Un scan de combofix.... trojann
Fermé
kmem
Messages postés
13
Statut
Membre
-
Zpoupette Messages postés 4847 Statut Membre -
Zpoupette Messages postés 4847 Statut Membre -
Bonjour, voilà ce que me dit combofix après un scan (c'est le log), mon ordi va mieux depuis l'intervention de combofix la question est : est ce qu'il reste un problème ???
ComboFix 08-11-11.01 - Kévin 2008-11-18 1:04:06.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1630 [GMT 1:00]
Lancé depuis: c:\users\Kévin\Desktop\C-fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\system32\DelSelf.bat
c:\windows\system32\Drivers\TDSSnrae.sys
c:\windows\system32\fci.exe.exe
c:\windows\system32\hgGAsTJd.dll
c:\windows\system32\icf.exe.exe
c:\windows\system32\iifedcyA.dll
c:\windows\system32\TDSSirhm.dll
c:\windows\system32\TDSSmbcb.dll
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSvrnx.log
c:\windows\system32\TDSSwnvu.dll
c:\windows\system32\TDSSwxws.dll
c:\windows\system32\TDSSxcrd.dat
c:\windows\system32\twain_32
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RESTORE
-------\Legacy_TDSSSERV.SYS
-------\Service_FCI
-------\Service_ICF
-------\Service_restore
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 00:12 3,145,728 --sha-w c:\users\Kévin\ntuser.dat
2008-11-18 00:12 3,145,728 --sha-w c:\users\Kévin\ntuser.dat
2008-11-17 19:16 --------- d-----w c:\users\Kévin\AppData\Roaming\OpenOffice.org2
2008-11-17 19:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-17 19:10 --------- d-----w c:\programdata\NortonInstaller
2008-11-17 17:46 5,760 ----a-w c:\windows\system32\drivers\restore.sys
2008-11-17 17:40 --------- d-----w c:\programdata\Avira
2008-11-17 17:40 --------- d-----w c:\program files\Avira
2008-11-17 12:48 54,784 ----a-w C:\kbqbptn.exe
2008-11-17 12:48 140,288 ----a-w C:\wtbcccq.exe
2008-11-17 12:48 12,800 ----a-w C:\pxka.exe
2008-11-17 12:41 --------- d-----w c:\program files\Acoustica Shared Effects
2008-11-17 12:41 --------- d-----w c:\program files\Acoustica Mixcraft 4
2008-11-17 12:17 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 23:06 27,335 ----a-w c:\users\Kévin\AppData\Roaming\nvModes.dat
2008-11-16 21:19 --------- d-----w c:\users\Kévin\AppData\Roaming\Adobe
2008-11-16 21:08 --------- d-----w c:\program files\eMule
2008-11-13 21:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 21:49 --------- d-----w c:\program files\Avanquest update
2008-11-13 20:22 --------- d-----w c:\users\Kévin\AppData\Roaming\Sony
2008-11-13 20:22 --------- d-----w c:\programdata\Sony
2008-11-13 20:18 --------- d-----w c:\program files\Sony Ericsson
2008-11-13 20:18 --------- d-----w c:\program files\Sony
2008-11-13 19:26 --------- d-----w c:\program files\QuickTime
2008-11-13 19:24 --------- d-----w c:\programdata\Apple Computer
2008-11-13 19:23 --------- d-----w c:\programdata\Apple
2008-11-13 19:23 --------- d-----w c:\program files\Apple Software Update
2008-11-13 19:05 --------- d-----w c:\programdata\BVRP Software
2008-11-13 18:15 --------- d-----w c:\programdata\Sony Ericsson
2008-11-13 18:14 --------- d-----w c:\users\Kévin\AppData\Roaming\InstallShield
2008-11-11 15:40 --------- d-----w c:\users\Kévin\AppData\Roaming\AutoTransfer
2008-11-02 19:08 --------- d-----w c:\programdata\LightScribe
2008-11-02 18:24 --------- d-----w c:\users\Kévin\AppData\Roaming\U3
2008-10-28 00:33 --------- d-----w c:\program files\Alcohol Soft
2008-10-28 00:29 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-27 17:56 --------- d-----w c:\program files\NeroInstall.bak
2008-10-27 17:44 --------- d-----w c:\users\Kévin\AppData\Roaming\Nero
2008-10-27 17:41 --------- d-----w c:\program files\Common Files\Nero
2008-10-27 17:36 --------- d-----w c:\programdata\Nero
2008-10-27 17:36 --------- d-----w c:\program files\Nero
2008-10-26 17:17 --------- d-----w c:\users\Kévin\AppData\Roaming\Acoustica
2008-10-26 17:06 --------- d-----w c:\programdata\Acoustica
2008-10-26 16:58 --------- d-----w c:\program files\Audacity
2008-10-22 16:38 --------- d-----w c:\users\Kévin\AppData\Roaming\Canneverbe_Limited
2008-10-19 16:08 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-07-10 04:37 174 --sha-w c:\program files\desktop.ini
2007-09-01 08:25 233,472 ----a-w c:\users\Kévin\AppData\Roaming\REX Shared Library.dll
2007-09-01 08:25 225,280 ----a-w c:\users\Kévin\AppData\Roaming\Rewire.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2008-10-02 633632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-01 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
c:\users\K‚vin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-04 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1000355598-3372287618-1290148152-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{BB670EF7-EC31-40A5-9769-E8303E2FCFCD}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{F6791FF1-C083-4B43-ACF5-8DFA7500BD81}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{B6CBD347-6FE9-4F9F-8F50-09EF3BB29DC7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{60C27698-DF8C-4EE3-90C2-5CF3EB966723}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{6434C121-BE89-4174-96AC-C9B3AC252934}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E96C5390-85CC-42CF-BCEB-D07A39C9964C}c:\\sierra\\counter-strike\\cstrike.exe"= UDP:c:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"UDP Query User{1BEEA39C-83E7-4383-8662-11B20B075482}c:\\sierra\\counter-strike\\cstrike.exe"= TCP:c:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"{D1C623E6-6769-4EEB-8FF7-FE989F4B1FDE}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{47CC6677-A709-44CC-9A98-07FE5DE395A0}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-03-02 41184]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2007-04-26 35024]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-04-26 67120]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Pack Securite\Anti-Virus\minifilter\fsvista.sys [2007-04-26 13168]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2007-08-30 114496]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 59760]
S3 Permanp4nasd;Permanp4nasd;c:\windows\system32\drivers\elxstor.sys [2006-11-02 316520]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 25456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29acd7a8-798b-11dc-bda1-001b244fdc6f}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6496f867-3c88-11dd-b45f-001b244fdc6f}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88dbb22b-573e-11dc-a045-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a638b70f-6e37-11dd-94dd-001b244fdc6f}]
\shell\AutoRun\command - G:\2.cmd
\shell\explore\Command - G:\2.cmd
\shell\open\Command - G:\2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac7c7467-2991-11dd-9ff7-001b244fdc6f}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f31e4d-afcd-11dd-9c25-001b244fdc6f}]
\shell\AutoRun\command - G:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f31e5d-afcd-11dd-9c25-001b244fdc6f}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'
2008-11-17 c:\windows\Tasks\User_Feed_Synchronization-{EA1CE26F-3FA4-4AB6-B9FF-DFA1F3F1E9E4}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Run-Iomega Automatic Backup 1.0.1 - c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe
HKLM-Run-MSServer - c:\windows\system32\iifedcyA.dll
HKLM-RunOnce-<NO NAME> - (no file)
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
ShellExecuteHooks-{4FD130AE-D8D2-4137-A680-C5CF233BE545} - c:\windows\system32\iifedcyA.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Kévin\AppData\Roaming\Mozilla\Firefox\Profiles\duxh8176.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 01:12:47
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\KVIN~1\AppData\Local\Temp\Kévin.bmp 31832 bytes
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\wbem\unsecapp.exe
c:\windows\HelpPane.exe
.
**************************************************************************
.
Heure de fin: 2008-11-18 1:23:10 - La machine a redémarré [Kévin]
ComboFix-quarantined-files.txt 2008-11-18 00:22:58
Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 27,742,740,480 octets libres
246 --- E O F --- 2008-11-17 12:17:50
Merci !!!
ComboFix 08-11-11.01 - Kévin 2008-11-18 1:04:06.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1630 [GMT 1:00]
Lancé depuis: c:\users\Kévin\Desktop\C-fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\system32\DelSelf.bat
c:\windows\system32\Drivers\TDSSnrae.sys
c:\windows\system32\fci.exe.exe
c:\windows\system32\hgGAsTJd.dll
c:\windows\system32\icf.exe.exe
c:\windows\system32\iifedcyA.dll
c:\windows\system32\TDSSirhm.dll
c:\windows\system32\TDSSmbcb.dll
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSvrnx.log
c:\windows\system32\TDSSwnvu.dll
c:\windows\system32\TDSSwxws.dll
c:\windows\system32\TDSSxcrd.dat
c:\windows\system32\twain_32
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RESTORE
-------\Legacy_TDSSSERV.SYS
-------\Service_FCI
-------\Service_ICF
-------\Service_restore
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans ce laps de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 00:12 3,145,728 --sha-w c:\users\Kévin\ntuser.dat
2008-11-18 00:12 3,145,728 --sha-w c:\users\Kévin\ntuser.dat
2008-11-17 19:16 --------- d-----w c:\users\Kévin\AppData\Roaming\OpenOffice.org2
2008-11-17 19:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-17 19:10 --------- d-----w c:\programdata\NortonInstaller
2008-11-17 17:46 5,760 ----a-w c:\windows\system32\drivers\restore.sys
2008-11-17 17:40 --------- d-----w c:\programdata\Avira
2008-11-17 17:40 --------- d-----w c:\program files\Avira
2008-11-17 12:48 54,784 ----a-w C:\kbqbptn.exe
2008-11-17 12:48 140,288 ----a-w C:\wtbcccq.exe
2008-11-17 12:48 12,800 ----a-w C:\pxka.exe
2008-11-17 12:41 --------- d-----w c:\program files\Acoustica Shared Effects
2008-11-17 12:41 --------- d-----w c:\program files\Acoustica Mixcraft 4
2008-11-17 12:17 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 23:06 27,335 ----a-w c:\users\Kévin\AppData\Roaming\nvModes.dat
2008-11-16 21:19 --------- d-----w c:\users\Kévin\AppData\Roaming\Adobe
2008-11-16 21:08 --------- d-----w c:\program files\eMule
2008-11-13 21:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 21:49 --------- d-----w c:\program files\Avanquest update
2008-11-13 20:22 --------- d-----w c:\users\Kévin\AppData\Roaming\Sony
2008-11-13 20:22 --------- d-----w c:\programdata\Sony
2008-11-13 20:18 --------- d-----w c:\program files\Sony Ericsson
2008-11-13 20:18 --------- d-----w c:\program files\Sony
2008-11-13 19:26 --------- d-----w c:\program files\QuickTime
2008-11-13 19:24 --------- d-----w c:\programdata\Apple Computer
2008-11-13 19:23 --------- d-----w c:\programdata\Apple
2008-11-13 19:23 --------- d-----w c:\program files\Apple Software Update
2008-11-13 19:05 --------- d-----w c:\programdata\BVRP Software
2008-11-13 18:15 --------- d-----w c:\programdata\Sony Ericsson
2008-11-13 18:14 --------- d-----w c:\users\Kévin\AppData\Roaming\InstallShield
2008-11-11 15:40 --------- d-----w c:\users\Kévin\AppData\Roaming\AutoTransfer
2008-11-02 19:08 --------- d-----w c:\programdata\LightScribe
2008-11-02 18:24 --------- d-----w c:\users\Kévin\AppData\Roaming\U3
2008-10-28 00:33 --------- d-----w c:\program files\Alcohol Soft
2008-10-28 00:29 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-27 17:56 --------- d-----w c:\program files\NeroInstall.bak
2008-10-27 17:44 --------- d-----w c:\users\Kévin\AppData\Roaming\Nero
2008-10-27 17:41 --------- d-----w c:\program files\Common Files\Nero
2008-10-27 17:36 --------- d-----w c:\programdata\Nero
2008-10-27 17:36 --------- d-----w c:\program files\Nero
2008-10-26 17:17 --------- d-----w c:\users\Kévin\AppData\Roaming\Acoustica
2008-10-26 17:06 --------- d-----w c:\programdata\Acoustica
2008-10-26 16:58 --------- d-----w c:\program files\Audacity
2008-10-22 16:38 --------- d-----w c:\users\Kévin\AppData\Roaming\Canneverbe_Limited
2008-10-19 16:08 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-07-10 04:37 174 --sha-w c:\program files\desktop.ini
2007-09-01 08:25 233,472 ----a-w c:\users\Kévin\AppData\Roaming\REX Shared Library.dll
2007-09-01 08:25 225,280 ----a-w c:\users\Kévin\AppData\Roaming\Rewire.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2008-10-02 633632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-01 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
c:\users\K‚vin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-04 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1000355598-3372287618-1290148152-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{BB670EF7-EC31-40A5-9769-E8303E2FCFCD}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{F6791FF1-C083-4B43-ACF5-8DFA7500BD81}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{B6CBD347-6FE9-4F9F-8F50-09EF3BB29DC7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{60C27698-DF8C-4EE3-90C2-5CF3EB966723}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{6434C121-BE89-4174-96AC-C9B3AC252934}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E96C5390-85CC-42CF-BCEB-D07A39C9964C}c:\\sierra\\counter-strike\\cstrike.exe"= UDP:c:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"UDP Query User{1BEEA39C-83E7-4383-8662-11B20B075482}c:\\sierra\\counter-strike\\cstrike.exe"= TCP:c:\sierra\counter-strike\cstrike.exe:CounterStrike Launcher
"{D1C623E6-6769-4EEB-8FF7-FE989F4B1FDE}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{47CC6677-A709-44CC-9A98-07FE5DE395A0}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-03-02 41184]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2007-04-26 35024]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-04-26 67120]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Pack Securite\Anti-Virus\minifilter\fsvista.sys [2007-04-26 13168]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2007-08-30 114496]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 59760]
S3 Permanp4nasd;Permanp4nasd;c:\windows\system32\drivers\elxstor.sys [2006-11-02 316520]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 25456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29acd7a8-798b-11dc-bda1-001b244fdc6f}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6496f867-3c88-11dd-b45f-001b244fdc6f}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88dbb22b-573e-11dc-a045-806e6f6e6963}]
\shell\AutoRun\command - E:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a638b70f-6e37-11dd-94dd-001b244fdc6f}]
\shell\AutoRun\command - G:\2.cmd
\shell\explore\Command - G:\2.cmd
\shell\open\Command - G:\2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac7c7467-2991-11dd-9ff7-001b244fdc6f}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f31e4d-afcd-11dd-9c25-001b244fdc6f}]
\shell\AutoRun\command - G:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f31e5d-afcd-11dd-9c25-001b244fdc6f}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'
2008-11-17 c:\windows\Tasks\User_Feed_Synchronization-{EA1CE26F-3FA4-4AB6-B9FF-DFA1F3F1E9E4}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Run-Iomega Automatic Backup 1.0.1 - c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe
HKLM-Run-MSServer - c:\windows\system32\iifedcyA.dll
HKLM-RunOnce-<NO NAME> - (no file)
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
ShellExecuteHooks-{4FD130AE-D8D2-4137-A680-C5CF233BE545} - c:\windows\system32\iifedcyA.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Kévin\AppData\Roaming\Mozilla\Firefox\Profiles\duxh8176.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 01:12:47
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\KVIN~1\AppData\Local\Temp\Kévin.bmp 31832 bytes
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\wbem\unsecapp.exe
c:\windows\HelpPane.exe
.
**************************************************************************
.
Heure de fin: 2008-11-18 1:23:10 - La machine a redémarré [Kévin]
ComboFix-quarantined-files.txt 2008-11-18 00:22:58
Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 27,742,740,480 octets libres
246 --- E O F --- 2008-11-17 12:17:50
Merci !!!
A voir également:
- Un scan de combofix.... trojann
- Scan qr code pc - Guide
- Sfc scan - Guide
- Scan spotify - Guide
- Scan manga - Forum Réseaux sociaux
- Google traduction photo scan - Guide
2 réponses
Bonjour
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 9472625 hijack this pleaase
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 9472625 hijack this pleaase
