113152 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 15:51 . 2009-10-09 15:51 152576 ----a-w- c:\documents and settings\Carcharias\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
------- Sigcheck -------
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
[-] 2004-08-28 . ADDC47DFD517F2143D71E9310E414B50 . 1789952 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2004-08-28 . 2B1CDC3C0A56D6878323F591FE4E972A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
[-] 2004-08-28 . 43836CFFABAC8D6779E8EE55E308DF2C . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-28 13:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
c:\windows\System32\drivers\beep.sys ... manque !!
c:\windows\System32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-04 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
"Vistadrv"="c:\windows\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"TransBar"="c:\windows\system32\transbar.exe" [2004-08-28 139264]
"Styler"="c:\program files\styler\Styler.exe" [2006-05-03 307200]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-12-14 1655552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2004-08-28 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-28 44544]
"nltide_3"="advpack.dll" [2009-10-29 124928]
c:\documents and settings\Carcharias\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [28/08/2004 14:00 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [28/08/2004 14:00 210224]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [14/12/2009 12:15 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [14/12/2009 12:15 24208]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [13/12/2009 17:46 108289]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/07/2009 10:25 721904]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
mStart Page = hxxp://www.google.fr
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Carcharias\Application Data\Mozilla\Firefox\Profiles\5e8irjad.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 10:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2304)
c:\windows\System32\VttHooks.dll
c:\program files\UberIcon\UberIcon.dll
c:\program files\styler\StylerHelper.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WgaTray.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\taskmgr.exe
c:\program files\Avira\AntiVir Desktop\update.exe
.
**************************************************************************
.
Heure de fin: 2010-01-05 10:16:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-05 09:16
ComboFix2.txt 2009-12-13 16:25
Avant-CF: 126 906 576 896 octets libres
Après-CF: 126 880 366 592 octets libres
- - End Of File - - 2EABD5708B57F31BD098F15B398551E7
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
5 janv. 2010 à 12:16
5 janv. 2010 à 12:16
Petit test, pour voir :
• Rends toi sur le site https://www.virustotal.com/gui/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : c:\windows\explorer.exe
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.
Si tu ne trouves pas le fichier, fais ceci :
• Menu Démarrer --> Panneau de configuration --> Options des dossiers --> Affichage
• Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
• Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.
Fais la même analyse pour ce fichier stp : c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
• Rends toi sur le site https://www.virustotal.com/gui/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : c:\windows\explorer.exe
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.
Si tu ne trouves pas le fichier, fais ceci :
• Menu Démarrer --> Panneau de configuration --> Options des dossiers --> Affichage
• Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
• Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.
Fais la même analyse pour ce fichier stp : c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
résultats du premier fichier (si je ne me plante pas) :
Information additionnelle
File size: 1789952 bytes
MD5...: addc47dfd517f2143d71e9310e414b50
SHA1..: 0f7eb317ea8e9c19f6a5865e7352a7ecef03b1d8
SHA256: f19e2923e8ec0fd79a4b129ae2660a2242956349086a12230b471839ad5a0811
ssdeep: 24576:7+yKlX8VAAtZp43k5HFcm18io/fWUK8ykdCvFmMF5Mj8sXdHRyx:7+MBtZ
pL578/K8y40FDF2gsXdHRyx
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1a55f
timedatestamp.....: 0x466fd448 (Wed Jun 13 11:26:00 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44b99 0x44c00 6.37 cc7927eec57bf3bd5184b7fae685f437
.data 0x46000 0x1db4 0x1800 1.30 cf446d2894d2d61265a59025c0c0a3af
.rsrc 0x48000 0x16ae1c 0x16b000 6.99 ab6212686bd29fba8d1b048aabc9f966
.reloc 0x1b3000 0x3734 0x3800 6.77 be96bba8c8d8da82413a562ecfb78357
( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Explorateur Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
et du second :
Information additionnelle
File size: 1037824 bytes
MD5...: f2317622d29f9ff0f88aeecd5f60f0dd
SHA1..: d54b0b83de6ee5922dd90db1446872bf32062b25
SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13
ssdeep: 12288:6HmcoCUyZtwAvAs4wTCyrPT7lvGVa/oXqoJpaz/g/J/v1S:4mfty/wAvN7
lrPlvGEoXJaz/g/J/t
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1a55f
timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0
.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103
.reloc 0xfc000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91
( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Explorateur Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Voilou, je ne sais pas trop si on a bientôt terminé ou pas (l'infestation semble s'être largement calmée mais la saloperie avait l'air vicieux) mais d'avance un grand merci m'sieur le bon samaritain !
J'étais parti pour tout formater ou jeter par la fenêtre, et je ne pouvais même plus formater...
Information additionnelle
File size: 1789952 bytes
MD5...: addc47dfd517f2143d71e9310e414b50
SHA1..: 0f7eb317ea8e9c19f6a5865e7352a7ecef03b1d8
SHA256: f19e2923e8ec0fd79a4b129ae2660a2242956349086a12230b471839ad5a0811
ssdeep: 24576:7+yKlX8VAAtZp43k5HFcm18io/fWUK8ykdCvFmMF5Mj8sXdHRyx:7+MBtZ
pL578/K8y40FDF2gsXdHRyx
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1a55f
timedatestamp.....: 0x466fd448 (Wed Jun 13 11:26:00 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44b99 0x44c00 6.37 cc7927eec57bf3bd5184b7fae685f437
.data 0x46000 0x1db4 0x1800 1.30 cf446d2894d2d61265a59025c0c0a3af
.rsrc 0x48000 0x16ae1c 0x16b000 6.99 ab6212686bd29fba8d1b048aabc9f966
.reloc 0x1b3000 0x3734 0x3800 6.77 be96bba8c8d8da82413a562ecfb78357
( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Explorateur Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
et du second :
Information additionnelle
File size: 1037824 bytes
MD5...: f2317622d29f9ff0f88aeecd5f60f0dd
SHA1..: d54b0b83de6ee5922dd90db1446872bf32062b25
SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13
ssdeep: 12288:6HmcoCUyZtwAvAs4wTCyrPT7lvGVa/oXqoJpaz/g/J/v1S:4mfty/wAvN7
lrPlvGEoXJaz/g/J/t
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1a55f
timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0
.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103
.reloc 0xfc000 0x374c 0x3800 6.78 ec335057489badbf6d8142b57175fd91
( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Explorateur Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Voilou, je ne sais pas trop si on a bientôt terminé ou pas (l'infestation semble s'être largement calmée mais la saloperie avait l'air vicieux) mais d'avance un grand merci m'sieur le bon samaritain !
J'étais parti pour tout formater ou jeter par la fenêtre, et je ne pouvais même plus formater...
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
6 janv. 2010 à 06:37
6 janv. 2010 à 06:37
Ok, on va pouvoir passer à la finition ;)
Fais redémarrer ton ordinateur et poste un nouveau rapport Hijackthis stp
Fais redémarrer ton ordinateur et poste un nouveau rapport Hijackthis stp
La voici la voilà :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:29, on 06/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21148)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carcharias\Mes documents\Téléchargements\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:29, on 06/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21148)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carcharias\Mes documents\Téléchargements\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
6 janv. 2010 à 13:44
6 janv. 2010 à 13:44
Très bien, ton ordinateur n'est plus infecté :)
Avant de te laisser partir, voici quelques conseils pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).
1) Sécurise ton ordinateur
• Logiciels de protection :
Garde un antivirus (Antivir), un pare-feu si tu le souhaites (Comodo). En complément, utilise MalwareBytes régulièrement pour son scan de nettoyage performant.
• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox. Une fois que c'est fait, lance le et installe les deux extensions de sécurité suivantes :
AdBlockPlus pour bloquer les publicités ;
WOT, pour t'avertir des sites web dangereux.
• Internet Explorer n'est pas à jour, c'est une faille de sécurité.
Menu démarrer --> Windows update --> recherche et installe toutes les mises à jour importantes. Si Internet Explorer n'y est pas, télécharge et installe IE 8 depuis ce lien : IE 8
• Vérifie que Java est pas à jour : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les (sauf la version 6 Update 17). Si tu n'as pas la version 6 Update 17, télécharge et installe la depuis le site officiel de java : https://java.com/fr/
• Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.
• Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker (attention, les liens proposés ne correspondent pas toujours à la version française des programmes, il faut parfois les chercher manuellement)
• Vaccine tes disques amovibles à l'aide de USBFix (de Chiquitine29 et C_XX) → lance l'installation avec les paramètres par défaut → Branche tes sources de données externes à ton PC (clé USB, disque dur externe, lecteur mp3, appareils photos numériques etc...) sans les ouvrir → Double clique sur le raccourci USBFix sur ton Bureau → Au menu principal, choisis l'option 3 (Vaccination).
2) Relance Hijackthis (pour la dernière fois), choisis "Do a system scan only" et coche les lignes suivantes qui sont inutiles :
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, ces 2 lignes devraient apparaitre, tu peux la cocher :
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
Coche également toutes les lignes commençant par 016 puis clique sur "Fix checked"
3) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé.
Lance le puis clique sur Recherche et patiente pendant le scan. A la fin, clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.
4) Télécharge et installe CCleaner, puis lance le.
Clique sur Option → avancé → décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis Nettoyeur → Analyse → Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, Registre → corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.
(Tu peux garder ce logiciel et l'utiliser régulièrement).
5) Pour terminer le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés). Pour ça, suis ce tutoriel stp.
6) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile) : Prévention et sécurité sur internet
7) Pour finir, je t'invite à faire régulièrement une sauvegarde de tes documents importants sur un support externe (disque dur externe, CD/DVD réinscriptible...)
Dans ce sujet, nous avons pu désinfecter ton ordinateur, mais ce n'est pas toujours le cas. Certaines infections cryptent les documents et demandent une rançon pour les récupérer, d'autres les modifient pour diffuser des infections, obligeant donc à les effacer... Il faut donc toujours avoir une sauvegarde saine de tes documents, sinon tu risques de les perdre.
Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
Avant de te laisser partir, voici quelques conseils pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).
1) Sécurise ton ordinateur
• Logiciels de protection :
Garde un antivirus (Antivir), un pare-feu si tu le souhaites (Comodo). En complément, utilise MalwareBytes régulièrement pour son scan de nettoyage performant.
• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox. Une fois que c'est fait, lance le et installe les deux extensions de sécurité suivantes :
AdBlockPlus pour bloquer les publicités ;
WOT, pour t'avertir des sites web dangereux.
• Internet Explorer n'est pas à jour, c'est une faille de sécurité.
Menu démarrer --> Windows update --> recherche et installe toutes les mises à jour importantes. Si Internet Explorer n'y est pas, télécharge et installe IE 8 depuis ce lien : IE 8
• Vérifie que Java est pas à jour : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les (sauf la version 6 Update 17). Si tu n'as pas la version 6 Update 17, télécharge et installe la depuis le site officiel de java : https://java.com/fr/
• Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.
• Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker (attention, les liens proposés ne correspondent pas toujours à la version française des programmes, il faut parfois les chercher manuellement)
• Vaccine tes disques amovibles à l'aide de USBFix (de Chiquitine29 et C_XX) → lance l'installation avec les paramètres par défaut → Branche tes sources de données externes à ton PC (clé USB, disque dur externe, lecteur mp3, appareils photos numériques etc...) sans les ouvrir → Double clique sur le raccourci USBFix sur ton Bureau → Au menu principal, choisis l'option 3 (Vaccination).
2) Relance Hijackthis (pour la dernière fois), choisis "Do a system scan only" et coche les lignes suivantes qui sont inutiles :
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, ces 2 lignes devraient apparaitre, tu peux la cocher :
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
Coche également toutes les lignes commençant par 016 puis clique sur "Fix checked"
3) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé.
Lance le puis clique sur Recherche et patiente pendant le scan. A la fin, clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.
4) Télécharge et installe CCleaner, puis lance le.
Clique sur Option → avancé → décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis Nettoyeur → Analyse → Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, Registre → corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.
(Tu peux garder ce logiciel et l'utiliser régulièrement).
5) Pour terminer le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés). Pour ça, suis ce tutoriel stp.
6) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile) : Prévention et sécurité sur internet
7) Pour finir, je t'invite à faire régulièrement une sauvegarde de tes documents importants sur un support externe (disque dur externe, CD/DVD réinscriptible...)
Dans ce sujet, nous avons pu désinfecter ton ordinateur, mais ce n'est pas toujours le cas. Certaines infections cryptent les documents et demandent une rançon pour les récupérer, d'autres les modifient pour diffuser des infections, obligeant donc à les effacer... Il faut donc toujours avoir une sauvegarde saine de tes documents, sinon tu risques de les perdre.
Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)