A voir également:
- Security tools
- Daemon tools - Télécharger - Émulation & Virtualisation
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Time tools - Télécharger - Comptabilité & Facturation
- Pc tools - Télécharger - Divers Utilitaires
- Media creation tools - Télécharger - Systèmes d'exploitation
24 réponses
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
Rootkit::
C:\Windows\System32\drivers\tfvayomf.sys
Driver::
tfvayomf
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
damien
je n'arrive plus à désactiver mes protections
ComboFix 10-10-10.03 - Morgane 11/10/2010 17:55:40.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.978 [GMT 2:00]
Lancé depuis: c:\users\Morgane\Downloads\morgane.exe
Commutateurs utilisés :: c:\users\Morgane\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 091130-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 091130-0] *disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-11 au 2010-10-11 ))))))))))))))))))))))))))))))))))))
.
2010-10-11 16:02 . 2010-10-11 16:04 -------- d-----w- c:\users\Morgane\AppData\Local\temp
2010-10-11 16:02 . 2010-10-11 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-11 15:37 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14EF5342-8EAB-4F68-88E1-184D829D24A3}\mpengine.dll
2010-10-11 15:37 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-11 15:17 . 2008-03-06 07:58 184320 ----a-w- c:\windows\system32\igfxres.dll
2010-10-11 14:57 . 2010-10-11 15:13 -------- d-----w- C:\morgane
2010-10-11 12:45 . 2010-10-11 12:50 -------- d-----w- c:\program files\Ad-Remover
2010-10-11 11:29 . 2010-10-11 13:19 -------- d-----w- C:\Kill'em
2010-10-11 11:28 . 2010-10-11 13:43 -------- d-----w- c:\program files\List_Kill'em
2010-10-11 09:19 . 2010-10-11 09:19 -------- d-----w- c:\users\Morgane\AppData\Roaming\Malwarebytes
2010-10-11 09:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 09:19 . 2010-10-11 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 09:19 . 2010-10-11 09:19 -------- d-----w- c:\programdata\Malwarebytes
2010-10-11 09:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-10 22:10 . 2010-10-10 22:10 -------- d-----w- c:\users\Morgane\AppData\Roaming\Sql
2010-10-07 10:27 . 2010-10-07 10:27 -------- d-----w- c:\programdata\ReviverSoft
2010-10-07 10:27 . 2010-10-07 10:30 -------- d-----w- c:\users\Morgane\AppData\Roaming\FMZilla
2010-10-07 10:27 . 2010-10-07 10:27 -------- d-----w- C:\downloads
2010-10-07 10:27 . 2010-10-07 10:28 -------- d-----w- c:\users\Morgane\AppData\Local\OpenCandy
2010-10-07 10:27 . 2010-10-07 10:27 -------- d-----w- c:\users\Morgane\AppData\Roaming\OpenCandy
2010-10-02 12:43 . 2010-10-02 12:43 -------- d-----w- C:\found.000
2010-10-01 12:50 . 2010-10-01 12:50 -------- d-----w- c:\users\Morgane\AppData\Roaming\Leadertech
2010-10-01 12:23 . 2010-10-01 12:23 -------- d-----w- c:\program files\Alcohol Soft
2010-10-01 11:57 . 2010-10-01 12:19 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-01 11:56 . 2010-10-01 11:56 -------- d-----w- c:\users\Morgane\AppData\Roaming\DAEMON Tools Lite
2010-10-01 11:56 . 2010-10-01 11:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-10-01 11:54 . 2010-10-01 11:54 -------- d-----w- c:\programdata\Driver Mender
2010-09-30 16:23 . 2008-07-30 04:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-09-30 16:22 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-09-29 07:44 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 19:48 . 2010-09-28 19:50 -------- d-----w- C:\FLP
2010-09-28 16:10 . 2010-10-05 17:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-21 17:16 . 2010-10-10 22:21 -------- d-----w- c:\programdata\Norton
2010-09-21 17:16 . 2010-10-10 22:21 -------- d-----w- c:\programdata\Symantec
2010-09-21 14:15 . 2010-09-21 14:15 -------- d-----w- c:\windows\system32\Adobe
2010-09-17 16:17 . 2010-09-17 16:17 -------- d-----w- c:\users\Morgane\AppData\Local\Mozilla
2010-09-16 13:50 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 13:49 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 13:49 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 13:44 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-16 13:43 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-08-01 2515552]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-08-01 23:23 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-08-01 2515552]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-08-01 2515552]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-08 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-09 319792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-17 3738856]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-8 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-08 20:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-22 30192]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 436792]
S1 aswSP;avast! Self Protection; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
Contenu du dossier 'Tâches planifiées'
2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:22]
2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\users\Morgane\AppData\Roaming\Mozilla\Firefox\Profiles\l86koca1.default\
FF - prefs.js: browser.startup.homepage - hxxp://WWW.GOOGLE.FR
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-10-11 18:11:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-11 16:11
ComboFix2.txt 2010-10-11 15:13
Avant-CF: 34 656 927 744 octets libres
Après-CF: 34 547 273 728 octets libres
- - End Of File - - 53FA7B87099C627FCEAED8C68A5CD54B
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.978 [GMT 2:00]
Lancé depuis: c:\users\Morgane\Downloads\morgane.exe
Commutateurs utilisés :: c:\users\Morgane\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 091130-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 091130-0] *disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-11 au 2010-10-11 ))))))))))))))))))))))))))))))))))))
.
2010-10-11 16:02 . 2010-10-11 16:04 -------- d-----w- c:\users\Morgane\AppData\Local\temp
2010-10-11 16:02 . 2010-10-11 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-11 15:37 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14EF5342-8EAB-4F68-88E1-184D829D24A3}\mpengine.dll
2010-10-11 15:37 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-11 15:17 . 2008-03-06 07:58 184320 ----a-w- c:\windows\system32\igfxres.dll
2010-10-11 14:57 . 2010-10-11 15:13 -------- d-----w- C:\morgane
2010-10-11 12:45 . 2010-10-11 12:50 -------- d-----w- c:\program files\Ad-Remover
2010-10-11 11:29 . 2010-10-11 13:19 -------- d-----w- C:\Kill'em
2010-10-11 11:28 . 2010-10-11 13:43 -------- d-----w- c:\program files\List_Kill'em
2010-10-11 09:19 . 2010-10-11 09:19 -------- d-----w- c:\users\Morgane\AppData\Roaming\Malwarebytes
2010-10-11 09:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 09:19 . 2010-10-11 09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 09:19 . 2010-10-11 09:19 -------- d-----w- c:\programdata\Malwarebytes
2010-10-11 09:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-10 22:10 . 2010-10-10 22:10 -------- d-----w- c:\users\Morgane\AppData\Roaming\Sql
2010-10-07 10:27 . 2010-10-07 10:27 -------- d-----w- c:\programdata\ReviverSoft
2010-10-07 10:27 . 2010-10-07 10:30 -------- d-----w- c:\users\Morgane\AppData\Roaming\FMZilla
2010-10-07 10:27 . 2010-10-07 10:27 -------- d-----w- C:\downloads
2010-10-07 10:27 . 2010-10-07 10:28 -------- d-----w- c:\users\Morgane\AppData\Local\OpenCandy
2010-10-07 10:27 . 2010-10-07 10:27 -------- d-----w- c:\users\Morgane\AppData\Roaming\OpenCandy
2010-10-02 12:43 . 2010-10-02 12:43 -------- d-----w- C:\found.000
2010-10-01 12:50 . 2010-10-01 12:50 -------- d-----w- c:\users\Morgane\AppData\Roaming\Leadertech
2010-10-01 12:23 . 2010-10-01 12:23 -------- d-----w- c:\program files\Alcohol Soft
2010-10-01 11:57 . 2010-10-01 12:19 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-01 11:56 . 2010-10-01 11:56 -------- d-----w- c:\users\Morgane\AppData\Roaming\DAEMON Tools Lite
2010-10-01 11:56 . 2010-10-01 11:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-10-01 11:54 . 2010-10-01 11:54 -------- d-----w- c:\programdata\Driver Mender
2010-09-30 16:23 . 2008-07-30 04:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-09-30 16:22 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-09-29 07:44 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 19:48 . 2010-09-28 19:50 -------- d-----w- C:\FLP
2010-09-28 16:10 . 2010-10-05 17:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-21 17:16 . 2010-10-10 22:21 -------- d-----w- c:\programdata\Norton
2010-09-21 17:16 . 2010-10-10 22:21 -------- d-----w- c:\programdata\Symantec
2010-09-21 14:15 . 2010-09-21 14:15 -------- d-----w- c:\windows\system32\Adobe
2010-09-17 16:17 . 2010-09-17 16:17 -------- d-----w- c:\users\Morgane\AppData\Local\Mozilla
2010-09-16 13:50 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 13:49 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 13:49 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 13:44 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-16 13:43 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-08-01 2515552]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-08-01 23:23 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-08-01 2515552]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-08-01 2515552]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-08 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-09 319792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-02-17 3738856]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-8 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-08 20:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-22 30192]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 436792]
S1 aswSP;avast! Self Protection; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
Contenu du dossier 'Tâches planifiées'
2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:22]
2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\users\Morgane\AppData\Roaming\Mozilla\Firefox\Profiles\l86koca1.default\
FF - prefs.js: browser.startup.homepage - hxxp://WWW.GOOGLE.FR
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-10-11 18:11:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-11 16:11
ComboFix2.txt 2010-10-11 15:13
Avant-CF: 34 656 927 744 octets libres
Après-CF: 34 547 273 728 octets libres
- - End Of File - - 53FA7B87099C627FCEAED8C68A5CD54B
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
