Alureon.h
Fermé
sieurvaa
Messages postés
6
Date d'inscription
lundi 31 mai 2010
Statut
Membre
Dernière intervention
31 mai 2010
-
31 mai 2010 à 12:24
sieurvaa Messages postés 6 Date d'inscription lundi 31 mai 2010 Statut Membre Dernière intervention 31 mai 2010 - 31 mai 2010 à 17:26
sieurvaa Messages postés 6 Date d'inscription lundi 31 mai 2010 Statut Membre Dernière intervention 31 mai 2010 - 31 mai 2010 à 17:26
8 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
31 mai 2010 à 12:30
31 mai 2010 à 12:30
Salut,
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
sieurvaa
Messages postés
6
Date d'inscription
lundi 31 mai 2010
Statut
Membre
Dernière intervention
31 mai 2010
31 mai 2010 à 15:43
31 mai 2010 à 15:43
Merci pour les conseils, voici le rapport de Combofix :
ComboFix 10-05-30.08 - Agnès 31/05/2010 15:10:22.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2274 [GMT 2:00]
Lancé depuis: c:\users\Agnès\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-31 ))))))))))))))))))))))))))))))))))))
.
2010-05-31 13:32 . 2010-05-31 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 12:20 . 2010-05-31 12:20 292840 ----a-w- c:\windows\system32\drivers\VOLMGRX.SYS
2010-05-31 11:44 . 2010-05-31 11:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-28 19:33 . 2010-05-30 12:09 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-28 08:50 . 2010-05-28 08:50 292840 ----a-w- c:\windows\system32\drivers\veqibhot.sys
2010-05-27 09:24 . 2010-05-27 09:24 292840 ----a-w- c:\windows\system32\drivers\fsogpghg.sys
2010-05-26 20:35 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 15:25 . 2010-05-26 15:25 292840 ----a-w- c:\windows\system32\drivers\gvtlkyno.sys
2010-05-25 16:42 . 2010-05-25 16:42 292840 ----a-w- c:\windows\system32\drivers\gdstcqrb.sys
2010-05-25 08:16 . 2010-05-25 08:16 292840 ----a-w- c:\windows\system32\drivers\xvuduxlb.sys
2010-05-24 07:48 . 2010-05-24 07:48 292840 ----a-w- c:\windows\system32\drivers\plikyqdz.sys
2010-05-23 10:56 . 2010-05-23 10:56 292840 ----a-w- c:\windows\system32\drivers\upbpdrft.sys
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- C:\rsit
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- c:\program files\trend micro
2010-05-22 12:18 . 2010-05-22 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-22 12:18 . 2010-05-22 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 08:38 . 2010-05-22 08:38 292840 ----a-w- c:\windows\system32\drivers\rhtxopop.sys
2010-05-21 20:17 . 2010-05-21 20:17 292840 ----a-w- c:\windows\system32\drivers\gjelumus.sys
2010-05-21 15:04 . 2010-05-21 15:04 292840 ----a-w- c:\windows\system32\drivers\uzeahjtd.sys
2010-05-20 09:36 . 2010-05-20 09:36 292840 ----a-w- c:\windows\system32\drivers\hoeehthh.sys
2010-05-19 20:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\programdata\Malwarebytes
2010-05-19 20:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 20:45 . 2010-05-19 20:45 292840 ----a-w- c:\windows\system32\drivers\wgmkyxpb.sys
2010-05-15 12:57 . 2010-05-15 14:48 -------- d-----w- C:\gPotato.eu
2010-05-12 08:58 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 13:03 . 2008-04-16 11:16 698826 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 13:03 . 2008-04-16 11:16 136078 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-31 12:56 . 2008-08-08 17:55 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-25 17:10 . 2009-04-01 18:10 -------- d-----w- c:\program files\PDFCreator
2010-05-21 12:14 . 2009-10-03 09:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 08:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 07:51 . 2008-08-08 16:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 21:45 . 2009-10-30 11:17 -------- d-----w- c:\program files\iTunes
2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- c:\program files\iPod
2010-04-29 21:44 . 2008-10-19 17:28 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:41 . 2008-10-19 17:30 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:39 . 2010-04-29 21:39 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:10 . 2008-10-19 00:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 09:07 . 2010-04-28 09:07 -------- d-----w- c:\programdata\FLEXnet
2010-04-27 19:13 . 2008-10-23 19:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-24 10:08 . 2009-09-26 12:27 -------- d-----w- c:\program files\Java
2010-04-16 18:00 . 2010-04-27 19:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-12 15:29 . 2010-04-24 10:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 17:48 . 2010-02-25 09:39 105936 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\000C\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 1657 ----a-w- c:\windows\inf\Ovi Player\tmpCD97.tmp
2010-04-10 17:45 . 2010-04-10 17:07 -------- d-----w- c:\program files\Nokia
2010-04-10 17:35 . 2010-04-10 17:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-10 17:35 . 2010-04-10 17:32 -------- d-----w- c:\programdata\PC Suite
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 17:18 . 2010-04-10 17:13 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\000C\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0009\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0000\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 1657 ----a-w- c:\windows\inf\Nokia Music\tmpA8C.tmp
2010-04-10 17:17 . 2010-04-10 17:17 -------- d-----w- c:\programdata\NokiaMusic
2010-04-10 17:15 . 2010-04-10 17:15 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-10 17:11 . 2010-04-10 17:11 -------- d-----w- c:\program files\DIFX
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 15:56 . 2010-04-03 15:55 -------- d-----w- c:\program files\Spotify
2010-04-02 09:15 . 2010-04-02 09:14 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 09:11 . 2010-04-02 09:11 -------- d-----w- c:\program files\QuickTime
2010-03-15 09:31 . 2010-04-27 19:12 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-09 16:25 . 2010-03-31 17:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 17:54 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 09:39 430080 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-08 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-08 33136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,9a,98,b2,13,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4039584191-2072633108-2185759582-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
R1 mgglauir;mgglauir;c:\windows\system32\drivers\mgglauir.sys [x]
R1 xoxyjrqs;xoxyjrqs;c:\windows\system32\drivers\xoxyjrqs.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Agnès\AppData\Roaming\Mozilla\Firefox\Profiles\m6irxggk.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 15:33
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\ADSM_PData_0150
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-05-31 15:36:43
ComboFix-quarantined-files.txt 2010-05-31 13:36
Avant-CF: 59 171 647 488 octets libres
Après-CF: 61 318 365 184 octets libres
- - End Of File - - 3BE35C9E8736314D2EA8E96A0801168E
ComboFix 10-05-30.08 - Agnès 31/05/2010 15:10:22.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2274 [GMT 2:00]
Lancé depuis: c:\users\Agnès\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-31 ))))))))))))))))))))))))))))))))))))
.
2010-05-31 13:32 . 2010-05-31 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 12:20 . 2010-05-31 12:20 292840 ----a-w- c:\windows\system32\drivers\VOLMGRX.SYS
2010-05-31 11:44 . 2010-05-31 11:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-28 19:33 . 2010-05-30 12:09 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-28 08:50 . 2010-05-28 08:50 292840 ----a-w- c:\windows\system32\drivers\veqibhot.sys
2010-05-27 09:24 . 2010-05-27 09:24 292840 ----a-w- c:\windows\system32\drivers\fsogpghg.sys
2010-05-26 20:35 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 15:25 . 2010-05-26 15:25 292840 ----a-w- c:\windows\system32\drivers\gvtlkyno.sys
2010-05-25 16:42 . 2010-05-25 16:42 292840 ----a-w- c:\windows\system32\drivers\gdstcqrb.sys
2010-05-25 08:16 . 2010-05-25 08:16 292840 ----a-w- c:\windows\system32\drivers\xvuduxlb.sys
2010-05-24 07:48 . 2010-05-24 07:48 292840 ----a-w- c:\windows\system32\drivers\plikyqdz.sys
2010-05-23 10:56 . 2010-05-23 10:56 292840 ----a-w- c:\windows\system32\drivers\upbpdrft.sys
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- C:\rsit
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- c:\program files\trend micro
2010-05-22 12:18 . 2010-05-22 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-22 12:18 . 2010-05-22 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 08:38 . 2010-05-22 08:38 292840 ----a-w- c:\windows\system32\drivers\rhtxopop.sys
2010-05-21 20:17 . 2010-05-21 20:17 292840 ----a-w- c:\windows\system32\drivers\gjelumus.sys
2010-05-21 15:04 . 2010-05-21 15:04 292840 ----a-w- c:\windows\system32\drivers\uzeahjtd.sys
2010-05-20 09:36 . 2010-05-20 09:36 292840 ----a-w- c:\windows\system32\drivers\hoeehthh.sys
2010-05-19 20:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\programdata\Malwarebytes
2010-05-19 20:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 20:45 . 2010-05-19 20:45 292840 ----a-w- c:\windows\system32\drivers\wgmkyxpb.sys
2010-05-15 12:57 . 2010-05-15 14:48 -------- d-----w- C:\gPotato.eu
2010-05-12 08:58 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 13:03 . 2008-04-16 11:16 698826 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 13:03 . 2008-04-16 11:16 136078 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-31 12:56 . 2008-08-08 17:55 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-25 17:10 . 2009-04-01 18:10 -------- d-----w- c:\program files\PDFCreator
2010-05-21 12:14 . 2009-10-03 09:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 08:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 07:51 . 2008-08-08 16:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 21:45 . 2009-10-30 11:17 -------- d-----w- c:\program files\iTunes
2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- c:\program files\iPod
2010-04-29 21:44 . 2008-10-19 17:28 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:41 . 2008-10-19 17:30 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:39 . 2010-04-29 21:39 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:10 . 2008-10-19 00:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 09:07 . 2010-04-28 09:07 -------- d-----w- c:\programdata\FLEXnet
2010-04-27 19:13 . 2008-10-23 19:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-24 10:08 . 2009-09-26 12:27 -------- d-----w- c:\program files\Java
2010-04-16 18:00 . 2010-04-27 19:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-12 15:29 . 2010-04-24 10:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 17:48 . 2010-02-25 09:39 105936 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\000C\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 1657 ----a-w- c:\windows\inf\Ovi Player\tmpCD97.tmp
2010-04-10 17:45 . 2010-04-10 17:07 -------- d-----w- c:\program files\Nokia
2010-04-10 17:35 . 2010-04-10 17:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-10 17:35 . 2010-04-10 17:32 -------- d-----w- c:\programdata\PC Suite
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 17:18 . 2010-04-10 17:13 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\000C\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0009\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0000\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 1657 ----a-w- c:\windows\inf\Nokia Music\tmpA8C.tmp
2010-04-10 17:17 . 2010-04-10 17:17 -------- d-----w- c:\programdata\NokiaMusic
2010-04-10 17:15 . 2010-04-10 17:15 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-10 17:11 . 2010-04-10 17:11 -------- d-----w- c:\program files\DIFX
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 15:56 . 2010-04-03 15:55 -------- d-----w- c:\program files\Spotify
2010-04-02 09:15 . 2010-04-02 09:14 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 09:11 . 2010-04-02 09:11 -------- d-----w- c:\program files\QuickTime
2010-03-15 09:31 . 2010-04-27 19:12 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-09 16:25 . 2010-03-31 17:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 17:54 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 09:39 430080 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-08 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-08 33136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,9a,98,b2,13,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4039584191-2072633108-2185759582-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
R1 mgglauir;mgglauir;c:\windows\system32\drivers\mgglauir.sys [x]
R1 xoxyjrqs;xoxyjrqs;c:\windows\system32\drivers\xoxyjrqs.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Agnès\AppData\Roaming\Mozilla\Firefox\Profiles\m6irxggk.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 15:33
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\ADSM_PData_0150
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-05-31 15:36:43
ComboFix-quarantined-files.txt 2010-05-31 13:36
Avant-CF: 59 171 647 488 octets libres
Après-CF: 61 318 365 184 octets libres
- - End Of File - - 3BE35C9E8736314D2EA8E96A0801168E
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
31 mai 2010 à 15:56
31 mai 2010 à 15:56
* Telecharge:: http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
-> http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
* dezippe le , Lance l'épée , executer en tant qu'administrateur sous vista
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
begin copying here:
Drivers to delete:
veqibhot
fsogpghg
gvtlkyno
gdstcqrb
xvuduxlb
plikyqdz
upbpdrft
wgmkyxpb
Files to delete:
c:\windows\system32\drivers\veqibhot.sys
c:\windows\system32\drivers\fsogpghg.sys
c:\windows\system32\drivers\gvtlkyno.sys
c:\windows\system32\drivers\gdstcqrb.sys
c:\windows\system32\drivers\xvuduxlb.sys
c:\windows\system32\drivers\plikyqdz.sys
c:\windows\system32\drivers\upbpdrft.sys
c:\windows\system32\drivers\wgmkyxpb.sys
c:\windows\system32\acovcnt.exe
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
Relance Combofix et poste le rapport ici.
-> http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
* dezippe le , Lance l'épée , executer en tant qu'administrateur sous vista
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
begin copying here:
Drivers to delete:
veqibhot
fsogpghg
gvtlkyno
gdstcqrb
xvuduxlb
plikyqdz
upbpdrft
wgmkyxpb
Files to delete:
c:\windows\system32\drivers\veqibhot.sys
c:\windows\system32\drivers\fsogpghg.sys
c:\windows\system32\drivers\gvtlkyno.sys
c:\windows\system32\drivers\gdstcqrb.sys
c:\windows\system32\drivers\xvuduxlb.sys
c:\windows\system32\drivers\plikyqdz.sys
c:\windows\system32\drivers\upbpdrft.sys
c:\windows\system32\drivers\wgmkyxpb.sys
c:\windows\system32\acovcnt.exe
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
Relance Combofix et poste le rapport ici.
sieurvaa
Messages postés
6
Date d'inscription
lundi 31 mai 2010
Statut
Membre
Dernière intervention
31 mai 2010
31 mai 2010 à 16:51
31 mai 2010 à 16:51
Voici le rapport Avenger :
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\veqibhot" not found!
Deletion of driver "veqibhot" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\fsogpghg" not found!
Deletion of driver "fsogpghg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gvtlkyno" not found!
Deletion of driver "gvtlkyno" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gdstcqrb" not found!
Deletion of driver "gdstcqrb" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\xvuduxlb" not found!
Deletion of driver "xvuduxlb" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\plikyqdz" not found!
Deletion of driver "plikyqdz" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\upbpdrft" not found!
Deletion of driver "upbpdrft" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wgmkyxpb" not found!
Deletion of driver "wgmkyxpb" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "c:\windows\system32\drivers\veqibhot.sys" deleted successfully.
File "c:\windows\system32\drivers\fsogpghg.sys" deleted successfully.
File "c:\windows\system32\drivers\gvtlkyno.sys" deleted successfully.
File "c:\windows\system32\drivers\gdstcqrb.sys" deleted successfully.
File "c:\windows\system32\drivers\xvuduxlb.sys" deleted successfully.
File "c:\windows\system32\drivers\plikyqdz.sys" deleted successfully.
File "c:\windows\system32\drivers\upbpdrft.sys" deleted successfully.
File "c:\windows\system32\drivers\wgmkyxpb.sys" deleted successfully.
File "c:\windows\system32\acovcnt.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\veqibhot" not found!
Deletion of driver "veqibhot" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\fsogpghg" not found!
Deletion of driver "fsogpghg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gvtlkyno" not found!
Deletion of driver "gvtlkyno" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gdstcqrb" not found!
Deletion of driver "gdstcqrb" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\xvuduxlb" not found!
Deletion of driver "xvuduxlb" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\plikyqdz" not found!
Deletion of driver "plikyqdz" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\upbpdrft" not found!
Deletion of driver "upbpdrft" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wgmkyxpb" not found!
Deletion of driver "wgmkyxpb" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "c:\windows\system32\drivers\veqibhot.sys" deleted successfully.
File "c:\windows\system32\drivers\fsogpghg.sys" deleted successfully.
File "c:\windows\system32\drivers\gvtlkyno.sys" deleted successfully.
File "c:\windows\system32\drivers\gdstcqrb.sys" deleted successfully.
File "c:\windows\system32\drivers\xvuduxlb.sys" deleted successfully.
File "c:\windows\system32\drivers\plikyqdz.sys" deleted successfully.
File "c:\windows\system32\drivers\upbpdrft.sys" deleted successfully.
File "c:\windows\system32\drivers\wgmkyxpb.sys" deleted successfully.
File "c:\windows\system32\acovcnt.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
sieurvaa
Messages postés
6
Date d'inscription
lundi 31 mai 2010
Statut
Membre
Dernière intervention
31 mai 2010
31 mai 2010 à 16:52
31 mai 2010 à 16:52
Et le nouveau rapport Combofix :
ComboFix 10-05-30.08 - Agnès 31/05/2010 16:19:08.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2274 [GMT 2:00]
Lancé depuis: c:\users\Agnès\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-31 ))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:41 . 2010-05-31 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-31 14:41 . 2010-05-31 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 14:04 . 2010-05-31 14:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-31 12:20 . 2010-05-31 12:20 292840 ----a-w- c:\windows\system32\drivers\VOLMGRX.SYS
2010-05-31 11:44 . 2010-05-31 11:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-28 19:33 . 2010-05-30 12:09 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-26 20:35 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- C:\rsit
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- c:\program files\trend micro
2010-05-22 12:18 . 2010-05-22 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-22 12:18 . 2010-05-22 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 08:38 . 2010-05-22 08:38 292840 ----a-w- c:\windows\system32\drivers\rhtxopop.sys
2010-05-21 20:17 . 2010-05-21 20:17 292840 ----a-w- c:\windows\system32\drivers\gjelumus.sys
2010-05-21 15:04 . 2010-05-21 15:04 292840 ----a-w- c:\windows\system32\drivers\uzeahjtd.sys
2010-05-20 09:36 . 2010-05-20 09:36 292840 ----a-w- c:\windows\system32\drivers\hoeehthh.sys
2010-05-19 20:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\programdata\Malwarebytes
2010-05-19 20:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:57 . 2010-05-15 14:48 -------- d-----w- C:\gPotato.eu
2010-05-12 08:58 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:16 . 2008-04-16 11:16 698826 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 14:16 . 2008-04-16 11:16 136078 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-25 17:10 . 2009-04-01 18:10 -------- d-----w- c:\program files\PDFCreator
2010-05-21 12:14 . 2009-10-03 09:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 08:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 07:51 . 2008-08-08 16:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 21:45 . 2009-10-30 11:17 -------- d-----w- c:\program files\iTunes
2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- c:\program files\iPod
2010-04-29 21:44 . 2008-10-19 17:28 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:41 . 2008-10-19 17:30 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:39 . 2010-04-29 21:39 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:10 . 2008-10-19 00:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 09:07 . 2010-04-28 09:07 -------- d-----w- c:\programdata\FLEXnet
2010-04-27 19:13 . 2008-10-23 19:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-24 10:08 . 2009-09-26 12:27 -------- d-----w- c:\program files\Java
2010-04-16 18:00 . 2010-04-27 19:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-12 15:29 . 2010-04-24 10:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 17:48 . 2010-02-25 09:39 105936 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\000C\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 1657 ----a-w- c:\windows\inf\Ovi Player\tmpCD97.tmp
2010-04-10 17:45 . 2010-04-10 17:07 -------- d-----w- c:\program files\Nokia
2010-04-10 17:35 . 2010-04-10 17:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-10 17:35 . 2010-04-10 17:32 -------- d-----w- c:\programdata\PC Suite
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 17:18 . 2010-04-10 17:13 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\000C\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0009\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0000\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 1657 ----a-w- c:\windows\inf\Nokia Music\tmpA8C.tmp
2010-04-10 17:17 . 2010-04-10 17:17 -------- d-----w- c:\programdata\NokiaMusic
2010-04-10 17:15 . 2010-04-10 17:15 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-10 17:11 . 2010-04-10 17:11 -------- d-----w- c:\program files\DIFX
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 15:56 . 2010-04-03 15:55 -------- d-----w- c:\program files\Spotify
2010-04-02 09:15 . 2010-04-02 09:14 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 09:11 . 2010-04-02 09:11 -------- d-----w- c:\program files\QuickTime
2010-03-15 09:31 . 2010-04-27 19:12 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-09 16:25 . 2010-03-31 17:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 17:54 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 09:39 430080 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-31_13.33.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-05-31 14:11 82284 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-31 12:59 82284 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-11-25 12:16 . 2010-05-31 12:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 12:16 . 2010-05-31 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-25 12:16 . 2010-05-31 12:56 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-25 12:16 . 2010-05-31 14:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-25 12:16 . 2010-05-31 12:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-25 12:16 . 2010-05-31 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-19 00:00 . 2010-05-31 14:11 6848 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4039584191-2072633108-2185759582-1000_UserData.bin
- 2008-10-19 00:00 . 2010-05-31 12:59 6848 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4039584191-2072633108-2185759582-1000_UserData.bin
+ 2010-05-31 14:08 . 2010-05-31 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-31 12:56 . 2010-05-31 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-31 12:56 . 2010-05-31 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-31 14:08 . 2010-05-31 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-05-31 14:16 615502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-31 13:03 615502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-31 13:03 112902 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-31 14:16 112902 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-08 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-08 33136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,9a,98,b2,13,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4039584191-2072633108-2185759582-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
R1 mgglauir;mgglauir;c:\windows\system32\drivers\mgglauir.sys [x]
R1 xoxyjrqs;xoxyjrqs;c:\windows\system32\drivers\xoxyjrqs.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Agnès\AppData\Roaming\Mozilla\Firefox\Profiles\m6irxggk.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 16:41
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-05-31 16:44:45
ComboFix-quarantined-files.txt 2010-05-31 14:44
Avant-CF: 61 294 407 680 octets libres
Après-CF: 60 934 696 960 octets libres
- - End Of File - - 91D47445D52A8CF80FD77850C7CBE3D4
ComboFix 10-05-30.08 - Agnès 31/05/2010 16:19:08.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2274 [GMT 2:00]
Lancé depuis: c:\users\Agnès\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-31 ))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:41 . 2010-05-31 14:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-31 14:41 . 2010-05-31 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 14:04 . 2010-05-31 14:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-31 12:20 . 2010-05-31 12:20 292840 ----a-w- c:\windows\system32\drivers\VOLMGRX.SYS
2010-05-31 11:44 . 2010-05-31 11:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-28 19:33 . 2010-05-30 12:09 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-26 20:35 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- C:\rsit
2010-05-22 12:26 . 2010-05-22 12:26 -------- d-----w- c:\program files\trend micro
2010-05-22 12:18 . 2010-05-22 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-22 12:18 . 2010-05-22 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 08:38 . 2010-05-22 08:38 292840 ----a-w- c:\windows\system32\drivers\rhtxopop.sys
2010-05-21 20:17 . 2010-05-21 20:17 292840 ----a-w- c:\windows\system32\drivers\gjelumus.sys
2010-05-21 15:04 . 2010-05-21 15:04 292840 ----a-w- c:\windows\system32\drivers\uzeahjtd.sys
2010-05-20 09:36 . 2010-05-20 09:36 292840 ----a-w- c:\windows\system32\drivers\hoeehthh.sys
2010-05-19 20:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\programdata\Malwarebytes
2010-05-19 20:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 20:51 . 2010-05-19 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 12:57 . 2010-05-15 14:48 -------- d-----w- C:\gPotato.eu
2010-05-12 08:58 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:16 . 2008-04-16 11:16 698826 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 14:16 . 2008-04-16 11:16 136078 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-25 17:10 . 2009-04-01 18:10 -------- d-----w- c:\program files\PDFCreator
2010-05-21 12:14 . 2009-10-03 09:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 08:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 07:51 . 2008-08-08 16:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 21:45 . 2009-10-30 11:17 -------- d-----w- c:\program files\iTunes
2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- c:\program files\iPod
2010-04-29 21:44 . 2008-10-19 17:28 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:41 . 2008-10-19 17:30 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:39 . 2010-04-29 21:39 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:10 . 2008-10-19 00:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 09:07 . 2010-04-28 09:07 -------- d-----w- c:\programdata\FLEXnet
2010-04-27 19:13 . 2008-10-23 19:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-24 10:08 . 2009-09-26 12:27 -------- d-----w- c:\program files\Java
2010-04-16 18:00 . 2010-04-27 19:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-12 15:29 . 2010-04-24 10:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 17:48 . 2010-02-25 09:39 105936 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\000C\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0009\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 52948 ----a-w- c:\windows\inf\Ovi Player\0000\tmpCD96.tmp
2010-04-10 17:45 . 2010-04-10 17:45 1657 ----a-w- c:\windows\inf\Ovi Player\tmpCD97.tmp
2010-04-10 17:45 . 2010-04-10 17:07 -------- d-----w- c:\program files\Nokia
2010-04-10 17:35 . 2010-04-10 17:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-10 17:35 . 2010-04-10 17:32 -------- d-----w- c:\programdata\PC Suite
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-10 17:33 . 2010-04-10 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-10 17:18 . 2010-04-10 17:13 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\000C\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0009\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 52960 ----a-w- c:\windows\inf\Nokia Music\0000\tmpA8B.tmp
2010-04-10 17:17 . 2010-04-10 17:17 1657 ----a-w- c:\windows\inf\Nokia Music\tmpA8C.tmp
2010-04-10 17:17 . 2010-04-10 17:17 -------- d-----w- c:\programdata\NokiaMusic
2010-04-10 17:15 . 2010-04-10 17:15 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-10 17:11 . 2010-04-10 17:11 -------- d-----w- c:\program files\DIFX
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 15:56 . 2010-04-03 15:55 -------- d-----w- c:\program files\Spotify
2010-04-02 09:15 . 2010-04-02 09:14 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 09:11 . 2010-04-02 09:11 -------- d-----w- c:\program files\QuickTime
2010-03-15 09:31 . 2010-04-27 19:12 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-09 16:25 . 2010-03-31 17:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 17:54 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 09:39 430080 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-31_13.33.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-05-31 14:11 82284 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-31 12:59 82284 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-11-25 12:16 . 2010-05-31 12:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 12:16 . 2010-05-31 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-25 12:16 . 2010-05-31 12:56 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-25 12:16 . 2010-05-31 14:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-25 12:16 . 2010-05-31 12:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-25 12:16 . 2010-05-31 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-19 00:00 . 2010-05-31 14:11 6848 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4039584191-2072633108-2185759582-1000_UserData.bin
- 2008-10-19 00:00 . 2010-05-31 12:59 6848 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4039584191-2072633108-2185759582-1000_UserData.bin
+ 2010-05-31 14:08 . 2010-05-31 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-31 12:56 . 2010-05-31 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-31 12:56 . 2010-05-31 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-31 14:08 . 2010-05-31 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-05-31 14:16 615502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-31 13:03 615502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-31 13:03 112902 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-31 14:16 112902 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-08 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-08 33136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,9a,98,b2,13,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4039584191-2072633108-2185759582-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
R1 mgglauir;mgglauir;c:\windows\system32\drivers\mgglauir.sys [x]
R1 xoxyjrqs;xoxyjrqs;c:\windows\system32\drivers\xoxyjrqs.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Agnès\AppData\Roaming\Mozilla\Firefox\Profiles\m6irxggk.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 16:41
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-05-31 16:44:45
ComboFix-quarantined-files.txt 2010-05-31 14:44
Avant-CF: 61 294 407 680 octets libres
Après-CF: 60 934 696 960 octets libres
- - End Of File - - 91D47445D52A8CF80FD77850C7CBE3D4
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
31 mai 2010 à 16:53
31 mai 2010 à 16:53
Télécharge GMER à partir de ce lien : http://www.gmer.net#files - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : https://www.malekal.com/tutorial-gmer/
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
[b]IMPORTANT:[/b] Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
Décoche Registry.
Clic sur Scan
Lorsque le scan est terminé, clic sur "Copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Voir le tutorial GMER, ça peut peut-être t'aider : https://www.malekal.com/tutorial-gmer/
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
[b]IMPORTANT:[/b] Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
Décoche Registry.
Clic sur Scan
Lorsque le scan est terminé, clic sur "Copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
sieurvaa
Messages postés
6
Date d'inscription
lundi 31 mai 2010
Statut
Membre
Dernière intervention
31 mai 2010
31 mai 2010 à 17:14
31 mai 2010 à 17:14
GMER cesse de fonctionner pendant le scan, pourtant tout est bien fermé, et les protections sont désactivées.
Tigzy
Messages postés
7498
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 septembre 2021
582
31 mai 2010 à 17:19
31 mai 2010 à 17:19
@malekal:
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
un petit deffoger? ^^
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-07 721904]
un petit deffoger? ^^
sieurvaa
Messages postés
6
Date d'inscription
lundi 31 mai 2010
Statut
Membre
Dernière intervention
31 mai 2010
31 mai 2010 à 17:26
31 mai 2010 à 17:26
Voici le rapport GMER, il ne va pas plus loin, après ça, il plante. J'ai pu copié dans le presse papier le rapport en court juste avant le plantage.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 17:25:16
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\AGNS~1\AppData\Local\Temp\kwliqaob.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 83F63BF8
INT 0x52 ? 85D20BF8
INT 0x62 ? 85D20BF8
INT 0x72 ? 85D20BF8
INT 0xB2 ? 83F63BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spyr.sys Le chemin d'accès spécifié est introuvable. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E002000, 0x2CB74C, 0xE8000020]
.text USBPORT.SYS!DllUnload 8A1CA41B 5 Bytes JMP 85D201D8
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5172] ntdll.dll!LdrLoadDll 77CC9390 5 Bytes JMP 010013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806926D6] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80692042] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80692800] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806920C0] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069213E] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A1E9C] \SystemRoot\System32\Drivers\spyr.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74CAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74CDCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84D291F8
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\fastfat \FatCdrom A22E41F8
Device \FileSystem\udfs \UdfsCdRom 84B29500
Device \FileSystem\udfs \UdfsDisk 84B29500
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 17:25:16
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\AGNS~1\AppData\Local\Temp\kwliqaob.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 83F63BF8
INT 0x52 ? 85D20BF8
INT 0x62 ? 85D20BF8
INT 0x72 ? 85D20BF8
INT 0xB2 ? 83F63BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spyr.sys Le chemin d'accès spécifié est introuvable. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E002000, 0x2CB74C, 0xE8000020]
.text USBPORT.SYS!DllUnload 8A1CA41B 5 Bytes JMP 85D201D8
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5172] ntdll.dll!LdrLoadDll 77CC9390 5 Bytes JMP 010013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806926D6] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80692042] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80692800] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806920C0] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069213E] \SystemRoot\System32\Drivers\spyr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A1E9C] \SystemRoot\System32\Drivers\spyr.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74CAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74CDCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84D291F8
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\fastfat \FatCdrom A22E41F8
Device \FileSystem\udfs \UdfsCdRom 84B29500
Device \FileSystem\udfs \UdfsDisk 84B29500