Sujet Précédent Sujet Suivant

Rapport d'analyse après scan à vot bon coeur

Fermé
Pierrolechti - 7 juil. 2011 à 10:45
 Utilisateur anonyme - 8 juil. 2011 à 11:56
Bonjour,


Merci de trouver ci-joint mon rapport d'analyse pour avoir votre avis pour cette cochonnerie de "Goméo"

ComboFix 11-07-06.06 - Pierre 07/07/2011 9:20.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.650 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierre\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. /i
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pierre\Application Data\Desktopicon
c:\documents and settings\Pierre\Application Data\Desktopicon\config.ini
c:\documents and settings\Pierre\WINDOWS
c:\program files\rnamfler
c:\program files\rnamfler\naomf.exe
c:\program files\rnamfler\radprlib.dll
c:\program files\rnamfler\Thumbs.db
.
c:\windows\system32\tftp.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-06-07 au 2011-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-07-07 06:54 . 2011-07-07 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-07 05:57 . 2011-07-07 05:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 05:56 . 2011-07-07 05:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\Pierre\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 18:55 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 13:34 . 2011-07-05 13:34 0 ----a-w- c:\documents and settings\Pierre\ntuser.tmp
2011-07-03 20:51 . 2011-07-03 20:51 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-07-03 19:37 . 2011-07-03 19:37 -------- d-----w- c:\program files\PageRage
2011-07-02 18:37 . 2011-07-02 18:38 -------- d-----w- c:\documents and settings\Pierre\Application Data\vlc
2011-07-02 18:16 . 2011-07-02 18:16 -------- d-----w- c:\program files\VideoLAN
2011-07-02 18:09 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 18:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-07-01 19:23 . 2011-07-01 19:34 -------- d-----w- c:\documents and settings\Pierre\Local Settings\Application Data\MediaGet2
2011-06-29 14:20 . 2011-07-01 16:46 -------- d-----w- c:\windows\arm
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\documents and settings\All Users\Menu Dmarrer
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\program files\Fichiers communs\Steam
2011-06-28 19:26 . 2011-06-30 06:08 -------- d-----w- c:\program files\Steam
2011-06-28 19:25 . 2011-06-28 19:26 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-06-28 13:20 . 2011-06-28 13:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-26 19:45 . 2011-06-26 19:45 -------- d--h--w- c:\windows\PIF
2011-06-23 14:23 . 2010-10-23 14:04 49152 ----a-w- c:\windows\system32\VbHTTPCopy.ocx
2011-06-23 14:23 . 2004-10-28 12:50 45056 ----a-w- c:\windows\system32\HttpCopy_OCX.ocx
2011-06-23 14:23 . 2000-12-05 16:30 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-06-22 09:26 . 2011-06-22 09:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-06-22 08:01 . 2011-06-22 08:01 -------- d-----r- c:\documents and settings\LocalService\Favoris
2011-06-19 11:45 . 2011-06-19 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-18 19:09 . 2011-06-18 19:15 -------- d-----w- c:\documents and settings\Pierre\Application Data\uTorrent
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-17 19:16 . 2011-06-17 19:33 -------- d-----w- c:\program files\Counter-Strike Source
2011-06-17 16:41 . 2011-06-17 16:41 -------- d-----w- c:\program files\Fichiers communs\DirectX
2011-06-16 15:01 . 2011-06-16 15:02 -------- d-----w- c:\program files\Fichiers communs\Adobe
2011-06-16 06:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 16:31 . 2011-06-15 16:31 -------- d-----w- c:\program files\Gamigo Games
2011-06-15 11:55 . 2011-06-16 10:32 -------- d-----w- c:\documents and settings\Pierre\Local Settings\Application Data\PMB Files
2011-06-15 11:54 . 2011-06-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-06-12 11:43 . 2011-06-12 11:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-09 17:57 . 2011-06-09 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird
2011-06-08 10:54 . 2011-06-12 11:45 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-08 10:54 . 2011-06-12 11:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 09:57 . 2011-05-31 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2009-01-07 20:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-01-07 20:25 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-01-07 20:25 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-01-07 20:25 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-01-07 20:25 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-01-07 20:25 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-01-07 20:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-01-07 20:25 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2007-09-04 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-05 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-05 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-05 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-05 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-05 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-05 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-07 05:56 . 2011-04-17 13:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ADVANCE WL-54PCI.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ADVANCE WL-54PCI.lnk
backup=c:\windows\pss\ADVANCE WL-54PCI.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Catalyst System Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Catalyst System Tray.lnk
backup=c:\windows\pss\Catalyst System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 12:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPIO]
2007-01-23 17:36 463872 -c--a-w- c:\program files\Press&Go\GPIOManager\LoadGPIO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-10-01 08:53 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-28 19:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\calculatice\\apache\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"arm"= c:\\WINDOWS\\arm\\svchost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58746:TCP"= 58746:TCP:Pando Media Booster
"58746:UDP"= 58746:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/10/2010 18:26 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2011 20:09 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2009 22:25 307928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [13/07/2009 18:41 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [13/07/2009 18:41 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/01/2009 22:25 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/07/2011 20:55 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/07/2011 20:55 22712]
S2 gupdate1c98c65c3f66e24;Google Update Service (gupdate1c98c65c3f66e24);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 krdpdre;krdpdre;\??\c:\docume~1\Pierre\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\Pierre\LOCALS~1\Temp\krdpdre.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/07/2009 12:42 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/07/2009 12:42 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [08/03/2009 17:52 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\Pierre\Application Data\Mozilla\Firefox\Profiles\8w0qx45a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm159YYfr&ptb=587D7C43-67EA-4904-BC92-85DEE23C8440&psa=&ind=2011022213&ptnrS=YJxdm159YYfr&si=xFR&st=kwd&n=77ddc385&searchfor=

.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-BabyGoCP - c:\program files\FreeAngel\FreeAngel.exe
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
MSConfigStartUp-Bvucun - c:\windows\APInmipr.dll
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-wrna3ls - c:\program files\rnamfler\naomf.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\windows\TEMP\_avast_\unp181680177.tmp 30404 bytes
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM380215A rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-13
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1D631B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84C441DF-676C-39C2-D2E8-085780DEDC11}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegfagihnkdpclcnf"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
"haofddfjnpnkndbd"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1444)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Heure de fin: 2011-07-07 10:17:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-07-07 08:17
.
Avant-CF: 23 716 057 088 octets libres
Après-CF: 23 880 024 064 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - DBB98C194BD09B4DCDB1E5CA40EC8F3C
A voir également:

15 réponses

Réponse 1 / 15
Utilisateur anonyme
7 juil. 2011 à 11:16

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

File::
c:\documents and settings\Pierre\ntuser.tmp
c:\windows\TEMP\_avast_\unp181680177.tmp

Folder::
c:\documents and settings\Pierre\Local Settings\Application Data\MediaGet2
c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
c:\windows\arm

Registry::
[HKLM\System\CurrentControlset\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"arm"=-

Driver::
ASKService
ASKUpgrade
krdpdre

DDS::
uInternet Connection Wizard,ShellNext = iexplore

FireFox::
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm159YYfr&ptb=587D7C43-67EA-4904-BC92-85DEE23C8440&psa=&ind=2011022213&ptnrS=YJxdm159YYfr&si=xFR&st=kwd&n=77ddc385&searchfor=

RegLock::
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84C441DF-676C-39C2-D2E8-085780DEDC11}]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


1
Réponse 2 / 15
Pierrolechti
7 juil. 2011 à 12:16
Désolé de te poser cette question mais comment je fais pour trouver et ouvrir le fichier combofix pour déposer ton script ???
0
Réponse 3 / 15
Utilisateur anonyme
7 juil. 2011 à 12:36
bah tu l'ouvres pas , tu depose le script dessus ,il est sur ton bureau :

c:\documents and settings\Pierre\Bureau\ComboFix.exe
0
Réponse 4 / 15
Pierrolechti
7 juil. 2011 à 14:52
OK, désolé pour a question bête, voilà le résultat du scan :

ComboFix 11-07-07.01 - Pierre 07/07/2011 13:29:55.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.894 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierre\Bureau\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tftp.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-06-07 au 2011-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-07-07 06:54 . 2011-07-07 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-07 05:57 . 2011-07-07 05:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 05:56 . 2011-07-07 05:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\Pierre\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 18:55 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 13:34 . 2011-07-05 13:34 0 ----a-w- c:\documents and settings\Pierre\ntuser.tmp
2011-07-03 20:51 . 2011-07-03 20:51 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-07-03 19:37 . 2011-07-03 19:37 -------- d-----w- c:\program files\PageRage
2011-07-02 18:37 . 2011-07-02 18:38 -------- d-----w- c:\documents and settings\Pierre\Application Data\vlc
2011-07-02 18:16 . 2011-07-02 18:16 -------- d-----w- c:\program files\VideoLAN
2011-07-02 18:09 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 18:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-07-01 19:23 . 2011-07-01 19:34 -------- d-----w- c:\documents and settings\Pierre\Local Settings\Application Data\MediaGet2
2011-06-29 14:20 . 2011-07-01 16:46 -------- d-----w- c:\windows\arm
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\documents and settings\All Users\Menu Dmarrer
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\program files\Fichiers communs\Steam
2011-06-28 19:26 . 2011-06-30 06:08 -------- d-----w- c:\program files\Steam
2011-06-28 19:25 . 2011-06-28 19:26 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-06-28 13:20 . 2011-06-28 13:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-26 19:45 . 2011-06-26 19:45 -------- d--h--w- c:\windows\PIF
2011-06-23 14:23 . 2010-10-23 14:04 49152 ----a-w- c:\windows\system32\VbHTTPCopy.ocx
2011-06-23 14:23 . 2004-10-28 12:50 45056 ----a-w- c:\windows\system32\HttpCopy_OCX.ocx
2011-06-23 14:23 . 2000-12-05 16:30 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-06-22 09:26 . 2011-06-22 09:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-06-22 08:01 . 2011-06-22 08:01 -------- d-----r- c:\documents and settings\LocalService\Favoris
2011-06-19 11:45 . 2011-06-19 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-18 19:09 . 2011-06-18 19:15 -------- d-----w- c:\documents and settings\Pierre\Application Data\uTorrent
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-17 19:16 . 2011-06-17 19:33 -------- d-----w- c:\program files\Counter-Strike Source
2011-06-17 16:41 . 2011-06-17 16:41 -------- d-----w- c:\program files\Fichiers communs\DirectX
2011-06-16 15:01 . 2011-06-16 15:02 -------- d-----w- c:\program files\Fichiers communs\Adobe
2011-06-16 06:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 16:31 . 2011-06-15 16:31 -------- d-----w- c:\program files\Gamigo Games
2011-06-15 11:55 . 2011-06-16 10:32 -------- d-----w- c:\documents and settings\Pierre\Local Settings\Application Data\PMB Files
2011-06-15 11:54 . 2011-06-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-06-12 11:43 . 2011-06-12 11:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-09 17:57 . 2011-06-09 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird
2011-06-08 10:54 . 2011-06-12 11:45 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-08 10:54 . 2011-06-12 11:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 09:57 . 2011-05-31 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2009-01-07 20:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-01-07 20:25 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-01-07 20:25 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-01-07 20:25 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-01-07 20:25 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-01-07 20:25 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-01-07 20:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-01-07 20:25 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2007-09-04 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-05 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-05 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-05 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-05 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-05 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-05 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-07 05:56 . 2011-04-17 13:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ADVANCE WL-54PCI.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ADVANCE WL-54PCI.lnk
backup=c:\windows\pss\ADVANCE WL-54PCI.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Catalyst System Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Catalyst System Tray.lnk
backup=c:\windows\pss\Catalyst System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 12:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPIO]
2007-01-23 17:36 463872 -c--a-w- c:\program files\Press&Go\GPIOManager\LoadGPIO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-10-01 08:53 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-28 19:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\calculatice\\apache\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"arm"= c:\\WINDOWS\\arm\\svchost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58746:TCP"= 58746:TCP:Pando Media Booster
"58746:UDP"= 58746:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/10/2010 18:26 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2011 20:09 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2009 22:25 307928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [13/07/2009 18:41 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [13/07/2009 18:41 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/01/2009 22:25 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/07/2011 20:55 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/07/2011 20:55 22712]
S2 gupdate1c98c65c3f66e24;Google Update Service (gupdate1c98c65c3f66e24);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 krdpdre;krdpdre;\??\c:\docume~1\Pierre\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\Pierre\LOCALS~1\Temp\krdpdre.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/07/2009 12:42 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/07/2009 12:42 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [08/03/2009 17:52 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\Pierre\Application Data\Mozilla\Firefox\Profiles\8w0qx45a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm159YYfr&ptb=587D7C43-67EA-4904-BC92-85DEE23C8440&psa=&ind=2011022213&ptnrS=YJxdm159YYfr&si=xFR&st=kwd&n=77ddc385&searchfor=

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 14:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM380215A rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-13
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1FB31B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84C441DF-676C-39C2-D2E8-085780DEDC11}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegfagihnkdpclcnf"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
"haofddfjnpnkndbd"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1156)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2011-07-07 14:21:41
ComboFix-quarantined-files.txt 2011-07-07 12:21
ComboFix2.txt 2011-07-07 10:12
ComboFix3.txt 2011-07-07 08:17
.
Avant-CF: 23 828 123 648 octets libres
Après-CF: 23 806 791 680 octets libres
.
- - End Of File - - 8612A094DCE4A8ADA03C9DCC6B7B8258
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Utilisateur anonyme
7 juil. 2011 à 14:53
tu n'as pas fait ce qui est demandé tu as simplement relancé combofix :S
0
Réponse 6 / 15
Pierrolechti
7 juil. 2011 à 14:55
je refais un autre essai ...
0
Réponse 7 / 15
Pierrolechti
7 juil. 2011 à 16:27
Voilà qui est fait et ci-dessous le résultat du scan ...

ComboFix 11-07-07.01 - Pierre 07/07/2011 15:37:06.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.591 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierre\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Pierre\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Pierre\ntuser.tmp"
"c:\windows\TEMP\_avast_\unp181680177.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pierre\Local Settings\Application Data\MediaGet2
c:\documents and settings\Pierre\Local Settings\Application Data\MediaGet2\parameters.txt
c:\documents and settings\Pierre\ntuser.tmp
c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla.dll
c:\windows\arm
.
c:\windows\system32\tftp.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Legacy_KRDPDRE
-------\Service_ASKService
-------\Service_ASKUpgrade
-------\Service_krdpdre
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-06-07 au 2011-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-07-07 06:54 . 2011-07-07 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-07 05:57 . 2011-07-07 05:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 05:56 . 2011-07-07 05:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\Pierre\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 18:55 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 20:51 . 2011-07-03 20:51 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-07-03 19:37 . 2011-07-03 19:37 -------- d-----w- c:\program files\PageRage
2011-07-02 18:37 . 2011-07-02 18:38 -------- d-----w- c:\documents and settings\Pierre\Application Data\vlc
2011-07-02 18:16 . 2011-07-02 18:16 -------- d-----w- c:\program files\VideoLAN
2011-07-02 18:09 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 18:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\documents and settings\All Users\Menu Dmarrer
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\program files\Fichiers communs\Steam
2011-06-28 19:26 . 2011-06-30 06:08 -------- d-----w- c:\program files\Steam
2011-06-28 13:20 . 2011-06-28 13:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-26 19:45 . 2011-06-26 19:45 -------- d--h--w- c:\windows\PIF
2011-06-23 14:23 . 2010-10-23 14:04 49152 ----a-w- c:\windows\system32\VbHTTPCopy.ocx
2011-06-23 14:23 . 2004-10-28 12:50 45056 ----a-w- c:\windows\system32\HttpCopy_OCX.ocx
2011-06-23 14:23 . 2000-12-05 16:30 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-06-22 09:26 . 2011-06-22 09:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-06-22 08:01 . 2011-06-22 08:01 -------- d-----r- c:\documents and settings\LocalService\Favoris
2011-06-19 11:45 . 2011-06-19 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-18 19:09 . 2011-06-18 19:15 -------- d-----w- c:\documents and settings\Pierre\Application Data\uTorrent
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-17 19:16 . 2011-06-17 19:33 -------- d-----w- c:\program files\Counter-Strike Source
2011-06-17 16:41 . 2011-06-17 16:41 -------- d-----w- c:\program files\Fichiers communs\DirectX
2011-06-16 15:01 . 2011-06-16 15:02 -------- d-----w- c:\program files\Fichiers communs\Adobe
2011-06-16 06:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 16:31 . 2011-06-15 16:31 -------- d-----w- c:\program files\Gamigo Games
2011-06-15 11:55 . 2011-06-16 10:32 -------- d-----w- c:\documents and settings\Pierre\Local Settings\Application Data\PMB Files
2011-06-15 11:54 . 2011-06-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-06-12 11:43 . 2011-06-12 11:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-09 17:57 . 2011-06-09 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird
2011-06-08 10:54 . 2011-06-12 11:45 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-08 10:54 . 2011-06-12 11:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 09:57 . 2011-05-31 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2009-01-07 20:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-01-07 20:25 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-01-07 20:25 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-01-07 20:25 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-01-07 20:25 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-01-07 20:25 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-01-07 20:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-01-07 20:25 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2007-09-04 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-05 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-05 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-05 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-05 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-05 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-05 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-07 05:56 . 2011-04-17 13:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-07_12.09.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-07 14:00 . 2011-07-07 14:00 16384 c:\windows\Temp\Perflib_Perfdata_38c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ADVANCE WL-54PCI.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ADVANCE WL-54PCI.lnk
backup=c:\windows\pss\ADVANCE WL-54PCI.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Catalyst System Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Catalyst System Tray.lnk
backup=c:\windows\pss\Catalyst System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 12:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPIO]
2007-01-23 17:36 463872 -c--a-w- c:\program files\Press&Go\GPIOManager\LoadGPIO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-10-01 08:53 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-28 19:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\calculatice\\apache\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"arm"= c:\\WINDOWS\\arm\\svchost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58746:TCP"= 58746:TCP:Pando Media Booster
"58746:UDP"= 58746:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/10/2010 18:26 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2011 20:09 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2009 22:25 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/01/2009 22:25 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/07/2011 20:55 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/07/2011 20:55 22712]
S2 gupdate1c98c65c3f66e24;Google Update Service (gupdate1c98c65c3f66e24);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/07/2009 12:42 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/07/2009 12:42 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [08/03/2009 17:52 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\Pierre\Application Data\Mozilla\Firefox\Profiles\8w0qx45a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm159YYfr&ptb=587D7C43-67EA-4904-BC92-85DEE23C8440&psa=&ind=2011022213&ptnrS=YJxdm159YYfr&si=xFR&st=kwd&n=77ddc385&searchfor=

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 16:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM380215A rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-13
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1D831B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84C441DF-676C-39C2-D2E8-085780DEDC11}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegfagihnkdpclcnf"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
"haofddfjnpnkndbd"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2011-07-07 16:18:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-07-07 14:18
ComboFix2.txt 2011-07-07 12:21
ComboFix3.txt 2011-07-07 10:12
ComboFix4.txt 2011-07-07 08:17
.
Avant-CF: 23 794 229 248 octets libres
Après-CF: 23 785 693 184 octets libres
.
- - End Of File - - 215A3FA7FD2F449D31688C20C0DA2D2D
0
Réponse 8 / 15
Utilisateur anonyme
7 juil. 2011 à 16:54
tu es certain d'avoir tout pris ? il y a des trucs qui sont encore presents....
0
Réponse 9 / 15
Pierrolechti
7 juil. 2011 à 20:12
Pour moi oui, j'ai tout glissé tel quel, mais à un moment l'ordi s'est bloqué et j'ai du l'éteindre et e redémarrer, peut être que ça a interrompu le processus !

Je vais le refaire ce soir s'il le faut.
0
Réponse 10 / 15
Utilisateur anonyme
7 juil. 2011 à 20:30
tu as eu un message d'erreur quand ca s'est bloqué ?
0
Réponse 11 / 15
Pierrolechti
7 juil. 2011 à 21:26
Non, juste bloqué, j'ai du éteindre la bécane manuellement ...
0
Réponse 12 / 15
Pierrolechti
8 juil. 2011 à 10:08
Voilà le dernier scan de ce matin:

ComboFix 11-07-07.06 - Pierre 08/07/2011 9:21.5.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.925 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierre\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Pierre\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Pierre\ntuser.tmp"
"c:\windows\TEMP\_avast_\unp181680177.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GuffinsEI
.
c:\windows\system32\tftp.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-06-08 au 2011-07-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-07-08 07:43 . 2011-07-08 07:43 0 ----a-w- c:\documents and settings\Pierre\ntuser.tmp
2011-07-07 06:54 . 2011-07-07 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-07 05:57 . 2011-07-07 05:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 05:56 . 2011-07-07 05:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\Pierre\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-06 18:55 . 2011-07-06 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 18:55 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 20:51 . 2011-07-03 20:51 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-07-03 19:37 . 2011-07-03 19:37 -------- d-----w- c:\program files\PageRage
2011-07-02 18:37 . 2011-07-02 18:38 -------- d-----w- c:\documents and settings\Pierre\Application Data\vlc
2011-07-02 18:16 . 2011-07-02 18:16 -------- d-----w- c:\program files\VideoLAN
2011-07-02 18:09 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 18:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\documents and settings\All Users\Menu Dmarrer
2011-06-28 19:26 . 2011-06-28 19:26 -------- d-----w- c:\program files\Fichiers communs\Steam
2011-06-28 19:26 . 2011-06-30 06:08 -------- d-----w- c:\program files\Steam
2011-06-28 13:20 . 2011-06-28 13:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-26 19:45 . 2011-06-26 19:45 -------- d--h--w- c:\windows\PIF
2011-06-23 14:23 . 2010-10-23 14:04 49152 ----a-w- c:\windows\system32\VbHTTPCopy.ocx
2011-06-23 14:23 . 2004-10-28 12:50 45056 ----a-w- c:\windows\system32\HttpCopy_OCX.ocx
2011-06-23 14:23 . 2000-12-05 16:30 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-06-22 09:26 . 2011-06-22 09:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-06-22 08:01 . 2011-06-22 08:01 -------- d-----r- c:\documents and settings\LocalService\Favoris
2011-06-19 11:45 . 2011-06-19 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-18 19:09 . 2011-06-18 19:15 -------- d-----w- c:\documents and settings\Pierre\Application Data\uTorrent
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-06-18 09:19 . 2011-06-18 09:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-17 19:16 . 2011-06-17 19:33 -------- d-----w- c:\program files\Counter-Strike Source
2011-06-17 16:41 . 2011-06-17 16:41 -------- d-----w- c:\program files\Fichiers communs\DirectX
2011-06-16 15:01 . 2011-06-16 15:02 -------- d-----w- c:\program files\Fichiers communs\Adobe
2011-06-16 06:11 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 16:31 . 2011-06-15 16:31 -------- d-----w- c:\program files\Gamigo Games
2011-06-15 11:55 . 2011-06-16 10:32 -------- d-----w- c:\documents and settings\Pierre\Local Settings\Application Data\PMB Files
2011-06-15 11:54 . 2011-06-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-06-12 11:43 . 2011-06-12 11:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-09 17:57 . 2011-06-09 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Thunderbird
2011-06-08 10:54 . 2011-06-12 11:45 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-08 10:54 . 2011-06-12 11:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 09:57 . 2011-05-31 06:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2009-01-07 20:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-01-07 20:25 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-01-07 20:25 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-01-07 20:25 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-01-07 20:25 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-01-07 20:25 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-01-07 20:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-01-07 20:25 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2007-09-04 17:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-05 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-05 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2006-03-04 03:35 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-05 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-05 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-05 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-05 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-07 05:56 . 2011-04-17 13:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-07_12.09.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-08 07:45 . 2011-07-08 07:45 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ADVANCE WL-54PCI.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ADVANCE WL-54PCI.lnk
backup=c:\windows\pss\ADVANCE WL-54PCI.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Catalyst System Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Catalyst System Tray.lnk
backup=c:\windows\pss\Catalyst System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Pierre^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Pierre\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 12:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPIO]
2007-01-23 17:36 463872 -c--a-w- c:\program files\Press&Go\GPIOManager\LoadGPIO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-10-01 08:53 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-28 19:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\calculatice\\apache\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"arm"= c:\\WINDOWS\\arm\\svchost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58746:TCP"= 58746:TCP:Pando Media Booster
"58746:UDP"= 58746:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/10/2010 18:26 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/07/2011 20:09 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2009 22:25 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/01/2009 22:25 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/07/2011 20:55 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/07/2011 20:55 22712]
S2 gupdate1c98c65c3f66e24;Google Update Service (gupdate1c98c65c3f66e24);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:28 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/07/2009 12:42 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/07/2009 12:42 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [08/03/2009 17:52 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\Pierre\Application Data\Mozilla\Firefox\Profiles\8w0qx45a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm159YYfr&ptb=587D7C43-67EA-4904-BC92-85DEE23C8440&psa=&ind=2011022213&ptnrS=YJxdm159YYfr&si=xFR&st=kwd&n=77ddc385&searchfor=

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-08 09:48
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_STM380215A rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-13
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1FC31B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84C441DF-676C-39C2-D2E8-085780DEDC11}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegfagihnkdpclcnf"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
"haofddfjnpnkndbd"=hex:6b,61,6c,6d,65,68,65,65,6c,6d,66,66,6b,6e,6a,63,68,6a,
6d,69,6d,66,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1636)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Heure de fin: 2011-07-08 10:06:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-07-08 08:05
ComboFix2.txt 2011-07-07 14:18
ComboFix3.txt 2011-07-07 12:21
ComboFix4.txt 2011-07-07 10:12
ComboFix5.txt 2011-07-08 07:17
.
Avant-CF: 23 720 058 880 octets libres
Après-CF: 23 727 341 568 octets libres
.
- - End Of File - - 49F5FE4ADF3ECD1297A5DA12997D89E4
0
Réponse 13 / 15
Utilisateur anonyme
8 juil. 2011 à 10:13
tu n'écoutes rien !

combofix n'est pas renommé comme demandé
je ne t'ai pas demandé de relancer combofix en cliquant dessus
0
Réponse 14 / 15
Pierrolechti
8 juil. 2011 à 11:40
Je n'ai pas cliqué sur combofix mais par contre j'ai bien glissé déposé le fichier CFScript.txt dessus et ensuite combo s'est lancé.

A quel moment m'as tu demandé de renommé Combofix ?

Désolé d'être une bille, chacun à ses spécialités !
0
Réponse 15 / 15
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 8/07/2011 à 12:04
non en fait oublie , j'étais persuadé que c'était moi qui te l'avais fait télécharger et du coup je ne te l'ai pas dit ^^

et en fait c'est moi qui ne fais pas attention car c'est le rapport que je voulais en fait

méa culpa ^^
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Discussions similaires

Comment faire le symbole coeur vide/coeur blanc
Paria -
2008G.C -

60 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
comment lire des bd gratuitement en ligne sur internet ?
theodu13480 -
Ereka -

2 réponses
Comment faire les coeur vide sur FB
ßaß -
3 -

24 réponses
Problème lecture Scan manga
léa -
nagisa_hl -

14 réponses