À l'aide. Infecté par malwares (je crois)...
Résolu
BibiRouge
Messages postés
20
Date d'inscription
Statut
Membre
Dernière intervention
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Cela fait quelque temps que je suis infecté. J'ai essayer de trouver des solutions sur internet, j'ai téléchargé Malwarebytes, cclener, et autres, mais, bien qu'à chaque fois ça a aidé un peu, rien n'a éliminer les problèmes. Je n'arrive plus à mettre à jour mon antivirus (eTrust) ni à mettre à jour Windows.
Si quelqu'un pourrait m'aider, j'apprécierais !
Voici mon rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:30, on 2011-03-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\mshta.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ws&s={searchTerms}&f=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=0061215
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Service RPC eTrust ITM (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: Service en temps réel eTrust ITM (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: Service des jobs eTrust ITM (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
Cela fait quelque temps que je suis infecté. J'ai essayer de trouver des solutions sur internet, j'ai téléchargé Malwarebytes, cclener, et autres, mais, bien qu'à chaque fois ça a aidé un peu, rien n'a éliminer les problèmes. Je n'arrive plus à mettre à jour mon antivirus (eTrust) ni à mettre à jour Windows.
Si quelqu'un pourrait m'aider, j'apprécierais !
Voici mon rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:30, on 2011-03-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\mshta.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ws&s={searchTerms}&f=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=0061215
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Service RPC eTrust ITM (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: Service en temps réel eTrust ITM (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: Service des jobs eTrust ITM (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
A voir également:
- À l'aide. Infecté par malwares (je crois)...
- Anti malwares - Télécharger - Antivirus & Antimalwares
- A quoi sert un tableau croisé dynamique - Guide
- Supprimer les malwares - Guide
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. ✓ - Forum Antivirus
32 réponses
Okey, on va faire le ménage.
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite j'aimerais vérifier un truc:
▶ Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau
▶ Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
dessus, et sur exécuter en tant qu'administrateur)
▶ Clique sur Start Scan
▶ Si l'outil a trouvé des éléments, choisi Cure,
puis sur Reboot Now
▶ Le PC va redémarrer, et un rapport va s'ouvrir
▶ Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
N° de version_Date_Heure_log.txt)
++
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
KillAll:: :File c:\documents and settings\Yvette\Application Data\*.bat c:\documents and settings\Yvette\Application Data\*.js C:\Hijackthis
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite j'aimerais vérifier un truc:
▶ Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau
▶ Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
dessus, et sur exécuter en tant qu'administrateur)
▶ Clique sur Start Scan
▶ Si l'outil a trouvé des éléments, choisi Cure,
puis sur Reboot Now
▶ Le PC va redémarrer, et un rapport va s'ouvrir
▶ Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
N° de version_Date_Heure_log.txt)
++
Salut :)
Hijackthis est obsolète par contre j ai cru voir l'adware bandoo ! c est un publiciel !
▶ Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )
/!\ Ferme toutes applications en cours /!\
▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
▶ Sur la page, clique sur le bouton « Nettoyer »
▶ Confirme lancement du scan
▶ Laisse travailler l'outil.
▶ Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Pour un diagnostic beaucoup plus complet:
▶ Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
▶ Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
▶ Lance OTL
▶ Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
▶ Clique sur le bouton Analyse.
▶ Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
@+
Hijackthis est obsolète par contre j ai cru voir l'adware bandoo ! c est un publiciel !
▶ Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )
/!\ Ferme toutes applications en cours /!\
▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
▶ Sur la page, clique sur le bouton « Nettoyer »
▶ Confirme lancement du scan
▶ Laisse travailler l'outil.
▶ Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Pour un diagnostic beaucoup plus complet:
▶ Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
▶ Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
▶ Lance OTL
▶ Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %temp%\.exe /s %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav /md5start explorer.exe winlogon.exe wininit.exe /md5stop CREATERESTOREPOINT nslookup www.google.fr /c
▶ Clique sur le bouton Analyse.
▶ Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
@+
Bonjour juju666,
Alors, voilà d'abord pour AD Remover, voici le log:
======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:36:04 on 08/03/2011, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
BibiRouge ( )
============== ACTION(S) ==============
(!) -- Temporary files deleted.
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
Key deleted: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key deleted: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key deleted: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key deleted: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key deleted: HKLM\Software\Classes\BandooCore.BandooCore
Key deleted: HKLM\Software\Classes\BandooCore.BandooCore.1
Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr
Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr
Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr
Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Key deleted: HKLM\Software\Classes\AppID\BandooCore.EXE
Key deleted: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key deleted: HKLM\Software\bandoo
Key deleted: HKU\.DEFAULT\Software\DataMngr
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.0.3 (fr)] ****
Searchplugins\fcmdSrchws.xml (hxxp://start.facemoods.com/?a=ws&f=4&q={searchTerms}/)
Components\aboutRobots.js
Components\nsPostUpdateWin.js
-- C:\Documents and Settings\BibiRouge\Application Data\Mozilla\FireFox\Profiles\cvf5r5bs.default --
Prefs.js - browser.download.dir, C:\\Documents and Settings\\BibiRouge\\My Documents\\My Received Files
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.3
-- C:\Documents and Settings\Yvette\Application Data\Mozilla\FireFox\Profiles\d7y1czic.default --
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.3
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll) (x)
HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar2user.exe (?)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll) (x)
BHO\{7FF99715-3016-4381-84CE-E4E4C9673020} (?)
BHO\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - "CBrowserHelperObject Object" (C:\Program Files\BAE\BAE.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 13 File(s)
C:\Ad-Report-CLEAN[1].txt - 08/03/2011 11:36:20 (2628 Byte(s))
End at: 11:37:58, 08/03/2011
============== E.O.F ==============
Et voici les liens pour OTL:
OTL.txt
https://pjjoint.malekal.com/files.php?id=e604e379c268
Et Extras.txt
https://pjjoint.malekal.com/files.php?id=f5a7bb45fe1415
Bon je crois que c'est tout.
Merci encore pour ton aide et la rapidité de tes réponses !
Alors, voilà d'abord pour AD Remover, voici le log:
======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:36:04 on 08/03/2011, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
BibiRouge ( )
============== ACTION(S) ==============
(!) -- Temporary files deleted.
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}
Key deleted: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key deleted: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key deleted: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key deleted: HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key deleted: HKLM\Software\Classes\BandooCore.BandooCore
Key deleted: HKLM\Software\Classes\BandooCore.BandooCore.1
Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr
Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr
Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr
Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Key deleted: HKLM\Software\Classes\AppID\BandooCore.EXE
Key deleted: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key deleted: HKLM\Software\bandoo
Key deleted: HKU\.DEFAULT\Software\DataMngr
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [3.0.3 (fr)] ****
Searchplugins\fcmdSrchws.xml (hxxp://start.facemoods.com/?a=ws&f=4&q={searchTerms}/)
Components\aboutRobots.js
Components\nsPostUpdateWin.js
-- C:\Documents and Settings\BibiRouge\Application Data\Mozilla\FireFox\Profiles\cvf5r5bs.default --
Prefs.js - browser.download.dir, C:\\Documents and Settings\\BibiRouge\\My Documents\\My Received Files
Prefs.js - browser.startup.homepage, hxxp://www.google.ca/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.3
-- C:\Documents and Settings\Yvette\Application Data\Mozilla\FireFox\Profiles\d7y1czic.default --
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.3
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll) (x)
HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar2user.exe (?)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll) (x)
BHO\{7FF99715-3016-4381-84CE-E4E4C9673020} (?)
BHO\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - "CBrowserHelperObject Object" (C:\Program Files\BAE\BAE.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 13 File(s)
C:\Ad-Report-CLEAN[1].txt - 08/03/2011 11:36:20 (2628 Byte(s))
End at: 11:37:58, 08/03/2011
============== E.O.F ==============
Et voici les liens pour OTL:
OTL.txt
https://pjjoint.malekal.com/files.php?id=e604e379c268
Et Extras.txt
https://pjjoint.malekal.com/files.php?id=f5a7bb45fe1415
Bon je crois que c'est tout.
Merci encore pour ton aide et la rapidité de tes réponses !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ok vu :)
Tu es infecté d'un rogue (faux logiciel de sécurité) ou étais ?
Télécharge sur le bureau RogueKiller (par tigzy)
▶ Quitte tous tes programmes en cours
▶ Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
▶ Lance RogueKiller.exe.
▶ Lorsque demandé, tape 1 et valide
▶ Si le programme demande pour supprimer le proxy, tape 2 si tu es sûr que ce n'est pas toi qui l'a mis, sinon tape 1
▶ Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
Suivi de:
Attention, avant de commencer, lit attentivement la procédure, et imprime la
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\
tutoriel combofix
▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
▶ /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\
▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
▶ ▶ SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)
▶ Mets-le en langue française F
▶ Tape sur la touche 1 (Yes) pour démarrer le scan.
▶ Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
▶En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
▶ Note : Le rapport se trouve également là : C:\ComboFix.txt
@+
.::. Membre Contributeur Commentçamarche .::.
Tu es infecté d'un rogue (faux logiciel de sécurité) ou étais ?
Télécharge sur le bureau RogueKiller (par tigzy)
▶ Quitte tous tes programmes en cours
▶ Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
▶ Lance RogueKiller.exe.
▶ Lorsque demandé, tape 1 et valide
▶ Si le programme demande pour supprimer le proxy, tape 2 si tu es sûr que ce n'est pas toi qui l'a mis, sinon tape 1
▶ Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
Suivi de:
Attention, avant de commencer, lit attentivement la procédure, et imprime la
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\
tutoriel combofix
▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
▶ /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\
▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
▶ ▶ SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)
▶ Mets-le en langue française F
▶ Tape sur la touche 1 (Yes) pour démarrer le scan.
▶ Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
▶En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
▶ Note : Le rapport se trouve également là : C:\ComboFix.txt
@+
.::. Membre Contributeur Commentçamarche .::.
D'abord, merci pout tout, je peux déjà faire mes Mises à jour Widows ; ) !
Alors, voici déjà le Rogue Killer:
RogueKiller V4.2.0 by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: BibiRouge [Admin rights]
Mode: Scan -- Date : 03/08/2011 13:30:02
Bad processes: 0
Registry Entries: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.8minutedating.com
127.0.0.1 whysohardx.com
127.0.0.1 protectyourpc-11.com
127.0.0.1 checkserverstatux.com
127.0.0.1 xinmin.cn
127.0.0.1 xy95.cn
127.0.0.1 koralda.com
127.0.0.1 weirden.com
127.0.0.1 nanocloudcontroller.com
127.0.0.1 coo0lnet.net
Finished : << RKreport[1].txt >>
RKreport[1].txt
Et voilà pour ComboFix:
ComboFix 11-03-07.07 - BibiRouge 2011-03-08 13:50:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.603 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\BibiRouge\Application Data\facemoods.com
c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4
c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4\enemies-names.txt
c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4\local.ini
c:\documents and settings\NetworkService\Application Data\Adobe\plugs
c:\documents and settings\NetworkService\Application Data\fkNoLR.exe
c:\documents and settings\NetworkService\Application Data\searchqutb
c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini
c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat
c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml
c:\hijackthis\Hijackthis.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\sst12.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 16:02 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 18:41 . 2011-01-31 18:41 73216 ----a-w- c:\windows\system32\drivers\10033.sys
2011-01-26 15:27 . 2011-01-26 15:27 88 ----a-w- C:\asdfasfas.bat
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-HijackThis - c:\hijackthis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 13:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
Heure de fin: 2011-03-08 13:59:04
ComboFix-quarantined-files.txt 2011-03-08 18:58
.
Avant-CF: 58 781 495 296 bytes free
Après-CF: 58 963 312 640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 17D839667B3324113A71D85522656A93
Encore merci, je reste à l'écoute pour savoir si je suis encore infecté...
Alors, voici déjà le Rogue Killer:
RogueKiller V4.2.0 by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: BibiRouge [Admin rights]
Mode: Scan -- Date : 03/08/2011 13:30:02
Bad processes: 0
Registry Entries: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.8minutedating.com
127.0.0.1 whysohardx.com
127.0.0.1 protectyourpc-11.com
127.0.0.1 checkserverstatux.com
127.0.0.1 xinmin.cn
127.0.0.1 xy95.cn
127.0.0.1 koralda.com
127.0.0.1 weirden.com
127.0.0.1 nanocloudcontroller.com
127.0.0.1 coo0lnet.net
Finished : << RKreport[1].txt >>
RKreport[1].txt
Et voilà pour ComboFix:
ComboFix 11-03-07.07 - BibiRouge 2011-03-08 13:50:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.603 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\BibiRouge\Application Data\facemoods.com
c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4
c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4\enemies-names.txt
c:\documents and settings\NetworkService\Application Data\6AA93898BFA8330091181D6BD72495D4\local.ini
c:\documents and settings\NetworkService\Application Data\Adobe\plugs
c:\documents and settings\NetworkService\Application Data\fkNoLR.exe
c:\documents and settings\NetworkService\Application Data\searchqutb
c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini
c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat
c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml
c:\hijackthis\Hijackthis.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\sst12.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 16:02 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 18:41 . 2011-01-31 18:41 73216 ----a-w- c:\windows\system32\drivers\10033.sys
2011-01-26 15:27 . 2011-01-26 15:27 88 ----a-w- C:\asdfasfas.bat
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-HijackThis - c:\hijackthis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 13:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
Heure de fin: 2011-03-08 13:59:04
ComboFix-quarantined-files.txt 2011-03-08 18:58
.
Avant-CF: 58 781 495 296 bytes free
Après-CF: 58 963 312 640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 17D839667B3324113A71D85522656A93
Encore merci, je reste à l'écoute pour savoir si je suis encore infecté...
Ouais t'es même TRES infecté.
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
CE SCRIPT A ETE REDIGE POUR CET INTERNAUTE, NE PAS REPRODUIRE SUR UN AUTRE ORDINATEUR !!!
▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
CE SCRIPT A ETE REDIGE POUR CET INTERNAUTE, NE PAS REPRODUIRE SUR UN AUTRE ORDINATEUR !!!
▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
KillAll:: FCopy:: c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe | c:\windows\System32\spoolsv.exe File:: C:\Hijackthis c:\windows\system32\drivers\10033.sys C:\asdfasfas.bat
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite:
▶ Rentre dans ton panneau de configuration....
▶ Apparence et personnalisation...
▶ Option des dossiers...(double cliquer dessus)
▶ Dans l'onglet affichage un peu plus bas où il est indiqué "Afficher les dossiers et fichiers cachés": Coche cette option
▶ Encore plus bas : Masquer les fichiers protégés du système d'exploitation (recommandé) : à décocher.
▶ ▶ ensuite rends toi sur ce lien:
https://www.virustotal.com/gui/
(si virustotal ne fonctionne pas: https://virusscan.jotti.org/fr
▶ Là où il est indiqué "envoyer le fichier", Clique sur "parcourir"
recherche les entrées suivante dans ton disque :
▶ Si une fenêtre apparait disant, "Le fichier à déjà été Analysé", Alors clique sur Réanalyser le fichier maintenant
▶ Copie et colle le lien de ta barre d'adresse ici, après que l'analyse soit terminée
▶ Rentre dans ton panneau de configuration....
▶ Apparence et personnalisation...
▶ Option des dossiers...(double cliquer dessus)
▶ Dans l'onglet affichage un peu plus bas où il est indiqué "Afficher les dossiers et fichiers cachés": Coche cette option
▶ Encore plus bas : Masquer les fichiers protégés du système d'exploitation (recommandé) : à décocher.
▶ ▶ ensuite rends toi sur ce lien:
https://www.virustotal.com/gui/
(si virustotal ne fonctionne pas: https://virusscan.jotti.org/fr
▶ Là où il est indiqué "envoyer le fichier", Clique sur "parcourir"
recherche les entrées suivante dans ton disque :
c:\documents and settings\NetworkService\Application Data\6611.bat
▶ Si une fenêtre apparait disant, "Le fichier à déjà été Analysé", Alors clique sur Réanalyser le fichier maintenant
▶ Copie et colle le lien de ta barre d'adresse ici, après que l'analyse soit terminée
Voilà déjà le ComboFix:
ComboFix 11-03-08.01 - BibiRouge 2011-03-08 14:40:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.538 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"C:\asdfasfas.bat"
"C:\Hijackthis"
"c:\windows\system32\drivers\10033.sys"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\asdfasfas.bat
c:\windows\system32\drivers\10033.sys
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 16:02 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 14:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Heure de fin: 2011-03-08 14:48:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-08 19:48
ComboFix2.txt 2011-03-08 18:59
.
Avant-CF: 58 956 877 824 bytes free
Après-CF: 58 947 092 480 bytes free
.
- - End Of File - - E2281C69DAF7CE38ECE3805D67BA3F19
Et je m'y met pour le control panel !
Merci encore !
ComboFix 11-03-08.01 - BibiRouge 2011-03-08 14:40:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.538 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"C:\asdfasfas.bat"
"C:\Hijackthis"
"c:\windows\system32\drivers\10033.sys"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\asdfasfas.bat
c:\windows\system32\drivers\10033.sys
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 16:02 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 14:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Heure de fin: 2011-03-08 14:48:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-08 19:48
ComboFix2.txt 2011-03-08 18:59
.
Avant-CF: 58 956 877 824 bytes free
Après-CF: 58 947 092 480 bytes free
.
- - End Of File - - E2281C69DAF7CE38ECE3805D67BA3F19
Et je m'y met pour le control panel !
Merci encore !
Et voilà l'URL de Virus Total:
http://www.virustotal.com/file-scan/report.html?id=17cbd42e2ceadbcdfde0fffe4ba2c844012eb36b877f9f750bd32c622841d168-1299615156
http://www.virustotal.com/file-scan/report.html?id=17cbd42e2ceadbcdfde0fffe4ba2c844012eb36b877f9f750bd32c622841d168-1299615156
Salut !
Alors, pour le ComboFix:
ComboFix 11-03-08.01 - BibiRouge 2011-03-08 15:40:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.420 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-08_18.57.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-08 20:45 . 2011-03-08 20:45 16384 c:\windows\temp\Perflib_Perfdata_e0.dat
+ 2006-10-09 21:12 . 2011-02-04 22:48 291840 c:\windows\system32\dllcache\sbe.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2006-10-09 21:12 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2007-01-19 18:55 . 2011-03-03 00:56 37943240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 15:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Heure de fin: 2011-03-08 15:48:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-08 20:48
ComboFix2.txt 2011-03-08 19:48
ComboFix3.txt 2011-03-08 18:59
.
Avant-CF: 58 813 235 200 bytes free
Après-CF: 58 813 370 368 bytes free
.
- - End Of File - - 367AA348059A979DFA6F5F40BD1D5CE8
Et pour le TDSS Killer
2011/03/08 15:50:45.0796 3636 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/08 15:50:46.0031 3636 ================================================================================
2011/03/08 15:50:46.0031 3636 SystemInfo:
2011/03/08 15:50:46.0031 3636
2011/03/08 15:50:46.0031 3636 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/08 15:50:46.0031 3636 Product type: Workstation
2011/03/08 15:50:46.0031 3636 ComputerName: D2YZJ8C1
2011/03/08 15:50:46.0031 3636 UserName: BibiRouge
2011/03/08 15:50:46.0031 3636 Windows directory: C:\WINDOWS
2011/03/08 15:50:46.0031 3636 System windows directory: C:\WINDOWS
2011/03/08 15:50:46.0031 3636 Processor architecture: Intel x86
2011/03/08 15:50:46.0031 3636 Number of processors: 1
2011/03/08 15:50:46.0031 3636 Page size: 0x1000
2011/03/08 15:50:46.0031 3636 Boot type: Normal boot
2011/03/08 15:50:46.0031 3636 ================================================================================
2011/03/08 15:50:46.0343 3636 Initialize success
2011/03/08 15:50:58.0656 3008 ================================================================================
2011/03/08 15:50:58.0656 3008 Scan started
2011/03/08 15:50:58.0656 3008 Mode: Manual;
2011/03/08 15:50:58.0656 3008 ================================================================================
2011/03/08 15:50:59.0765 3008 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/08 15:50:59.0906 3008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/08 15:50:59.0968 3008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/08 15:51:00.0015 3008 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/08 15:51:00.0109 3008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/08 15:51:00.0234 3008 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/08 15:51:00.0296 3008 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/08 15:51:00.0343 3008 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/08 15:51:00.0406 3008 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/08 15:51:00.0468 3008 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/08 15:51:00.0531 3008 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/08 15:51:00.0609 3008 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/08 15:51:00.0656 3008 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/08 15:51:00.0687 3008 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/08 15:51:00.0796 3008 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/03/08 15:51:00.0843 3008 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/08 15:51:00.0921 3008 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/08 15:51:00.0953 3008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/08 15:51:01.0015 3008 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/08 15:51:01.0125 3008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/08 15:51:01.0234 3008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/08 15:51:01.0312 3008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/08 15:51:01.0375 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/08 15:51:01.0437 3008 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/08 15:51:01.0484 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/08 15:51:01.0578 3008 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/08 15:51:01.0609 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/08 15:51:01.0640 3008 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/08 15:51:01.0718 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/08 15:51:01.0781 3008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/08 15:51:01.0890 3008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/08 15:51:01.0968 3008 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/08 15:51:02.0031 3008 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/08 15:51:02.0109 3008 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/08 15:51:02.0156 3008 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/08 15:51:02.0218 3008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/08 15:51:02.0281 3008 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/03/08 15:51:02.0343 3008 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/03/08 15:51:02.0390 3008 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/03/08 15:51:02.0421 3008 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/03/08 15:51:02.0453 3008 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/03/08 15:51:02.0484 3008 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/03/08 15:51:02.0531 3008 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/03/08 15:51:02.0562 3008 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/03/08 15:51:02.0593 3008 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/03/08 15:51:02.0781 3008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/08 15:51:02.0890 3008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/08 15:51:02.0953 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/08 15:51:03.0046 3008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/08 15:51:03.0125 3008 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/08 15:51:03.0171 3008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/08 15:51:03.0250 3008 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/03/08 15:51:03.0312 3008 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/03/08 15:51:03.0421 3008 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/08 15:51:03.0546 3008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/08 15:51:03.0609 3008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/08 15:51:03.0703 3008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/08 15:51:03.0765 3008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/08 15:51:03.0875 3008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/08 15:51:03.0953 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/08 15:51:04.0031 3008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/08 15:51:04.0125 3008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/08 15:51:04.0187 3008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/08 15:51:04.0250 3008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/08 15:51:04.0312 3008 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/08 15:51:04.0375 3008 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/08 15:51:04.0515 3008 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/08 15:51:04.0625 3008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/08 15:51:04.0687 3008 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/08 15:51:04.0765 3008 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/08 15:51:04.0843 3008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/08 15:51:04.0937 3008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/08 15:51:04.0984 3008 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/08 15:51:05.0062 3008 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
2011/03/08 15:51:05.0171 3008 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
2011/03/08 15:51:05.0250 3008 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/08 15:51:05.0312 3008 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/08 15:51:05.0375 3008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/08 15:51:05.0406 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/08 15:51:05.0437 3008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/08 15:51:05.0484 3008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/08 15:51:05.0578 3008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/08 15:51:05.0640 3008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/08 15:51:05.0718 3008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/08 15:51:05.0765 3008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/08 15:51:05.0796 3008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/08 15:51:05.0875 3008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/08 15:51:05.0984 3008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/08 15:51:06.0093 3008 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/08 15:51:06.0171 3008 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/08 15:51:06.0218 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/08 15:51:06.0281 3008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/08 15:51:06.0328 3008 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/08 15:51:06.0375 3008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/08 15:51:06.0437 3008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/08 15:51:06.0531 3008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/08 15:51:06.0593 3008 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/08 15:51:06.0671 3008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/08 15:51:06.0859 3008 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/08 15:51:06.0937 3008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/08 15:51:07.0000 3008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/08 15:51:07.0046 3008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/08 15:51:07.0109 3008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/08 15:51:07.0203 3008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/08 15:51:07.0312 3008 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/08 15:51:07.0484 3008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/08 15:51:07.0531 3008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/08 15:51:07.0593 3008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/08 15:51:07.0656 3008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/08 15:51:07.0718 3008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/08 15:51:07.0796 3008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/08 15:51:07.0890 3008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/08 15:51:08.0031 3008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/08 15:51:08.0187 3008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/08 15:51:08.0250 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/08 15:51:08.0906 3008 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/08 15:51:10.0062 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/08 15:51:10.0125 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/08 15:51:10.0203 3008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/08 15:51:10.0281 3008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/08 15:51:10.0328 3008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/08 15:51:10.0421 3008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/08 15:51:10.0515 3008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/08 15:51:10.0593 3008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/08 15:51:10.0750 3008 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/08 15:51:10.0828 3008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/08 15:51:10.0921 3008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/08 15:51:10.0968 3008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/08 15:51:11.0031 3008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/08 15:51:11.0078 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/08 15:51:11.0125 3008 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/08 15:51:11.0171 3008 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/08 15:51:11.0218 3008 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/08 15:51:11.0296 3008 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/08 15:51:11.0343 3008 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/08 15:51:11.0390 3008 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/08 15:51:11.0437 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/08 15:51:11.0546 3008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/08 15:51:11.0593 3008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/08 15:51:11.0625 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/08 15:51:11.0718 3008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/08 15:51:11.0750 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/08 15:51:11.0796 3008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/08 15:51:11.0875 3008 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/08 15:51:11.0921 3008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/08 15:51:12.0093 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/08 15:51:12.0156 3008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/08 15:51:12.0234 3008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/08 15:51:12.0296 3008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/08 15:51:12.0390 3008 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/08 15:51:12.0437 3008 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/08 15:51:12.0500 3008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/08 15:51:12.0562 3008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/08 15:51:12.0671 3008 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/08 15:51:12.0890 3008 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/08 15:51:13.0015 3008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/08 15:51:13.0078 3008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/08 15:51:13.0156 3008 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/08 15:51:13.0234 3008 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/08 15:51:13.0359 3008 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/03/08 15:51:13.0421 3008 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/08 15:51:13.0468 3008 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/08 15:51:13.0531 3008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/08 15:51:13.0687 3008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/08 15:51:13.0765 3008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/08 15:51:13.0828 3008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/08 15:51:13.0890 3008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/08 15:51:13.0984 3008 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/08 15:51:14.0062 3008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/08 15:51:14.0093 3008 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/08 15:51:14.0171 3008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/08 15:51:14.0250 3008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/08 15:51:14.0281 3008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/08 15:51:14.0328 3008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/08 15:51:14.0375 3008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/08 15:51:14.0437 3008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/08 15:51:14.0578 3008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/08 15:51:14.0656 3008 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/08 15:51:14.0703 3008 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/08 15:51:14.0812 3008 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/08 15:51:14.0828 3008 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/08 15:51:14.0890 3008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/08 15:51:14.0984 3008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/08 15:51:15.0140 3008 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/08 15:51:15.0328 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/08 15:51:15.0375 3008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/08 15:51:15.0453 3008 ================================================================================
2011/03/08 15:51:15.0453 3008 Scan finished
2011/03/08 15:51:15.0453 3008 ================================================================================
2011/03/08 15:51:15.0453 0788 Detected object count: 1
2011/03/08 15:51:46.0140 0788 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/08 15:51:46.0937 0788 Backup copy found, using it..
2011/03/08 15:51:46.0968 0788 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/03/08 15:51:46.0968 0788 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/03/08 15:51:53.0093 3656 Deinitialize success
Merci pour ton temps !
Alors, pour le ComboFix:
ComboFix 11-03-08.01 - BibiRouge 2011-03-08 15:40:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.420 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-08_18.57.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-08 20:45 . 2011-03-08 20:45 16384 c:\windows\temp\Perflib_Perfdata_e0.dat
+ 2006-10-09 21:12 . 2011-02-04 22:48 291840 c:\windows\system32\dllcache\sbe.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2006-10-09 21:12 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2007-01-19 18:55 . 2011-03-03 00:56 37943240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 15:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Heure de fin: 2011-03-08 15:48:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-08 20:48
ComboFix2.txt 2011-03-08 19:48
ComboFix3.txt 2011-03-08 18:59
.
Avant-CF: 58 813 235 200 bytes free
Après-CF: 58 813 370 368 bytes free
.
- - End Of File - - 367AA348059A979DFA6F5F40BD1D5CE8
Et pour le TDSS Killer
2011/03/08 15:50:45.0796 3636 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/08 15:50:46.0031 3636 ================================================================================
2011/03/08 15:50:46.0031 3636 SystemInfo:
2011/03/08 15:50:46.0031 3636
2011/03/08 15:50:46.0031 3636 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/08 15:50:46.0031 3636 Product type: Workstation
2011/03/08 15:50:46.0031 3636 ComputerName: D2YZJ8C1
2011/03/08 15:50:46.0031 3636 UserName: BibiRouge
2011/03/08 15:50:46.0031 3636 Windows directory: C:\WINDOWS
2011/03/08 15:50:46.0031 3636 System windows directory: C:\WINDOWS
2011/03/08 15:50:46.0031 3636 Processor architecture: Intel x86
2011/03/08 15:50:46.0031 3636 Number of processors: 1
2011/03/08 15:50:46.0031 3636 Page size: 0x1000
2011/03/08 15:50:46.0031 3636 Boot type: Normal boot
2011/03/08 15:50:46.0031 3636 ================================================================================
2011/03/08 15:50:46.0343 3636 Initialize success
2011/03/08 15:50:58.0656 3008 ================================================================================
2011/03/08 15:50:58.0656 3008 Scan started
2011/03/08 15:50:58.0656 3008 Mode: Manual;
2011/03/08 15:50:58.0656 3008 ================================================================================
2011/03/08 15:50:59.0765 3008 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/08 15:50:59.0906 3008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/08 15:50:59.0968 3008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/08 15:51:00.0015 3008 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/08 15:51:00.0109 3008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/08 15:51:00.0234 3008 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/08 15:51:00.0296 3008 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/08 15:51:00.0343 3008 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/08 15:51:00.0406 3008 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/08 15:51:00.0468 3008 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/08 15:51:00.0531 3008 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/08 15:51:00.0609 3008 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/08 15:51:00.0656 3008 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/08 15:51:00.0687 3008 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/08 15:51:00.0796 3008 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/03/08 15:51:00.0843 3008 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/08 15:51:00.0921 3008 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/08 15:51:00.0953 3008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/08 15:51:01.0015 3008 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/08 15:51:01.0125 3008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/08 15:51:01.0234 3008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/08 15:51:01.0312 3008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/08 15:51:01.0375 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/08 15:51:01.0437 3008 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/08 15:51:01.0484 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/08 15:51:01.0578 3008 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/08 15:51:01.0609 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/08 15:51:01.0640 3008 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/08 15:51:01.0718 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/08 15:51:01.0781 3008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/08 15:51:01.0890 3008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/08 15:51:01.0968 3008 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/08 15:51:02.0031 3008 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/08 15:51:02.0109 3008 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/08 15:51:02.0156 3008 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/08 15:51:02.0218 3008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/08 15:51:02.0281 3008 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/03/08 15:51:02.0343 3008 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/03/08 15:51:02.0390 3008 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/03/08 15:51:02.0421 3008 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/03/08 15:51:02.0453 3008 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/03/08 15:51:02.0484 3008 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/03/08 15:51:02.0531 3008 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/03/08 15:51:02.0562 3008 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/03/08 15:51:02.0593 3008 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/03/08 15:51:02.0781 3008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/08 15:51:02.0890 3008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/08 15:51:02.0953 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/08 15:51:03.0046 3008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/08 15:51:03.0125 3008 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/08 15:51:03.0171 3008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/08 15:51:03.0250 3008 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/03/08 15:51:03.0312 3008 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/03/08 15:51:03.0421 3008 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/08 15:51:03.0546 3008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/08 15:51:03.0609 3008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/08 15:51:03.0703 3008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/08 15:51:03.0765 3008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/08 15:51:03.0875 3008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/08 15:51:03.0953 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/08 15:51:04.0031 3008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/08 15:51:04.0125 3008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/08 15:51:04.0187 3008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/08 15:51:04.0250 3008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/08 15:51:04.0312 3008 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/08 15:51:04.0375 3008 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/08 15:51:04.0515 3008 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/08 15:51:04.0625 3008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/08 15:51:04.0687 3008 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/08 15:51:04.0765 3008 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/08 15:51:04.0843 3008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/08 15:51:04.0937 3008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/08 15:51:04.0984 3008 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/08 15:51:05.0062 3008 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
2011/03/08 15:51:05.0171 3008 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
2011/03/08 15:51:05.0250 3008 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/08 15:51:05.0312 3008 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/08 15:51:05.0375 3008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/08 15:51:05.0406 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/08 15:51:05.0437 3008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/08 15:51:05.0484 3008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/08 15:51:05.0578 3008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/08 15:51:05.0640 3008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/08 15:51:05.0718 3008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/08 15:51:05.0765 3008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/08 15:51:05.0796 3008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/08 15:51:05.0875 3008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/08 15:51:05.0984 3008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/08 15:51:06.0093 3008 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/08 15:51:06.0171 3008 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/08 15:51:06.0218 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/08 15:51:06.0281 3008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/08 15:51:06.0328 3008 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/08 15:51:06.0375 3008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/08 15:51:06.0437 3008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/08 15:51:06.0531 3008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/08 15:51:06.0593 3008 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/08 15:51:06.0671 3008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/08 15:51:06.0859 3008 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/08 15:51:06.0937 3008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/08 15:51:07.0000 3008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/08 15:51:07.0046 3008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/08 15:51:07.0109 3008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/08 15:51:07.0203 3008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/08 15:51:07.0312 3008 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/08 15:51:07.0484 3008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/08 15:51:07.0531 3008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/08 15:51:07.0593 3008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/08 15:51:07.0656 3008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/08 15:51:07.0718 3008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/08 15:51:07.0796 3008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/08 15:51:07.0890 3008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/08 15:51:08.0031 3008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/08 15:51:08.0187 3008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/08 15:51:08.0250 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/08 15:51:08.0906 3008 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/08 15:51:10.0062 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/08 15:51:10.0125 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/08 15:51:10.0203 3008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/08 15:51:10.0281 3008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/08 15:51:10.0328 3008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/08 15:51:10.0421 3008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/08 15:51:10.0515 3008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/08 15:51:10.0593 3008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/08 15:51:10.0750 3008 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/08 15:51:10.0828 3008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/08 15:51:10.0921 3008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/08 15:51:10.0968 3008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/08 15:51:11.0031 3008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/08 15:51:11.0078 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/08 15:51:11.0125 3008 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/08 15:51:11.0171 3008 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/08 15:51:11.0218 3008 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/08 15:51:11.0296 3008 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/08 15:51:11.0343 3008 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/08 15:51:11.0390 3008 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/08 15:51:11.0437 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/08 15:51:11.0546 3008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/08 15:51:11.0593 3008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/08 15:51:11.0625 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/08 15:51:11.0718 3008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/08 15:51:11.0750 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/08 15:51:11.0796 3008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/08 15:51:11.0875 3008 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/08 15:51:11.0921 3008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/08 15:51:12.0093 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/08 15:51:12.0156 3008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/08 15:51:12.0234 3008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/08 15:51:12.0296 3008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/08 15:51:12.0390 3008 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/08 15:51:12.0437 3008 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/08 15:51:12.0500 3008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/08 15:51:12.0562 3008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/08 15:51:12.0671 3008 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/08 15:51:12.0890 3008 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/08 15:51:13.0015 3008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/08 15:51:13.0078 3008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/08 15:51:13.0156 3008 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/08 15:51:13.0234 3008 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/08 15:51:13.0359 3008 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/03/08 15:51:13.0421 3008 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/08 15:51:13.0468 3008 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/08 15:51:13.0531 3008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/08 15:51:13.0687 3008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/08 15:51:13.0765 3008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/08 15:51:13.0828 3008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/08 15:51:13.0890 3008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/08 15:51:13.0984 3008 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/08 15:51:14.0062 3008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/08 15:51:14.0093 3008 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/08 15:51:14.0171 3008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/08 15:51:14.0250 3008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/08 15:51:14.0281 3008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/08 15:51:14.0328 3008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/08 15:51:14.0375 3008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/08 15:51:14.0437 3008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/08 15:51:14.0578 3008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/08 15:51:14.0656 3008 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/08 15:51:14.0703 3008 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/08 15:51:14.0812 3008 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/08 15:51:14.0828 3008 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/08 15:51:14.0890 3008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/08 15:51:14.0984 3008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/08 15:51:15.0140 3008 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/08 15:51:15.0328 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/08 15:51:15.0375 3008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/08 15:51:15.0453 3008 ================================================================================
2011/03/08 15:51:15.0453 3008 Scan finished
2011/03/08 15:51:15.0453 3008 ================================================================================
2011/03/08 15:51:15.0453 0788 Detected object count: 1
2011/03/08 15:51:46.0140 0788 VolSnap (7d6322d2567d94acf1e8c4b79ea1c880) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/08 15:51:46.0937 0788 Backup copy found, using it..
2011/03/08 15:51:46.0968 0788 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/03/08 15:51:46.0968 0788 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/03/08 15:51:53.0093 3656 Deinitialize success
Merci pour ton temps !
Recommence ça: https://forums.commentcamarche.net/forum/affich-21118852-a-l-aide-infecte-par-malwares-je-crois#11
Juste le CFScript, plus TDSS Killer.
ça a foiré.
Juste le CFScript, plus TDSS Killer.
ça a foiré.
OK, voici le ComboFix bis:
ComboFix 11-03-08.02 - BibiRouge 2011-03-08 16:37:29.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.555 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 20:52 . 2005-08-16 10:18 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 15:15 . 2005-08-16 10:18 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2005-08-16 10:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2005-08-16 10:18 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Heure de fin: 2011-03-08 16:46:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-08 21:46
ComboFix2.txt 2011-03-08 20:48
ComboFix3.txt 2011-03-08 19:48
ComboFix4.txt 2011-03-08 18:59
.
Avant-CF: 58 589 298 688 bytes free
Après-CF: 58 575 511 552 bytes free
.
- - End Of File - - B8DD279240CDE887079E54EDC9DBBAA1
J'espère que ça a fonctionné cette fois O_o
ComboFix 11-03-08.02 - BibiRouge 2011-03-08 16:37:29.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.555 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-08 au 2011-03-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 22:18 . 2011-02-10 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6611.bat
2011-02-10 22:18 . 2011-02-10 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
2011-02-10 21:27 . 2011-02-10 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4150.bat
2011-02-10 21:27 . 2011-02-10 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\HQClmm.js
2011-02-10 21:18 . 2011-02-10 21:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\517.bat
2011-02-10 21:18 . 2011-02-10 21:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
2011-02-10 20:27 . 2011-02-10 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1838.bat
2011-02-10 20:27 . 2011-02-10 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
2011-02-10 20:19 . 2011-02-10 20:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8774.bat
2011-02-10 20:19 . 2011-02-10 20:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\skd19sWx.js
2011-02-10 19:27 . 2011-02-10 19:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\115.bat
2011-02-10 19:27 . 2011-02-10 19:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\xcT9U.js
2011-02-10 19:18 . 2011-02-10 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2556.bat
2011-02-10 19:18 . 2011-02-10 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\OTve6mO.js
2011-02-10 18:27 . 2011-02-10 18:27 179 ----a-w- c:\documents and settings\NetworkService\Application Data\928.bat
2011-02-10 18:27 . 2011-02-10 18:27 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\ngOxj.js
2011-02-10 18:18 . 2011-02-10 18:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\2692.bat
2011-02-10 18:18 . 2011-02-10 18:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
2011-02-10 17:27 . 2011-02-10 17:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\3148.bat
2011-02-10 17:27 . 2011-02-10 17:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\dH2Pv.js
2011-02-10 17:19 . 2011-02-10 17:19 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3797.bat
2011-02-10 17:19 . 2011-02-10 17:19 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\krWEFc.js
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-10 16:27 . 2011-02-10 16:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\3960.bat
2011-02-10 16:27 . 2011-02-10 16:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\FAdO5.js
2011-02-10 16:18 . 2011-02-10 16:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\729.bat
2011-02-10 16:18 . 2011-02-10 16:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\E62LaWk.js
2011-02-09 23:18 . 2011-02-09 23:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2768.bat
2011-02-09 23:18 . 2011-02-09 23:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
2011-02-09 22:27 . 2011-02-09 22:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5363.bat
2011-02-09 22:27 . 2011-02-09 22:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
2011-02-09 22:18 . 2011-02-09 22:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\3034.bat
2011-02-09 22:18 . 2011-02-09 22:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:33 . 2011-02-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\hLdLkOe03100
2011-02-09 20:27 . 2011-02-09 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\1842.bat
2011-02-09 20:27 . 2011-02-09 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 20:18 . 2011-02-09 20:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\3861.bat
2011-02-09 20:18 . 2011-02-09 20:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\ao25uY.js
2011-02-09 19:12 . 2011-02-09 19:12 189 ----a-w- c:\documents and settings\NetworkService\Application Data\4.bat
2011-02-09 19:12 . 2011-02-09 19:12 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9430.bat
2011-02-09 18:29 . 2011-02-09 18:29 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
2011-02-09 18:29 . 2011-02-09 18:29 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\ikpNOW.js
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:27 . 2011-02-09 17:27 189 ----a-w- c:\documents and settings\NetworkService\Application Data\8819.bat
2011-02-09 17:27 . 2011-02-09 17:27 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\M87LF.js
2011-02-09 17:18 . 2011-02-09 17:18 183 ----a-w- c:\documents and settings\NetworkService\Application Data\105.bat
2011-02-09 17:18 . 2011-02-09 17:18 15202 ----a-w- c:\documents and settings\NetworkService\Application Data\eJE1O.js
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-09 16:27 . 2011-02-09 16:27 169 ----a-w- c:\documents and settings\Yvette\Application Data\1532.bat
2011-02-09 16:27 . 2011-02-09 16:27 15203 ----a-w- c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
2011-02-09 16:18 . 2011-02-09 16:18 173 ----a-w- c:\documents and settings\Yvette\Application Data\9448.bat
2011-02-09 16:18 . 2011-02-09 16:18 15205 ----a-w- c:\documents and settings\Yvette\Application Data\go1lGALDP.js
2011-02-09 15:27 . 2011-02-09 15:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\6137.bat
2011-02-09 15:27 . 2011-02-09 15:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
2011-02-09 15:18 . 2011-02-09 15:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6628.bat
2011-02-09 15:18 . 2011-02-09 15:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
2011-02-07 22:27 . 2011-02-07 22:27 187 ----a-w- c:\documents and settings\NetworkService\Application Data\9327.bat
2011-02-07 22:27 . 2011-02-07 22:27 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
2011-02-07 22:18 . 2011-02-07 22:18 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2786.bat
2011-02-07 22:18 . 2011-02-07 22:18 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
2011-02-07 21:27 . 2011-02-07 21:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\6699.bat
2011-02-07 21:27 . 2011-02-07 21:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
2011-02-07 21:18 . 2011-02-07 21:18 189 ----a-w- c:\documents and settings\NetworkService\Application Data\784.bat
2011-02-07 21:18 . 2011-02-07 21:18 15205 ----a-w- c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
2011-02-07 20:27 . 2011-02-07 20:27 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4826.bat
2011-02-07 20:27 . 2011-02-07 20:27 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\IzNfYS.js
2011-02-07 20:18 . 2011-02-07 20:18 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7826.bat
2011-02-07 20:18 . 2011-02-07 20:18 15204 ----a-w- c:\documents and settings\NetworkService\Application Data\SMa08V.js
2011-02-07 19:27 . 2011-02-07 19:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\5507.bat
2011-02-07 19:27 . 2011-02-07 19:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\c8GTP.js
2011-02-07 19:18 . 2011-02-07 19:18 181 ----a-w- c:\documents and settings\NetworkService\Application Data\4102.bat
2011-02-07 19:18 . 2011-02-07 19:18 15201 ----a-w- c:\documents and settings\NetworkService\Application Data\BA3mY.js
2011-02-07 18:27 . 2011-02-07 18:27 185 ----a-w- c:\documents and settings\NetworkService\Application Data\8189.bat
2011-02-07 18:27 . 2011-02-07 18:27 15203 ----a-w- c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
2011-02-07 18:18 . 2011-02-07 18:18 179 ----a-w- c:\documents and settings\NetworkService\Application Data\7674.bat
2011-02-07 18:18 . 2011-02-07 18:18 15200 ----a-w- c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
2011-02-07 16:51 . 2011-02-07 16:51 15205 ----a-w- c:\documents and settings\LocalService\Application Data\MbBHPA.js
2011-02-07 16:51 . 2011-02-07 16:51 15204 ----a-w- c:\documents and settings\LocalService\Application Data\OgyAB.js
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 20:52 . 2005-08-16 10:18 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 15:15 . 2005-08-16 10:18 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2005-08-16 10:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2005-08-16 10:18 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S0 rvyakrwqr;rvyakrwqr; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Heure de fin: 2011-03-08 16:46:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-08 21:46
ComboFix2.txt 2011-03-08 20:48
ComboFix3.txt 2011-03-08 19:48
ComboFix4.txt 2011-03-08 18:59
.
Avant-CF: 58 589 298 688 bytes free
Après-CF: 58 575 511 552 bytes free
.
- - End Of File - - B8DD279240CDE887079E54EDC9DBBAA1
J'espère que ça a fonctionné cette fois O_o
Bon me revoilà j'ai buggué :\
Demain tu feras ça (si ça marche toujours pas ! je comprends pas...)
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
:) ++
Demain tu feras ça (si ça marche toujours pas ! je comprends pas...)
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
▶ Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
KillAll::
FILE::
c:\documents and settings\NetworkService\Application Data\6611.bat
c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
c:\documents and settings\NetworkService\Application Data\4150.bat
c:\documents and settings\NetworkService\Application Data\HQClmm.js
c:\documents and settings\NetworkService\Application Data\517.bat
c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
c:\documents and settings\NetworkService\Application Data\1838.bat
c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
c:\documents and settings\NetworkService\Application Data\8774.bat
c:\documents and settings\NetworkService\Application Data\skd19sWx.js
c:\documents and settings\NetworkService\Application Data\115.bat
c:\documents and settings\NetworkService\Application Data\xcT9U.js
c:\documents and settings\NetworkService\Application Data\2556.bat
c:\documents and settings\NetworkService\Application Data\OTve6mO.js
c:\documents and settings\NetworkService\Application Data\928.bat
c:\documents and settings\NetworkService\Application Data\ngOxj.js
c:\documents and settings\NetworkService\Application Data\2692.bat
c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
c:\documents and settings\NetworkService\Application Data\3148.bat
c:\documents and settings\NetworkService\Application Data\dH2Pv.js
c:\documents and settings\NetworkService\Application Data\3797.bat
c:\documents and settings\NetworkService\Application Data\krWEFc.js
c:\documents and settings\NetworkService\Application Data\3960.bat
c:\documents and settings\NetworkService\Application Data\FAdO5.js
c:\documents and settings\NetworkService\Application Data\729.bat
c:\documents and settings\NetworkService\Application Data\E62LaWk.js
c:\documents and settings\NetworkService\Application Data\2768.bat
c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
c:\documents and settings\NetworkService\Application Data\5363.bat
c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
c:\documents and settings\NetworkService\Application Data\3034.bat
c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
c:\documents and settings\NetworkService\Application Data\1842.bat
c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
c:\documents and settings\NetworkService\Application Data\3861.bat
c:\documents and settings\NetworkService\Application Data\ao25uY.js
c:\documents and settings\NetworkService\Application Data\4.bat
c:\documents and settings\NetworkService\Application Data\9430.bat
c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
c:\documents and settings\NetworkService\Application Data\ikpNOW.js
c:\documents and settings\NetworkService\Application Data\8819.bat
c:\documents and settings\NetworkService\Application Data\M87LF.js
c:\documents and settings\NetworkService\Application Data\105.bat
c:\documents and settings\NetworkService\Application Data\eJE1O.js
c:\documents and settings\Yvette\Application Data\1532.bat
c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
c:\documents and settings\Yvette\Application Data\9448.bat
c:\documents and settings\Yvette\Application Data\go1lGALDP.js
c:\documents and settings\NetworkService\Application Data\6137.bat
c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
c:\documents and settings\NetworkService\Application Data\6628.bat
c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
c:\documents and settings\NetworkService\Application Data\9327.bat
c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
c:\documents and settings\NetworkService\Application Data\2786.bat
c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
c:\documents and settings\NetworkService\Application Data\6699.bat
c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
c:\documents and settings\NetworkService\Application Data\784.bat
c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
c:\documents and settings\NetworkService\Application Data\4826.bat
c:\documents and settings\NetworkService\Application Data\IzNfYS.js
c:\documents and settings\NetworkService\Application Data\7826.bat
c:\documents and settings\NetworkService\Application Data\SMa08V.js
c:\documents and settings\NetworkService\Application Data\5507.bat
c:\documents and settings\NetworkService\Application Data\c8GTP.js
c:\documents and settings\NetworkService\Application Data\4102.bat
c:\documents and settings\NetworkService\Application Data\BA3mY.js
c:\documents and settings\NetworkService\Application Data\8189.bat
c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
c:\documents and settings\NetworkService\Application Data\7674.bat
c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
c:\documents and settings\LocalService\Application Data\MbBHPA.js
c:\documents and settings\LocalService\Application Data\OgyAB.js
Folder::
c:\documents and settings\All Users\Application Data\hLdLkOe03100
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"SigmatelSysTrayApp"=-
"Adobe Reader Speed Launcher"=-
Driver::
rvyakrwqr
Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
:) ++
Je crois que ça a marché cette fois, il a eu l'air d'effecer ce qu'on lui demandait:
ComboFix 11-03-08.08 - BibiRouge 2011-03-09 10:30:17.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.526 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\documents and settings\LocalService\Application Data\MbBHPA.js"
"c:\documents and settings\LocalService\Application Data\OgyAB.js"
"c:\documents and settings\NetworkService\Application Data\105.bat"
"c:\documents and settings\NetworkService\Application Data\115.bat"
"c:\documents and settings\NetworkService\Application Data\1838.bat"
"c:\documents and settings\NetworkService\Application Data\1842.bat"
"c:\documents and settings\NetworkService\Application Data\2556.bat"
"c:\documents and settings\NetworkService\Application Data\2692.bat"
"c:\documents and settings\NetworkService\Application Data\2768.bat"
"c:\documents and settings\NetworkService\Application Data\2786.bat"
"c:\documents and settings\NetworkService\Application Data\3034.bat"
"c:\documents and settings\NetworkService\Application Data\3148.bat"
"c:\documents and settings\NetworkService\Application Data\3797.bat"
"c:\documents and settings\NetworkService\Application Data\3861.bat"
"c:\documents and settings\NetworkService\Application Data\3960.bat"
"c:\documents and settings\NetworkService\Application Data\4.bat"
"c:\documents and settings\NetworkService\Application Data\4102.bat"
"c:\documents and settings\NetworkService\Application Data\4150.bat"
"c:\documents and settings\NetworkService\Application Data\4826.bat"
"c:\documents and settings\NetworkService\Application Data\517.bat"
"c:\documents and settings\NetworkService\Application Data\5363.bat"
"c:\documents and settings\NetworkService\Application Data\5507.bat"
"c:\documents and settings\NetworkService\Application Data\6137.bat"
"c:\documents and settings\NetworkService\Application Data\6611.bat"
"c:\documents and settings\NetworkService\Application Data\6628.bat"
"c:\documents and settings\NetworkService\Application Data\6699.bat"
"c:\documents and settings\NetworkService\Application Data\729.bat"
"c:\documents and settings\NetworkService\Application Data\7674.bat"
"c:\documents and settings\NetworkService\Application Data\7826.bat"
"c:\documents and settings\NetworkService\Application Data\784.bat"
"c:\documents and settings\NetworkService\Application Data\8189.bat"
"c:\documents and settings\NetworkService\Application Data\8774.bat"
"c:\documents and settings\NetworkService\Application Data\8819.bat"
"c:\documents and settings\NetworkService\Application Data\928.bat"
"c:\documents and settings\NetworkService\Application Data\9327.bat"
"c:\documents and settings\NetworkService\Application Data\9430.bat"
"c:\documents and settings\NetworkService\Application Data\a2oxcIs.js"
"c:\documents and settings\NetworkService\Application Data\ao25uY.js"
"c:\documents and settings\NetworkService\Application Data\BA3mY.js"
"c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js"
"c:\documents and settings\NetworkService\Application Data\c8GTP.js"
"c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js"
"c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js"
"c:\documents and settings\NetworkService\Application Data\dH2Pv.js"
"c:\documents and settings\NetworkService\Application Data\E62LaWk.js"
"c:\documents and settings\NetworkService\Application Data\eJE1O.js"
"c:\documents and settings\NetworkService\Application Data\eUrKaZW.js"
"c:\documents and settings\NetworkService\Application Data\FAdO5.js"
"c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js"
"c:\documents and settings\NetworkService\Application Data\HnsXUleV.js"
"c:\documents and settings\NetworkService\Application Data\HQClmm.js"
"c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js"
"c:\documents and settings\NetworkService\Application Data\ikpNOW.js"
"c:\documents and settings\NetworkService\Application Data\IzNfYS.js"
"c:\documents and settings\NetworkService\Application Data\krWEFc.js"
"c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js"
"c:\documents and settings\NetworkService\Application Data\M87LF.js"
"c:\documents and settings\NetworkService\Application Data\ngOxj.js"
"c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js"
"c:\documents and settings\NetworkService\Application Data\OTve6mO.js"
"c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js"
"c:\documents and settings\NetworkService\Application Data\skd19sWx.js"
"c:\documents and settings\NetworkService\Application Data\SMa08V.js"
"c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js"
"c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js"
"c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js"
"c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js"
"c:\documents and settings\NetworkService\Application Data\wKigw4uK.js"
"c:\documents and settings\NetworkService\Application Data\xcT9U.js"
"c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js"
"c:\documents and settings\Yvette\Application Data\1532.bat"
"c:\documents and settings\Yvette\Application Data\9448.bat"
"c:\documents and settings\Yvette\Application Data\go1lGALDP.js"
"c:\documents and settings\Yvette\Application Data\rkolud8nJ.js"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hLdLkOe03100
c:\documents and settings\All Users\Application Data\hLdLkOe03100\hLdLkOe03100
c:\documents and settings\LocalService\Application Data\MbBHPA.js
c:\documents and settings\LocalService\Application Data\OgyAB.js
c:\documents and settings\NetworkService\Application Data\105.bat
c:\documents and settings\NetworkService\Application Data\115.bat
c:\documents and settings\NetworkService\Application Data\1838.bat
c:\documents and settings\NetworkService\Application Data\1842.bat
c:\documents and settings\NetworkService\Application Data\2556.bat
c:\documents and settings\NetworkService\Application Data\2692.bat
c:\documents and settings\NetworkService\Application Data\2768.bat
c:\documents and settings\NetworkService\Application Data\2786.bat
c:\documents and settings\NetworkService\Application Data\3034.bat
c:\documents and settings\NetworkService\Application Data\3148.bat
c:\documents and settings\NetworkService\Application Data\3797.bat
c:\documents and settings\NetworkService\Application Data\3861.bat
c:\documents and settings\NetworkService\Application Data\3960.bat
c:\documents and settings\NetworkService\Application Data\4.bat
c:\documents and settings\NetworkService\Application Data\4102.bat
c:\documents and settings\NetworkService\Application Data\4150.bat
c:\documents and settings\NetworkService\Application Data\4826.bat
c:\documents and settings\NetworkService\Application Data\517.bat
c:\documents and settings\NetworkService\Application Data\5363.bat
c:\documents and settings\NetworkService\Application Data\5507.bat
c:\documents and settings\NetworkService\Application Data\6137.bat
c:\documents and settings\NetworkService\Application Data\6611.bat
c:\documents and settings\NetworkService\Application Data\6628.bat
c:\documents and settings\NetworkService\Application Data\6699.bat
c:\documents and settings\NetworkService\Application Data\729.bat
c:\documents and settings\NetworkService\Application Data\7674.bat
c:\documents and settings\NetworkService\Application Data\7826.bat
c:\documents and settings\NetworkService\Application Data\784.bat
c:\documents and settings\NetworkService\Application Data\8189.bat
c:\documents and settings\NetworkService\Application Data\8774.bat
c:\documents and settings\NetworkService\Application Data\8819.bat
c:\documents and settings\NetworkService\Application Data\928.bat
c:\documents and settings\NetworkService\Application Data\9327.bat
c:\documents and settings\NetworkService\Application Data\9430.bat
c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
c:\documents and settings\NetworkService\Application Data\ao25uY.js
c:\documents and settings\NetworkService\Application Data\BA3mY.js
c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
c:\documents and settings\NetworkService\Application Data\c8GTP.js
c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
c:\documents and settings\NetworkService\Application Data\dH2Pv.js
c:\documents and settings\NetworkService\Application Data\E62LaWk.js
c:\documents and settings\NetworkService\Application Data\eJE1O.js
c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
c:\documents and settings\NetworkService\Application Data\FAdO5.js
c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
c:\documents and settings\NetworkService\Application Data\HQClmm.js
c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
c:\documents and settings\NetworkService\Application Data\ikpNOW.js
c:\documents and settings\NetworkService\Application Data\IzNfYS.js
c:\documents and settings\NetworkService\Application Data\krWEFc.js
c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
c:\documents and settings\NetworkService\Application Data\M87LF.js
c:\documents and settings\NetworkService\Application Data\ngOxj.js
c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
c:\documents and settings\NetworkService\Application Data\OTve6mO.js
c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
c:\documents and settings\NetworkService\Application Data\skd19sWx.js
c:\documents and settings\NetworkService\Application Data\SMa08V.js
c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
c:\documents and settings\NetworkService\Application Data\xcT9U.js
c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
c:\documents and settings\Yvette\Application Data\1532.bat
c:\documents and settings\Yvette\Application Data\9448.bat
c:\documents and settings\Yvette\Application Data\go1lGALDP.js
c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RVYAKRWQR
-------\Service_rvyakrwqr
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-09 au 2011-03-09 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 20:52 . 2005-08-16 10:18 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-08-16 10:18 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-08_18.57.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-09 15:35 . 2011-03-09 15:35 16384 c:\windows\temp\Perflib_Perfdata_6b0.dat
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2005-08-16 10:18 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2005-08-16 10:18 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
- 2005-08-16 10:27 . 2010-12-20 18:10 294072 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 10:27 . 2011-03-08 22:13 294072 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
+ 2006-10-09 21:12 . 2011-02-04 22:48 291840 c:\windows\system32\dllcache\sbe.dll
+ 2005-08-16 10:18 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2005-08-16 10:18 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2005-08-16 10:18 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2006-10-09 21:12 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
- 2010-10-28 13:13 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-10-28 13:13 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2005-08-16 10:18 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2005-08-16 10:18 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2005-08-16 10:18 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2005-08-16 10:18 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2008-10-16 17:30 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-01-19 18:55 . 2011-03-03 00:56 37943240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2011-03-09 10:39:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-09 15:39
ComboFix2.txt 2011-03-08 21:46
ComboFix3.txt 2011-03-08 20:48
ComboFix4.txt 2011-03-08 19:48
ComboFix5.txt 2011-03-09 15:19
.
Avant-CF: 58 462 076 928 bytes free
Après-CF: 58 378 964 992 bytes free
.
- - End Of File - - 4651BEAA196F32C60CC4A3A3AA59E114
Voilà, j'espère que c'est bon cette fois.
Merci pour les scripts en passant !
ComboFix 11-03-08.08 - BibiRouge 2011-03-09 10:30:17.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.526 [GMT -5:00]
Lancé depuis: c:\documents and settings\BibiRouge\Desktop\BibiRouge.exe
Commutateurs utilisés :: c:\documents and settings\BibiRouge\Desktop\CFScript.txt
AV: eTrust ITM *Disabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\documents and settings\LocalService\Application Data\MbBHPA.js"
"c:\documents and settings\LocalService\Application Data\OgyAB.js"
"c:\documents and settings\NetworkService\Application Data\105.bat"
"c:\documents and settings\NetworkService\Application Data\115.bat"
"c:\documents and settings\NetworkService\Application Data\1838.bat"
"c:\documents and settings\NetworkService\Application Data\1842.bat"
"c:\documents and settings\NetworkService\Application Data\2556.bat"
"c:\documents and settings\NetworkService\Application Data\2692.bat"
"c:\documents and settings\NetworkService\Application Data\2768.bat"
"c:\documents and settings\NetworkService\Application Data\2786.bat"
"c:\documents and settings\NetworkService\Application Data\3034.bat"
"c:\documents and settings\NetworkService\Application Data\3148.bat"
"c:\documents and settings\NetworkService\Application Data\3797.bat"
"c:\documents and settings\NetworkService\Application Data\3861.bat"
"c:\documents and settings\NetworkService\Application Data\3960.bat"
"c:\documents and settings\NetworkService\Application Data\4.bat"
"c:\documents and settings\NetworkService\Application Data\4102.bat"
"c:\documents and settings\NetworkService\Application Data\4150.bat"
"c:\documents and settings\NetworkService\Application Data\4826.bat"
"c:\documents and settings\NetworkService\Application Data\517.bat"
"c:\documents and settings\NetworkService\Application Data\5363.bat"
"c:\documents and settings\NetworkService\Application Data\5507.bat"
"c:\documents and settings\NetworkService\Application Data\6137.bat"
"c:\documents and settings\NetworkService\Application Data\6611.bat"
"c:\documents and settings\NetworkService\Application Data\6628.bat"
"c:\documents and settings\NetworkService\Application Data\6699.bat"
"c:\documents and settings\NetworkService\Application Data\729.bat"
"c:\documents and settings\NetworkService\Application Data\7674.bat"
"c:\documents and settings\NetworkService\Application Data\7826.bat"
"c:\documents and settings\NetworkService\Application Data\784.bat"
"c:\documents and settings\NetworkService\Application Data\8189.bat"
"c:\documents and settings\NetworkService\Application Data\8774.bat"
"c:\documents and settings\NetworkService\Application Data\8819.bat"
"c:\documents and settings\NetworkService\Application Data\928.bat"
"c:\documents and settings\NetworkService\Application Data\9327.bat"
"c:\documents and settings\NetworkService\Application Data\9430.bat"
"c:\documents and settings\NetworkService\Application Data\a2oxcIs.js"
"c:\documents and settings\NetworkService\Application Data\ao25uY.js"
"c:\documents and settings\NetworkService\Application Data\BA3mY.js"
"c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js"
"c:\documents and settings\NetworkService\Application Data\c8GTP.js"
"c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js"
"c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js"
"c:\documents and settings\NetworkService\Application Data\dH2Pv.js"
"c:\documents and settings\NetworkService\Application Data\E62LaWk.js"
"c:\documents and settings\NetworkService\Application Data\eJE1O.js"
"c:\documents and settings\NetworkService\Application Data\eUrKaZW.js"
"c:\documents and settings\NetworkService\Application Data\FAdO5.js"
"c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js"
"c:\documents and settings\NetworkService\Application Data\HnsXUleV.js"
"c:\documents and settings\NetworkService\Application Data\HQClmm.js"
"c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js"
"c:\documents and settings\NetworkService\Application Data\ikpNOW.js"
"c:\documents and settings\NetworkService\Application Data\IzNfYS.js"
"c:\documents and settings\NetworkService\Application Data\krWEFc.js"
"c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js"
"c:\documents and settings\NetworkService\Application Data\M87LF.js"
"c:\documents and settings\NetworkService\Application Data\ngOxj.js"
"c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js"
"c:\documents and settings\NetworkService\Application Data\OTve6mO.js"
"c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js"
"c:\documents and settings\NetworkService\Application Data\skd19sWx.js"
"c:\documents and settings\NetworkService\Application Data\SMa08V.js"
"c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js"
"c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js"
"c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js"
"c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js"
"c:\documents and settings\NetworkService\Application Data\wKigw4uK.js"
"c:\documents and settings\NetworkService\Application Data\xcT9U.js"
"c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js"
"c:\documents and settings\Yvette\Application Data\1532.bat"
"c:\documents and settings\Yvette\Application Data\9448.bat"
"c:\documents and settings\Yvette\Application Data\go1lGALDP.js"
"c:\documents and settings\Yvette\Application Data\rkolud8nJ.js"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hLdLkOe03100
c:\documents and settings\All Users\Application Data\hLdLkOe03100\hLdLkOe03100
c:\documents and settings\LocalService\Application Data\MbBHPA.js
c:\documents and settings\LocalService\Application Data\OgyAB.js
c:\documents and settings\NetworkService\Application Data\105.bat
c:\documents and settings\NetworkService\Application Data\115.bat
c:\documents and settings\NetworkService\Application Data\1838.bat
c:\documents and settings\NetworkService\Application Data\1842.bat
c:\documents and settings\NetworkService\Application Data\2556.bat
c:\documents and settings\NetworkService\Application Data\2692.bat
c:\documents and settings\NetworkService\Application Data\2768.bat
c:\documents and settings\NetworkService\Application Data\2786.bat
c:\documents and settings\NetworkService\Application Data\3034.bat
c:\documents and settings\NetworkService\Application Data\3148.bat
c:\documents and settings\NetworkService\Application Data\3797.bat
c:\documents and settings\NetworkService\Application Data\3861.bat
c:\documents and settings\NetworkService\Application Data\3960.bat
c:\documents and settings\NetworkService\Application Data\4.bat
c:\documents and settings\NetworkService\Application Data\4102.bat
c:\documents and settings\NetworkService\Application Data\4150.bat
c:\documents and settings\NetworkService\Application Data\4826.bat
c:\documents and settings\NetworkService\Application Data\517.bat
c:\documents and settings\NetworkService\Application Data\5363.bat
c:\documents and settings\NetworkService\Application Data\5507.bat
c:\documents and settings\NetworkService\Application Data\6137.bat
c:\documents and settings\NetworkService\Application Data\6611.bat
c:\documents and settings\NetworkService\Application Data\6628.bat
c:\documents and settings\NetworkService\Application Data\6699.bat
c:\documents and settings\NetworkService\Application Data\729.bat
c:\documents and settings\NetworkService\Application Data\7674.bat
c:\documents and settings\NetworkService\Application Data\7826.bat
c:\documents and settings\NetworkService\Application Data\784.bat
c:\documents and settings\NetworkService\Application Data\8189.bat
c:\documents and settings\NetworkService\Application Data\8774.bat
c:\documents and settings\NetworkService\Application Data\8819.bat
c:\documents and settings\NetworkService\Application Data\928.bat
c:\documents and settings\NetworkService\Application Data\9327.bat
c:\documents and settings\NetworkService\Application Data\9430.bat
c:\documents and settings\NetworkService\Application Data\a2oxcIs.js
c:\documents and settings\NetworkService\Application Data\ao25uY.js
c:\documents and settings\NetworkService\Application Data\BA3mY.js
c:\documents and settings\NetworkService\Application Data\bissPTO2gl.js
c:\documents and settings\NetworkService\Application Data\c8GTP.js
c:\documents and settings\NetworkService\Application Data\cbr3bVo7.js
c:\documents and settings\NetworkService\Application Data\CX2e2Cr.js
c:\documents and settings\NetworkService\Application Data\dH2Pv.js
c:\documents and settings\NetworkService\Application Data\E62LaWk.js
c:\documents and settings\NetworkService\Application Data\eJE1O.js
c:\documents and settings\NetworkService\Application Data\eUrKaZW.js
c:\documents and settings\NetworkService\Application Data\FAdO5.js
c:\documents and settings\NetworkService\Application Data\FhTzrOdNm.js
c:\documents and settings\NetworkService\Application Data\HnsXUleV.js
c:\documents and settings\NetworkService\Application Data\HQClmm.js
c:\documents and settings\NetworkService\Application Data\i7KNoKn9kH.js
c:\documents and settings\NetworkService\Application Data\ikpNOW.js
c:\documents and settings\NetworkService\Application Data\IzNfYS.js
c:\documents and settings\NetworkService\Application Data\krWEFc.js
c:\documents and settings\NetworkService\Application Data\lg9xa3aWgq.js
c:\documents and settings\NetworkService\Application Data\M87LF.js
c:\documents and settings\NetworkService\Application Data\ngOxj.js
c:\documents and settings\NetworkService\Application Data\NtUtAMAfi.js
c:\documents and settings\NetworkService\Application Data\OTve6mO.js
c:\documents and settings\NetworkService\Application Data\S2mHpYaVuo.js
c:\documents and settings\NetworkService\Application Data\skd19sWx.js
c:\documents and settings\NetworkService\Application Data\SMa08V.js
c:\documents and settings\NetworkService\Application Data\SnfllOHuS.js
c:\documents and settings\NetworkService\Application Data\ux36gxI9K.js
c:\documents and settings\NetworkService\Application Data\VlcchwQ7.js
c:\documents and settings\NetworkService\Application Data\w7Zot9FK.js
c:\documents and settings\NetworkService\Application Data\wKigw4uK.js
c:\documents and settings\NetworkService\Application Data\xcT9U.js
c:\documents and settings\NetworkService\Application Data\Zisu0Lp.js
c:\documents and settings\Yvette\Application Data\1532.bat
c:\documents and settings\Yvette\Application Data\9448.bat
c:\documents and settings\Yvette\Application Data\go1lGALDP.js
c:\documents and settings\Yvette\Application Data\rkolud8nJ.js
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RVYAKRWQR
-------\Service_rvyakrwqr
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-09 au 2011-03-09 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-08 19:40 . 2010-08-17 13:19 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-03-08 19:36 . 2011-03-08 19:37 -------- d-----w- C:\BibiRouge
2011-03-08 16:36 . 2011-03-08 16:36 -------- d-----w- c:\program files\Ad-Remover
2011-03-08 15:56 . 2011-03-08 18:56 -------- d-----w- C:\Hijackthis
2011-03-01 17:25 . 2011-03-01 17:25 -------- d-----w- c:\documents and settings\Yvette\Application Data\Malwarebytes
2011-02-10 16:27 . 2011-02-10 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2011-02-09 21:30 . 2011-03-08 20:40 -------- d-----w- c:\windows\system32\wbem\Logs
2011-02-09 20:19 . 2011-02-10 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Deployment
2011-02-09 17:27 . 2011-02-10 16:27 -------- d-----w- c:\windows\Downloaded Program Files
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\ParetoLogic
2011-02-09 17:16 . 2011-02-09 17:16 -------- d-----w- c:\documents and settings\BibiRouge\Application Data\DriverCure
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-09 17:15 . 2011-02-09 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 20:52 . 2005-08-16 10:18 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-02-04 22:48 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 10:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 10:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 10:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 10:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-08-16 10:18 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2011-01-25 16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-25 16:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-08_18.57.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-09 15:35 . 2011-03-09 15:35 16384 c:\windows\temp\Perflib_Perfdata_6b0.dat
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2005-08-16 10:18 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2005-08-16 10:18 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
- 2005-08-16 10:27 . 2010-12-20 18:10 294072 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 10:27 . 2011-03-08 22:13 294072 c:\windows\system32\FNTCACHE.DAT
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
+ 2006-10-09 21:12 . 2011-02-04 22:48 291840 c:\windows\system32\dllcache\sbe.dll
+ 2005-08-16 10:18 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2005-08-16 10:18 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2005-08-16 10:18 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2006-10-09 21:12 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
- 2006-10-09 21:12 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
- 2010-10-28 13:13 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-10-28 13:13 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2005-08-16 10:18 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2005-08-16 10:18 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2005-08-16 10:18 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2005-08-16 10:18 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2008-10-16 17:30 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 17:30 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 17:30 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-01-19 18:55 . 2011-03-03 00:56 37943240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2005-12-10 274432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ParetoLogic\\PCHA\\PCHA.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2011-02-09 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: microsoft.com\www.update
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\BibiRouge\Application Data\Mozilla\Firefox\Profiles\cvf5r5bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2011-03-09 10:39:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-09 15:39
ComboFix2.txt 2011-03-08 21:46
ComboFix3.txt 2011-03-08 20:48
ComboFix4.txt 2011-03-08 19:48
ComboFix5.txt 2011-03-09 15:19
.
Avant-CF: 58 462 076 928 bytes free
Après-CF: 58 378 964 992 bytes free
.
- - End Of File - - 4651BEAA196F32C60CC4A3A3AA59E114
Voilà, j'espère que c'est bon cette fois.
Merci pour les scripts en passant !
Eh ben voilà le ménage est fait ^^
Nous allons effectuer un diagnostic de ton PC:
▶ Télécharge ZHPDiag sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"
/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/
Si indispo:
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.cjoint.com/
ou :
https://www.casimages.com/
▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Hébergement de rapport sur pjjoint.malekal.com
▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
@+
Nous allons effectuer un diagnostic de ton PC:
▶ Télécharge ZHPDiag sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"
/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/
Si indispo:
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.cjoint.com/
ou :
https://www.casimages.com/
▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Hébergement de rapport sur pjjoint.malekal.com
▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
@+
