Bonjour a tout le monde,j ai un serieux probleme et besoin de votre aide.Quand je reallume mon pc il apprait un fond d ecran bleue et la mention :Warning!Spyware detected on your computer install an antivirus or spyware remover to clear your computer.
Aidez moi svp!je ne suis pas un expert en info et j utilise un windows xp.
j'ai besoin d'etre assisté avec les utilitaires que vous me conseillerez!
merci d avance.
desinfection et demandes d'analyses
Modérateur: Modérateurs
Règles du forum
Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
Voir le premier message non lu • 17 messages
• Page 1 sur 1
desinfection et demandes d'analyses
par luis roni » 26 Juin 2008 20:44
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 26 Juin 2008 23:44
Bienvenue sur la section sécurité de libellules. 
Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.
Voici comment démarrer.
Poste un rapport Hijackthis (v2.0.2) dans ta prochaine réponse stp :
Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php
Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.
Voici comment démarrer.
Poste un rapport Hijackthis (v2.0.2) dans ta prochaine réponse stp :Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 27 Juin 2008 09:51
Falkra a écrit:Bienvenue sur la section sécurité de libellules.
Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.
Voici comment démarrer.
Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php
ok merci pour l'aide et voilà le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:47, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
F:\WINDOWS\Explorer.EXE
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\PROGRA~1\Grisoft\AVG7\avgw.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Crawler\CToolbar.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\LimeWire\LimeWire.exe
F:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - F:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - F:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SearchSettings] F:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7691 bytes
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 27 Juin 2008 10:20
Il y a de la toolbar infectées (crawler), installée avec spyware terminator. Il ne faut pas installer cette toolbar, elle est vraiment à proscrire.
Télécharge Malwarebytes' Anti-Malware (MBAM)
Télécharge Malwarebytes' Anti-Malware (MBAM)
- Double clique sur le fichier téléchargé pour lancer le processus d'installation.
- Dans l'onglet "mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
- Une fois la mise à jour terminée, rend-toi dans l'onglet, Recherche.
- Sélectionne "Exécuter un examen complet"
- Clique sur "Rechercher"
- Le scan démarre.
- A la fin de l'analyse, un message s'affiche :L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. - Ferme tes navigateurs
- Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. - MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 27 Juin 2008 13:40
voila le rapport de MBAM
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 895
12:35:26 27/06/2008
mbam-log-6-27-2008 (12-35-26).txt
Type de recherche: Examen complet (C:\|E:\|F:\|G:\|)
Eléments examinés: 179677
Temps écoulé: 2 hour(s), 36 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and
deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace)
-> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackground
Page (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
F:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem (Trojan.Agent)
-> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted
successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted
successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted
successfully.
F:\WINDOWS\system32\pphcvndj0e1fl.exe (Trojan.FakeAlert) -> Quarantined and deleted
successfully.
F:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem\audio.dll
(Trojan.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 895
12:35:26 27/06/2008
mbam-log-6-27-2008 (12-35-26).txt
Type de recherche: Examen complet (C:\|E:\|F:\|G:\|)
Eléments examinés: 179677
Temps écoulé: 2 hour(s), 36 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and
deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace)
-> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackground
Page (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage
(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
F:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem (Trojan.Agent)
-> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted
successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted
successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted
successfully.
F:\WINDOWS\system32\pphcvndj0e1fl.exe (Trojan.FakeAlert) -> Quarantined and deleted
successfully.
F:\Documents and Settings\LocalService.AUTORITE NT\Application Data\wsnpoem\audio.dll
(Trojan.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
F:\Documents and Settings\Administrateur\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) ->
Quarantined and deleted successfully.
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 27 Juin 2008 15:51
Impec. Poste un nouveau rapport HijackThis stp, on va finir.
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 27 Juin 2008 16:10
voila nouveau rapport hijackthick
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:53, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
F:\WINDOWS\Explorer.EXE
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\LimeWire\LimeWire.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Crawler\CToolbar.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\LOGICIELS\UTILITAIRES\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - F:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - F:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SearchSettings] F:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] F:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7785 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:53, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
F:\WINDOWS\Explorer.EXE
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\LimeWire\LimeWire.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Crawler\CToolbar.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\LOGICIELS\UTILITAIRES\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - F:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - F:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SearchSettings] F:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] F:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7785 bytes
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 27 Juin 2008 16:16
Il en reste un bon paquet par ailleurs, je vais te les virer par un script, en une seule fois.
Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).
Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).
- Assure toi que tous les programmes sont fermés avant de commencer.
- Double-clique combofix.exe afin de l'exécuter.
- Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
- Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
- [color="#CC0000"]Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.[/color]
- Lorsque l'analyse sera terminée, un rapport apparaîtra.
- Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais). - Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 27 Juin 2008 17:40
rapport combofix
ComboFix 08-06-20.4 - Administrateur 2008-06-27 16:27:52.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.227 [GMT 1:00]
Endroit: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-19 17:48 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 09:39 . 2008-06-19 17:47 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 19:18 . 2008-06-27 16:26 <REP> d-------- F:\Program Files\Crawler
2008-06-26 15:27 . 2008-06-26 15:32 <REP> d-------- F:\Program Files\Trojan Remover
2008-06-26 15:27 . 2008-06-26 15:27 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-06-26 15:27 . 2003-02-02 19:06 153,088 --a------ F:\WINDOWS\system32\UNRAR3.dll
2008-06-26 15:27 . 2002-03-06 00:00 75,264 --a------ F:\WINDOWS\system32\unacev2.dll
2008-06-26 15:22 . 2008-06-26 19:54 <REP> d-------- F:\Program Files\Spyware Terminator
2008-06-26 15:22 . 2008-06-26 19:54 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-06-26 15:22 . 2008-06-26 17:17 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
2008-06-26 15:22 . 2008-06-26 15:22 141,312 --a------ F:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-26 15:12 . 2008-06-26 15:26 <REP> d-------- F:\Program Files\rhcrndj0e1fl
2008-06-26 15:12 . 2008-06-26 15:12 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\rhcrndj0e1fl
2008-06-26 15:05 . 2008-06-26 15:05 109,056 --a------ F:\WINDOWS\system32\lphcvndj0e1fl.exe
2008-06-26 15:05 . 2008-06-26 15:08 90,838 --a------ F:\WINDOWS\system32\phcvndj0e1fl.bmp
2008-06-26 15:05 . 2008-06-26 15:08 60,928 --a------ F:\WINDOWS\system32\blphcvndj0e1fl.scr
2008-06-25 17:28 . 1997-02-27 06:00 94,992 --a------ F:\WINDOWS\system32\VB5FR.DLL
2008-06-25 17:28 . 1997-09-24 22:46 89,600 --a------ F:\WINDOWS\system32\Grid32.OCX
2008-06-25 17:28 . 2001-05-19 18:47 31,744 --a------ F:\WINDOWS\system32\Grid32.oca
2008-06-21 09:11 . 2008-06-21 09:34 <REP> d-------- F:\Program Files\PMSSAARI
2008-06-11 11:17 . 2008-06-11 11:17 0 --a------ F:\1D.tmp
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\WINDOWS\Crystal
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\Program Files\Seagate Software
2008-06-11 08:27 . 2008-06-11 08:27 <REP> d-------- F:\Program Files\MapInfo MapX
2008-06-10 09:10 . 2008-06-10 09:10 <REP> d-------- F:\MySQLpb
2008-06-07 08:09 . 2004-08-04 00:54 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-06-06 11:57 . 2001-03-17 20:34 22,528 --a------ F:\WINDOWS\system32\WNASPI32.DLL
2008-06-06 11:57 . 2002-07-17 08:05 16,512 --a------ F:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-06 11:56 . 2008-06-06 11:56 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\AVS4YOU
2008-06-06 11:55 . 2008-06-06 11:55 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2008-06-06 11:55 . 2006-03-03 10:02 658,432 --a------ F:\WINDOWS\system32\cc3270mt.dll
2008-06-06 11:55 . 2002-01-05 15:40 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-06-06 11:55 . 2003-05-21 13:50 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-06-06 11:47 . 2008-06-26 15:30 <REP> d-------- F:\Program Files\Fx Audio Conveter
2008-06-06 11:15 . 2008-06-06 11:15 33,846 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2008-06-06 11:15 . 2008-06-06 11:15 3,311 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2008-06-06 11:01 . 2008-06-06 11:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Search Settings
2008-06-06 10:58 . 2008-06-06 10:58 <REP> d-------- F:\Program Files\Search Settings
2008-06-06 10:44 . 2005-02-24 14:10 2,084,864 --a------ F:\WINDOWS\system32\AudDesign.dll
2008-06-06 10:44 . 2005-03-11 19:37 1,986,560 --a------ F:\WINDOWS\system32\AudFile.dll
2008-06-06 10:44 . 2005-02-24 14:11 1,212,416 --a------ F:\WINDOWS\system32\AudioInfos.dll
2008-06-06 10:44 . 2005-02-24 14:11 479,232 --a------ F:\WINDOWS\system32\AudioVisu.dll
2008-06-06 10:44 . 2005-02-24 17:21 458,752 --a------ F:\WINDOWS\system32\AudPlayer.dll
2008-06-06 10:44 . 2005-03-10 18:00 454,656 --a------ F:\WINDOWS\system32\AudioRecord.dll
2008-06-06 10:44 . 2005-02-24 14:10 417,792 --a------ F:\WINDOWS\system32\AudDisplay.dll
2008-06-06 10:44 . 2005-02-24 13:51 348,160 --a------ F:\WINDOWS\system32\WMAFile.dll
2008-06-06 10:44 . 2005-01-10 14:54 116,296 --a------ F:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Program Files\Illustrate
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AccurateRip
2008-06-06 10:01 . 2008-06-06 11:15 133,632 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité\Application Data\AVG7
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:33 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-27 10:30 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\AVG7
2008-06-27 07:07 --------- d---a-w F:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-26 14:29 --------- d-----w F:\Program Files\ABAEnglishCourse
2008-06-21 08:34 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-06-21 08:34 --------- d-----w F:\Program Files\Fichiers communs\SAGE
2008-06-21 08:08 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-06-13 10:43 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\MySQL
2008-06-11 06:49 --------- d-----w F:\Program Files\MyFOGESCO
2008-06-11 06:48 74,752 ----a-w F:\WINDOWS\ST6UNST.EXE
2008-06-11 06:48 290,816 ------w F:\WINDOWS\Setup1.exe
2008-06-11 06:47 --------- d-----w F:\Program Files\MyMAJDB
2008-05-23 08:09 --------- d-----w F:\Program Files\Boson Software
2008-04-29 18:38 --------- d-----w F:\Program Files\Organizer
2008-04-29 18:34 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Konrad Papala
2008-04-25 06:45 499,712 ----a-w F:\WINDOWS\system32\msvcp71.dll
2008-04-25 06:45 348,160 ----a-w F:\WINDOWS\system32\msvcr71.dll
2008-04-16 18:57 37,888 ----a-w F:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-04-16 17:56 1107296 --a------ F:\Program Files\Search Settings\kb127\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2002-05-14 20:29 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2002-05-14 20:20 114688]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-02-26 15:33 146432]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 10:30 579584]
"SearchSettings"="F:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56 985440]
"MSConfig"="F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:54 160768]
"SpywareTerminator"="F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-26 15:22 1817600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 07:45 219136]
F:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-13 20:39:45 69632]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2008-05-15 07:54:16 118784]
[HKLM\~\startupfolder\F:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^.vbs]
path=F:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\.vbs
backup=F:\WINDOWS\pss\.vbsCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcvndj0e1fl]
--a------ 2008-06-26 15:05 109056 F:\WINDOWS\system32\lphcvndj0e1fl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcrndj0e1fl]
F:\Program Files\rhcrndj0e1fl\rhcrndj0e1fl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-03-16 13:44 296544 F:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;F:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-26 15:22]
R2 Serveur Sage;Serveur Sage;F:\WINDOWS\system32\CBASE.EXE [2001-05-04 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;F:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##FOBERD-OLOUMI#TREMPLIN]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\tmf3w3g0.com
\Shell\explore\Command - D:\tmf3w3g0.com
\Shell\open\Command - D:\tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\tmf3w3g0.com
\Shell\explore\Command - H:\tmf3w3g0.com
\Shell\open\Command - H:\tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{111739b2-fd65-11dc-b1ab-0050fc285fca}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6774790d-4287-11dd-a3b9-806d6172696f}]
\Shell\AutoRun\command - H:\tmf3w3g0.com
\Shell\explore\Command - H:\tmf3w3g0.com
\Shell\open\Command - H:\tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75882320-ecee-11dc-b185-0050fc285fca}]
\Shell\AutoRun\command - H:\copetttt.com
\Shell\explore\Command - H:\copetttt.com
\Shell\open\Command - H:\copetttt.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d9cad2-f004-11dc-b18e-0050fc285fca}]
\Shell\Auto\command - K:\auto.exe
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4d224b3-3ea1-11dd-b88c-0050fc285fca}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cftmonn.exe
\Shell\setup\command - H:\cftmonn.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc7d9164-0e0f-11dd-b742-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 16:33:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"G:\MySQL\Server\bin\mysqld-nt\" --defaults-file=\"G:\MySQL\Server\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-27 16:35:25
ComboFix-quarantined-files.txt 2008-06-27 15:35:19
Pre-Run: 161,292,288 octets libres
Post-Run: 883,609,600 octets libres
207 --- E O F --- 2008-03-11 20:36:36
ComboFix 08-06-20.4 - Administrateur 2008-06-27 16:27:52.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.227 [GMT 1:00]
Endroit: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-19 17:48 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 09:39 . 2008-06-19 17:47 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 19:18 . 2008-06-27 16:26 <REP> d-------- F:\Program Files\Crawler
2008-06-26 15:27 . 2008-06-26 15:32 <REP> d-------- F:\Program Files\Trojan Remover
2008-06-26 15:27 . 2008-06-26 15:27 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-06-26 15:27 . 2003-02-02 19:06 153,088 --a------ F:\WINDOWS\system32\UNRAR3.dll
2008-06-26 15:27 . 2002-03-06 00:00 75,264 --a------ F:\WINDOWS\system32\unacev2.dll
2008-06-26 15:22 . 2008-06-26 19:54 <REP> d-------- F:\Program Files\Spyware Terminator
2008-06-26 15:22 . 2008-06-26 19:54 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-06-26 15:22 . 2008-06-26 17:17 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
2008-06-26 15:22 . 2008-06-26 15:22 141,312 --a------ F:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-26 15:12 . 2008-06-26 15:26 <REP> d-------- F:\Program Files\rhcrndj0e1fl
2008-06-26 15:12 . 2008-06-26 15:12 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\rhcrndj0e1fl
2008-06-26 15:05 . 2008-06-26 15:05 109,056 --a------ F:\WINDOWS\system32\lphcvndj0e1fl.exe
2008-06-26 15:05 . 2008-06-26 15:08 90,838 --a------ F:\WINDOWS\system32\phcvndj0e1fl.bmp
2008-06-26 15:05 . 2008-06-26 15:08 60,928 --a------ F:\WINDOWS\system32\blphcvndj0e1fl.scr
2008-06-25 17:28 . 1997-02-27 06:00 94,992 --a------ F:\WINDOWS\system32\VB5FR.DLL
2008-06-25 17:28 . 1997-09-24 22:46 89,600 --a------ F:\WINDOWS\system32\Grid32.OCX
2008-06-25 17:28 . 2001-05-19 18:47 31,744 --a------ F:\WINDOWS\system32\Grid32.oca
2008-06-21 09:11 . 2008-06-21 09:34 <REP> d-------- F:\Program Files\PMSSAARI
2008-06-11 11:17 . 2008-06-11 11:17 0 --a------ F:\1D.tmp
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\WINDOWS\Crystal
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\Program Files\Seagate Software
2008-06-11 08:27 . 2008-06-11 08:27 <REP> d-------- F:\Program Files\MapInfo MapX
2008-06-10 09:10 . 2008-06-10 09:10 <REP> d-------- F:\MySQLpb
2008-06-07 08:09 . 2004-08-04 00:54 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-06-06 11:57 . 2001-03-17 20:34 22,528 --a------ F:\WINDOWS\system32\WNASPI32.DLL
2008-06-06 11:57 . 2002-07-17 08:05 16,512 --a------ F:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-06 11:56 . 2008-06-06 11:56 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\AVS4YOU
2008-06-06 11:55 . 2008-06-06 11:55 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2008-06-06 11:55 . 2006-03-03 10:02 658,432 --a------ F:\WINDOWS\system32\cc3270mt.dll
2008-06-06 11:55 . 2002-01-05 15:40 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-06-06 11:55 . 2003-05-21 13:50 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-06-06 11:47 . 2008-06-26 15:30 <REP> d-------- F:\Program Files\Fx Audio Conveter
2008-06-06 11:15 . 2008-06-06 11:15 33,846 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2008-06-06 11:15 . 2008-06-06 11:15 3,311 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2008-06-06 11:01 . 2008-06-06 11:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Search Settings
2008-06-06 10:58 . 2008-06-06 10:58 <REP> d-------- F:\Program Files\Search Settings
2008-06-06 10:44 . 2005-02-24 14:10 2,084,864 --a------ F:\WINDOWS\system32\AudDesign.dll
2008-06-06 10:44 . 2005-03-11 19:37 1,986,560 --a------ F:\WINDOWS\system32\AudFile.dll
2008-06-06 10:44 . 2005-02-24 14:11 1,212,416 --a------ F:\WINDOWS\system32\AudioInfos.dll
2008-06-06 10:44 . 2005-02-24 14:11 479,232 --a------ F:\WINDOWS\system32\AudioVisu.dll
2008-06-06 10:44 . 2005-02-24 17:21 458,752 --a------ F:\WINDOWS\system32\AudPlayer.dll
2008-06-06 10:44 . 2005-03-10 18:00 454,656 --a------ F:\WINDOWS\system32\AudioRecord.dll
2008-06-06 10:44 . 2005-02-24 14:10 417,792 --a------ F:\WINDOWS\system32\AudDisplay.dll
2008-06-06 10:44 . 2005-02-24 13:51 348,160 --a------ F:\WINDOWS\system32\WMAFile.dll
2008-06-06 10:44 . 2005-01-10 14:54 116,296 --a------ F:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Program Files\Illustrate
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AccurateRip
2008-06-06 10:01 . 2008-06-06 11:15 133,632 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité\Application Data\AVG7
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:33 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-27 10:30 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\AVG7
2008-06-27 07:07 --------- d---a-w F:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-26 14:29 --------- d-----w F:\Program Files\ABAEnglishCourse
2008-06-21 08:34 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-06-21 08:34 --------- d-----w F:\Program Files\Fichiers communs\SAGE
2008-06-21 08:08 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-06-13 10:43 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\MySQL
2008-06-11 06:49 --------- d-----w F:\Program Files\MyFOGESCO
2008-06-11 06:48 74,752 ----a-w F:\WINDOWS\ST6UNST.EXE
2008-06-11 06:48 290,816 ------w F:\WINDOWS\Setup1.exe
2008-06-11 06:47 --------- d-----w F:\Program Files\MyMAJDB
2008-05-23 08:09 --------- d-----w F:\Program Files\Boson Software
2008-04-29 18:38 --------- d-----w F:\Program Files\Organizer
2008-04-29 18:34 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Konrad Papala
2008-04-25 06:45 499,712 ----a-w F:\WINDOWS\system32\msvcp71.dll
2008-04-25 06:45 348,160 ----a-w F:\WINDOWS\system32\msvcr71.dll
2008-04-16 18:57 37,888 ----a-w F:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-04-16 17:56 1107296 --a------ F:\Program Files\Search Settings\kb127\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2002-05-14 20:29 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2002-05-14 20:20 114688]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-02-26 15:33 146432]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 10:30 579584]
"SearchSettings"="F:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56 985440]
"MSConfig"="F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:54 160768]
"SpywareTerminator"="F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-26 15:22 1817600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 07:45 219136]
F:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-13 20:39:45 69632]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2008-05-15 07:54:16 118784]
[HKLM\~\startupfolder\F:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^.vbs]
path=F:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\.vbs
backup=F:\WINDOWS\pss\.vbsCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcvndj0e1fl]
--a------ 2008-06-26 15:05 109056 F:\WINDOWS\system32\lphcvndj0e1fl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcrndj0e1fl]
F:\Program Files\rhcrndj0e1fl\rhcrndj0e1fl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-03-16 13:44 296544 F:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;F:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-26 15:22]
R2 Serveur Sage;Serveur Sage;F:\WINDOWS\system32\CBASE.EXE [2001-05-04 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;F:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##FOBERD-OLOUMI#TREMPLIN]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\tmf3w3g0.com
\Shell\explore\Command - D:\tmf3w3g0.com
\Shell\open\Command - D:\tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\tmf3w3g0.com
\Shell\explore\Command - H:\tmf3w3g0.com
\Shell\open\Command - H:\tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{111739b2-fd65-11dc-b1ab-0050fc285fca}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6774790d-4287-11dd-a3b9-806d6172696f}]
\Shell\AutoRun\command - H:\tmf3w3g0.com
\Shell\explore\Command - H:\tmf3w3g0.com
\Shell\open\Command - H:\tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75882320-ecee-11dc-b185-0050fc285fca}]
\Shell\AutoRun\command - H:\copetttt.com
\Shell\explore\Command - H:\copetttt.com
\Shell\open\Command - H:\copetttt.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d9cad2-f004-11dc-b18e-0050fc285fca}]
\Shell\Auto\command - K:\auto.exe
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4d224b3-3ea1-11dd-b88c-0050fc285fca}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cftmonn.exe
\Shell\setup\command - H:\cftmonn.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc7d9164-0e0f-11dd-b742-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 16:33:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"G:\MySQL\Server\bin\mysqld-nt\" --defaults-file=\"G:\MySQL\Server\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-27 16:35:25
ComboFix-quarantined-files.txt 2008-06-27 15:35:19
Pre-Run: 161,292,288 octets libres
Post-Run: 883,609,600 octets libres
207 --- E O F --- 2008-03-11 20:36:36
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 27 Juin 2008 17:49
La machine est très infectée.
N'efface pas de fichier après cela, je vais devoir en faire remonter au xdéveloppeurs, certainement.
Si ton antivirus bippe, fais-lui ignorer les fichiers.
Ensuite ajoute un nouveau rapport hijackThis stp.
N'efface pas de fichier après cela, je vais devoir en faire remonter au xdéveloppeurs, certainement.
Si ton antivirus bippe, fais-lui ignorer les fichiers.
- Ouvre le bloc notes. Copie colle ceci dedans :
File::
F:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\.vbs
Folder::
F:\Program Files\Crawler
F:\Program Files\rhcrndj0e1fl
F:\Documents and Settings\Administrateur\Application Data\rhcrndj0e1fl
F:\WINDOWS\system32\lphcvndj0e1fl.exe
F:\WINDOWS\system32\phcvndj0e1fl.bmp
F:\WINDOWS\system32\blphcvndj0e1fl.scr
F:\Documents and Settings\Administrateur\Application Data\Search Settings
F:\Program Files\Search Settings
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKLM\~\startupfolder\F:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^.vbs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcvndj0e1fl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcrndj0e1fl]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##FOBERD-OLOUMI#TREMPLIN]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{111739b2-fd65-11dc-b1ab-0050fc285fca}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6774790d-4287-11dd-a3b9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75882320-ecee-11dc-b185-0050fc285fca}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d9cad2-f004-11dc-b18e-0050fc285fca}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4d224b3-3ea1-11dd-b88c-0050fc285fca}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc7d9164-0e0f-11dd-b742-806d6172696f}]
- Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
- Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite ajoute un nouveau rapport hijackThis stp.
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 27 Juin 2008 18:44
rapport combofix
ComboFix 08-06-20.4 - Administrateur 2008-06-27 17:10:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.392 [GMT 1:00]
Endroit: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: F:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
F:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\.vbs
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\Administrateur\Application Data\rhcrndj0e1fl
F:\Documents and Settings\Administrateur\Application Data\Search Settings
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14054.log
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14055.log
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14056.log
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14057.log
F:\Program Files\Crawler
F:\Program Files\Crawler\adrkeys.dat
F:\Program Files\Crawler\confirm.dat
F:\Program Files\Crawler\ctbcomm.dll
F:\Program Files\Crawler\ctbr.dll
F:\Program Files\Crawler\CTConf.dat
F:\Program Files\Crawler\CTipsDef.dll
F:\Program Files\Crawler\CToolbar.exe
F:\Program Files\Crawler\CUpdate.exe
F:\Program Files\Crawler\Languages\STWSG_CS.cab
F:\Program Files\Crawler\Languages\STWSG_DE.cab
F:\Program Files\Crawler\Languages\STWSG_EN.cab
F:\Program Files\Crawler\Languages\STWSG_ES.cab
F:\Program Files\Crawler\Languages\STWSG_FR.cab
F:\Program Files\Crawler\Languages\STWSG_IT.cab
F:\Program Files\Crawler\Languages\STWSG_PT-BR.cab
F:\Program Files\Crawler\Languages\STWSG_PT.cab
F:\Program Files\Crawler\Languages\TBR5_CS.cab
F:\Program Files\Crawler\Languages\TBR5_DE.cab
F:\Program Files\Crawler\Languages\TBR5_EN.cab
F:\Program Files\Crawler\Languages\TBR5_ES.cab
F:\Program Files\Crawler\Languages\TBR5_FR.cab
F:\Program Files\Crawler\Languages\TBR5_IT.cab
F:\Program Files\Crawler\Languages\TBR5_PL.cab
F:\Program Files\Crawler\Languages\TBR5_PT-BR.cab
F:\Program Files\Crawler\Languages\TBR5_PT.cab
F:\Program Files\Crawler\Languages\TBR5_RU.cab
F:\Program Files\Crawler\lookfor.dat
F:\Program Files\Crawler\majorse.dat
F:\Program Files\Crawler\rootmenu.dat
F:\Program Files\Crawler\services.dat
F:\Program Files\Crawler\STWSGLanguageAct\info.ini
F:\Program Files\Crawler\STWSGLanguageAct\language.ini
F:\Program Files\Crawler\TBR5LanguageAct\info.ini
F:\Program Files\Crawler\TBR5LanguageAct\language.ini
F:\Program Files\Crawler\Update\domains.cab
F:\Program Files\Crawler\WebSecurityGuard.dll
F:\Program Files\Crawler\WSGData\domains\domains_000.dat
F:\Program Files\Crawler\WSGData\domains\domains_000_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_001.dat
F:\Program Files\Crawler\WSGData\domains\domains_001_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_002.dat
F:\Program Files\Crawler\WSGData\domains\domains_002_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_003.dat
F:\Program Files\Crawler\WSGData\domains\domains_003_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_004.dat
F:\Program Files\Crawler\WSGData\domains\domains_004_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_005.dat
F:\Program Files\Crawler\WSGData\domains\domains_005_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_006.dat
F:\Program Files\Crawler\WSGData\domains\domains_006_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_007.dat
F:\Program Files\Crawler\WSGData\domains\domains_007_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_008.dat
F:\Program Files\Crawler\WSGData\domains\domains_008_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_009.dat
F:\Program Files\Crawler\WSGData\domains\domains_009_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_010.dat
F:\Program Files\Crawler\WSGData\domains\domains_010_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_011.dat
F:\Program Files\Crawler\WSGData\domains\domains_011_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_012.dat
F:\Program Files\Crawler\WSGData\domains\domains_012_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_013.dat
F:\Program Files\Crawler\WSGData\domains\domains_013_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_014.dat
F:\Program Files\Crawler\WSGData\domains\domains_014_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_015.dat
F:\Program Files\Crawler\WSGData\domains\domains_015_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_016.dat
F:\Program Files\Crawler\WSGData\domains\domains_016_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_017.dat
F:\Program Files\Crawler\WSGData\domains\domains_017_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_018.dat
F:\Program Files\Crawler\WSGData\domains\domains_018_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_019.dat
F:\Program Files\Crawler\WSGData\domains\domains_019_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_020.dat
F:\Program Files\Crawler\WSGData\domains\domains_020_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_021.dat
F:\Program Files\Crawler\WSGData\domains\domains_021_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_022.dat
F:\Program Files\Crawler\WSGData\domains\domains_022_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_023.dat
F:\Program Files\Crawler\WSGData\domains\domains_023_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_024.dat
F:\Program Files\Crawler\WSGData\domains\domains_024_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_025.dat
F:\Program Files\Crawler\WSGData\domains\domains_025_diff.dat
F:\Program Files\Crawler\WSGData\domains\index.dat
F:\Program Files\Crawler\WSGData\g_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\p_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\ud_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\w_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\wfilter.dat
F:\Program Files\rhcrndj0e1fl
F:\Program Files\Search Settings
F:\Program Files\Search Settings\kb127\SearchSettings.dll
F:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
F:\Program Files\Search Settings\SearchSettings.exe
F:\WINDOWS\system32\blphcvndj0e1fl.scr\
F:\WINDOWS\system32\lphcvndj0e1fl.exe\
F:\WINDOWS\system32\phcvndj0e1fl.bmp\
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-19 17:48 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 09:39 . 2008-06-19 17:47 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 15:27 . 2008-06-26 15:32 <REP> d-------- F:\Program Files\Trojan Remover
2008-06-26 15:27 . 2008-06-26 15:27 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-06-26 15:27 . 2003-02-02 19:06 153,088 --a------ F:\WINDOWS\system32\UNRAR3.dll
2008-06-26 15:27 . 2002-03-06 00:00 75,264 --a------ F:\WINDOWS\system32\unacev2.dll
2008-06-26 15:05 . 2008-06-26 15:05 109,056 --a------ F:\WINDOWS\system32\lphcvndj0e1fl.exe
2008-06-26 15:05 . 2008-06-26 15:08 90,838 --a------ F:\WINDOWS\system32\phcvndj0e1fl.bmp
2008-06-26 15:05 . 2008-06-26 15:08 60,928 --a------ F:\WINDOWS\system32\blphcvndj0e1fl.scr
2008-06-25 17:28 . 1997-02-27 06:00 94,992 --a------ F:\WINDOWS\system32\VB5FR.DLL
2008-06-25 17:28 . 1997-09-24 22:46 89,600 --a------ F:\WINDOWS\system32\Grid32.OCX
2008-06-25 17:28 . 2001-05-19 18:47 31,744 --a------ F:\WINDOWS\system32\Grid32.oca
2008-06-21 09:11 . 2008-06-21 09:34 <REP> d-------- F:\Program Files\PMSSAARI
2008-06-11 11:17 . 2008-06-11 11:17 0 --a------ F:\1D.tmp
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\WINDOWS\Crystal
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\Program Files\Seagate Software
2008-06-11 08:27 . 2008-06-11 08:27 <REP> d-------- F:\Program Files\MapInfo MapX
2008-06-10 09:10 . 2008-06-10 09:10 <REP> d-------- F:\MySQLpb
2008-06-07 08:09 . 2004-08-04 00:54 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-06-06 11:57 . 2001-03-17 20:34 22,528 --a------ F:\WINDOWS\system32\WNASPI32.DLL
2008-06-06 11:57 . 2002-07-17 08:05 16,512 --a------ F:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-06 11:56 . 2008-06-06 11:56 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\AVS4YOU
2008-06-06 11:55 . 2008-06-06 11:55 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2008-06-06 11:55 . 2006-03-03 10:02 658,432 --a------ F:\WINDOWS\system32\cc3270mt.dll
2008-06-06 11:55 . 2002-01-05 15:40 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-06-06 11:55 . 2003-05-21 13:50 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-06-06 11:47 . 2008-06-26 15:30 <REP> d-------- F:\Program Files\Fx Audio Conveter
2008-06-06 11:15 . 2008-06-06 11:15 33,846 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2008-06-06 11:15 . 2008-06-06 11:15 3,311 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2008-06-06 10:44 . 2005-02-24 14:10 2,084,864 --a------ F:\WINDOWS\system32\AudDesign.dll
2008-06-06 10:44 . 2005-03-11 19:37 1,986,560 --a------ F:\WINDOWS\system32\AudFile.dll
2008-06-06 10:44 . 2005-02-24 14:11 1,212,416 --a------ F:\WINDOWS\system32\AudioInfos.dll
2008-06-06 10:44 . 2005-02-24 14:11 479,232 --a------ F:\WINDOWS\system32\AudioVisu.dll
2008-06-06 10:44 . 2005-02-24 17:21 458,752 --a------ F:\WINDOWS\system32\AudPlayer.dll
2008-06-06 10:44 . 2005-03-10 18:00 454,656 --a------ F:\WINDOWS\system32\AudioRecord.dll
2008-06-06 10:44 . 2005-02-24 14:10 417,792 --a------ F:\WINDOWS\system32\AudDisplay.dll
2008-06-06 10:44 . 2005-02-24 13:51 348,160 --a------ F:\WINDOWS\system32\WMAFile.dll
2008-06-06 10:44 . 2005-01-10 14:54 116,296 --a------ F:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Program Files\Illustrate
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AccurateRip
2008-06-06 10:01 . 2008-06-06 11:15 133,632 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité\Application Data\AVG7
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:51 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-27 10:30 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\AVG7
2008-06-27 07:07 --------- d---a-w F:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-26 14:29 --------- d-----w F:\Program Files\ABAEnglishCourse
2008-06-21 08:34 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-06-21 08:34 --------- d-----w F:\Program Files\Fichiers communs\SAGE
2008-06-21 08:08 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-06-13 10:43 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\MySQL
2008-06-11 06:49 --------- d-----w F:\Program Files\MyFOGESCO
2008-06-11 06:48 74,752 ----a-w F:\WINDOWS\ST6UNST.EXE
2008-06-11 06:48 290,816 ------w F:\WINDOWS\Setup1.exe
2008-06-11 06:47 --------- d-----w F:\Program Files\MyMAJDB
2008-05-23 08:09 --------- d-----w F:\Program Files\Boson Software
2008-04-29 18:38 --------- d-----w F:\Program Files\Organizer
2008-04-29 18:34 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Konrad Papala
2008-04-25 06:45 499,712 ----a-w F:\WINDOWS\system32\msvcp71.dll
2008-04-25 06:45 348,160 ----a-w F:\WINDOWS\system32\msvcr71.dll
2008-04-16 18:57 37,888 ----a-w F:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_16.34.31,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 07:06:03 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-27 15:50:07 2,048 --s-a-w F:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2002-05-14 20:29 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2002-05-14 20:20 114688]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-02-26 15:33 146432]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 10:30 579584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 07:45 219136]
F:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-13 20:39:45 69632]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2008-05-15 07:54:16 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-03-16 13:44 296544 F:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Serveur Sage;Serveur Sage;F:\WINDOWS\system32\CBASE.EXE [2001-05-04 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;F:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:13:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"G:\MySQL\Server\bin\mysqld-nt\" --defaults-file=\"G:\MySQL\Server\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-27 17:15:16
ComboFix-quarantined-files.txt 2008-06-27 16:15:05
ComboFix2.txt 2008-06-27 15:35:26
Pre-Run: 1,571,508,224 octets libres
Post-Run: 1,561,436,160 octets libres
271 --- E O F --- 2008-03-11 20:36:36
rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:14, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\LOGICIELS\UTILITAIRES\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
--
End of file - 6992 bytes
ComboFix 08-06-20.4 - Administrateur 2008-06-27 17:10:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.392 [GMT 1:00]
Endroit: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: F:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
F:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\.vbs
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\Administrateur\Application Data\rhcrndj0e1fl
F:\Documents and Settings\Administrateur\Application Data\Search Settings
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14054.log
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14055.log
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14056.log
F:\Documents and Settings\Administrateur\Application Data\Search Settings\kb127\temp\ws-14057.log
F:\Program Files\Crawler
F:\Program Files\Crawler\adrkeys.dat
F:\Program Files\Crawler\confirm.dat
F:\Program Files\Crawler\ctbcomm.dll
F:\Program Files\Crawler\ctbr.dll
F:\Program Files\Crawler\CTConf.dat
F:\Program Files\Crawler\CTipsDef.dll
F:\Program Files\Crawler\CToolbar.exe
F:\Program Files\Crawler\CUpdate.exe
F:\Program Files\Crawler\Languages\STWSG_CS.cab
F:\Program Files\Crawler\Languages\STWSG_DE.cab
F:\Program Files\Crawler\Languages\STWSG_EN.cab
F:\Program Files\Crawler\Languages\STWSG_ES.cab
F:\Program Files\Crawler\Languages\STWSG_FR.cab
F:\Program Files\Crawler\Languages\STWSG_IT.cab
F:\Program Files\Crawler\Languages\STWSG_PT-BR.cab
F:\Program Files\Crawler\Languages\STWSG_PT.cab
F:\Program Files\Crawler\Languages\TBR5_CS.cab
F:\Program Files\Crawler\Languages\TBR5_DE.cab
F:\Program Files\Crawler\Languages\TBR5_EN.cab
F:\Program Files\Crawler\Languages\TBR5_ES.cab
F:\Program Files\Crawler\Languages\TBR5_FR.cab
F:\Program Files\Crawler\Languages\TBR5_IT.cab
F:\Program Files\Crawler\Languages\TBR5_PL.cab
F:\Program Files\Crawler\Languages\TBR5_PT-BR.cab
F:\Program Files\Crawler\Languages\TBR5_PT.cab
F:\Program Files\Crawler\Languages\TBR5_RU.cab
F:\Program Files\Crawler\lookfor.dat
F:\Program Files\Crawler\majorse.dat
F:\Program Files\Crawler\rootmenu.dat
F:\Program Files\Crawler\services.dat
F:\Program Files\Crawler\STWSGLanguageAct\info.ini
F:\Program Files\Crawler\STWSGLanguageAct\language.ini
F:\Program Files\Crawler\TBR5LanguageAct\info.ini
F:\Program Files\Crawler\TBR5LanguageAct\language.ini
F:\Program Files\Crawler\Update\domains.cab
F:\Program Files\Crawler\WebSecurityGuard.dll
F:\Program Files\Crawler\WSGData\domains\domains_000.dat
F:\Program Files\Crawler\WSGData\domains\domains_000_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_001.dat
F:\Program Files\Crawler\WSGData\domains\domains_001_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_002.dat
F:\Program Files\Crawler\WSGData\domains\domains_002_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_003.dat
F:\Program Files\Crawler\WSGData\domains\domains_003_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_004.dat
F:\Program Files\Crawler\WSGData\domains\domains_004_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_005.dat
F:\Program Files\Crawler\WSGData\domains\domains_005_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_006.dat
F:\Program Files\Crawler\WSGData\domains\domains_006_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_007.dat
F:\Program Files\Crawler\WSGData\domains\domains_007_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_008.dat
F:\Program Files\Crawler\WSGData\domains\domains_008_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_009.dat
F:\Program Files\Crawler\WSGData\domains\domains_009_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_010.dat
F:\Program Files\Crawler\WSGData\domains\domains_010_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_011.dat
F:\Program Files\Crawler\WSGData\domains\domains_011_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_012.dat
F:\Program Files\Crawler\WSGData\domains\domains_012_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_013.dat
F:\Program Files\Crawler\WSGData\domains\domains_013_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_014.dat
F:\Program Files\Crawler\WSGData\domains\domains_014_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_015.dat
F:\Program Files\Crawler\WSGData\domains\domains_015_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_016.dat
F:\Program Files\Crawler\WSGData\domains\domains_016_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_017.dat
F:\Program Files\Crawler\WSGData\domains\domains_017_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_018.dat
F:\Program Files\Crawler\WSGData\domains\domains_018_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_019.dat
F:\Program Files\Crawler\WSGData\domains\domains_019_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_020.dat
F:\Program Files\Crawler\WSGData\domains\domains_020_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_021.dat
F:\Program Files\Crawler\WSGData\domains\domains_021_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_022.dat
F:\Program Files\Crawler\WSGData\domains\domains_022_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_023.dat
F:\Program Files\Crawler\WSGData\domains\domains_023_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_024.dat
F:\Program Files\Crawler\WSGData\domains\domains_024_diff.dat
F:\Program Files\Crawler\WSGData\domains\domains_025.dat
F:\Program Files\Crawler\WSGData\domains\domains_025_diff.dat
F:\Program Files\Crawler\WSGData\domains\index.dat
F:\Program Files\Crawler\WSGData\g_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\p_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\ud_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\w_S-1-5-21-1708537768-630328440-839522115-500.dat
F:\Program Files\Crawler\WSGData\wfilter.dat
F:\Program Files\rhcrndj0e1fl
F:\Program Files\Search Settings
F:\Program Files\Search Settings\kb127\SearchSettings.dll
F:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
F:\Program Files\Search Settings\SearchSettings.exe
F:\WINDOWS\system32\blphcvndj0e1fl.scr\
F:\WINDOWS\system32\lphcvndj0e1fl.exe\
F:\WINDOWS\system32\phcvndj0e1fl.bmp\
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-19 17:48 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 09:39 . 2008-06-19 17:47 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 15:27 . 2008-06-26 15:32 <REP> d-------- F:\Program Files\Trojan Remover
2008-06-26 15:27 . 2008-06-26 15:27 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-06-26 15:27 . 2003-02-02 19:06 153,088 --a------ F:\WINDOWS\system32\UNRAR3.dll
2008-06-26 15:27 . 2002-03-06 00:00 75,264 --a------ F:\WINDOWS\system32\unacev2.dll
2008-06-26 15:05 . 2008-06-26 15:05 109,056 --a------ F:\WINDOWS\system32\lphcvndj0e1fl.exe
2008-06-26 15:05 . 2008-06-26 15:08 90,838 --a------ F:\WINDOWS\system32\phcvndj0e1fl.bmp
2008-06-26 15:05 . 2008-06-26 15:08 60,928 --a------ F:\WINDOWS\system32\blphcvndj0e1fl.scr
2008-06-25 17:28 . 1997-02-27 06:00 94,992 --a------ F:\WINDOWS\system32\VB5FR.DLL
2008-06-25 17:28 . 1997-09-24 22:46 89,600 --a------ F:\WINDOWS\system32\Grid32.OCX
2008-06-25 17:28 . 2001-05-19 18:47 31,744 --a------ F:\WINDOWS\system32\Grid32.oca
2008-06-21 09:11 . 2008-06-21 09:34 <REP> d-------- F:\Program Files\PMSSAARI
2008-06-11 11:17 . 2008-06-11 11:17 0 --a------ F:\1D.tmp
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\WINDOWS\Crystal
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\Program Files\Seagate Software
2008-06-11 08:27 . 2008-06-11 08:27 <REP> d-------- F:\Program Files\MapInfo MapX
2008-06-10 09:10 . 2008-06-10 09:10 <REP> d-------- F:\MySQLpb
2008-06-07 08:09 . 2004-08-04 00:54 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-06-06 11:57 . 2001-03-17 20:34 22,528 --a------ F:\WINDOWS\system32\WNASPI32.DLL
2008-06-06 11:57 . 2002-07-17 08:05 16,512 --a------ F:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-06 11:56 . 2008-06-06 11:56 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\AVS4YOU
2008-06-06 11:55 . 2008-06-06 11:55 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2008-06-06 11:55 . 2006-03-03 10:02 658,432 --a------ F:\WINDOWS\system32\cc3270mt.dll
2008-06-06 11:55 . 2002-01-05 15:40 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-06-06 11:55 . 2003-05-21 13:50 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-06-06 11:47 . 2008-06-26 15:30 <REP> d-------- F:\Program Files\Fx Audio Conveter
2008-06-06 11:15 . 2008-06-06 11:15 33,846 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2008-06-06 11:15 . 2008-06-06 11:15 3,311 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2008-06-06 10:44 . 2005-02-24 14:10 2,084,864 --a------ F:\WINDOWS\system32\AudDesign.dll
2008-06-06 10:44 . 2005-03-11 19:37 1,986,560 --a------ F:\WINDOWS\system32\AudFile.dll
2008-06-06 10:44 . 2005-02-24 14:11 1,212,416 --a------ F:\WINDOWS\system32\AudioInfos.dll
2008-06-06 10:44 . 2005-02-24 14:11 479,232 --a------ F:\WINDOWS\system32\AudioVisu.dll
2008-06-06 10:44 . 2005-02-24 17:21 458,752 --a------ F:\WINDOWS\system32\AudPlayer.dll
2008-06-06 10:44 . 2005-03-10 18:00 454,656 --a------ F:\WINDOWS\system32\AudioRecord.dll
2008-06-06 10:44 . 2005-02-24 14:10 417,792 --a------ F:\WINDOWS\system32\AudDisplay.dll
2008-06-06 10:44 . 2005-02-24 13:51 348,160 --a------ F:\WINDOWS\system32\WMAFile.dll
2008-06-06 10:44 . 2005-01-10 14:54 116,296 --a------ F:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Program Files\Illustrate
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AccurateRip
2008-06-06 10:01 . 2008-06-06 11:15 133,632 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité\Application Data\AVG7
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:51 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-27 10:30 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\AVG7
2008-06-27 07:07 --------- d---a-w F:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-26 14:29 --------- d-----w F:\Program Files\ABAEnglishCourse
2008-06-21 08:34 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-06-21 08:34 --------- d-----w F:\Program Files\Fichiers communs\SAGE
2008-06-21 08:08 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-06-13 10:43 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\MySQL
2008-06-11 06:49 --------- d-----w F:\Program Files\MyFOGESCO
2008-06-11 06:48 74,752 ----a-w F:\WINDOWS\ST6UNST.EXE
2008-06-11 06:48 290,816 ------w F:\WINDOWS\Setup1.exe
2008-06-11 06:47 --------- d-----w F:\Program Files\MyMAJDB
2008-05-23 08:09 --------- d-----w F:\Program Files\Boson Software
2008-04-29 18:38 --------- d-----w F:\Program Files\Organizer
2008-04-29 18:34 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Konrad Papala
2008-04-25 06:45 499,712 ----a-w F:\WINDOWS\system32\msvcp71.dll
2008-04-25 06:45 348,160 ----a-w F:\WINDOWS\system32\msvcr71.dll
2008-04-16 18:57 37,888 ----a-w F:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_16.34.31,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 07:06:03 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-27 15:50:07 2,048 --s-a-w F:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2002-05-14 20:29 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2002-05-14 20:20 114688]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-02-26 15:33 146432]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 10:30 579584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 07:45 219136]
F:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-13 20:39:45 69632]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2008-05-15 07:54:16 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-03-16 13:44 296544 F:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Serveur Sage;Serveur Sage;F:\WINDOWS\system32\CBASE.EXE [2001-05-04 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;F:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:13:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"G:\MySQL\Server\bin\mysqld-nt\" --defaults-file=\"G:\MySQL\Server\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-27 17:15:16
ComboFix-quarantined-files.txt 2008-06-27 16:15:05
ComboFix2.txt 2008-06-27 15:35:26
Pre-Run: 1,571,508,224 octets libres
Post-Run: 1,561,436,160 octets libres
271 --- E O F --- 2008-03-11 20:36:36
rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:14, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\LOGICIELS\UTILITAIRES\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
--
End of file - 6992 bytes
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 27 Juin 2008 20:26
Je me suis gourré de catégorie sur ces fichiers, passe un 2eme script (même façon de faire) avec ce contenu :
Poste le rapport obtenu stp, et un autre HijackThis.
File::
F:\WINDOWS\system32\lphcvndj0e1fl.exe
F:\WINDOWS\system32\phcvndj0e1fl.bmp
F:\WINDOWS\system32\blphcvndj0e1fl.scr
Poste le rapport obtenu stp, et un autre HijackThis.
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 27 Juin 2008 21:44
rapport combo..
ComboFix 08-06-20.4 - Administrateur 2008-06-27 20:35:08.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.514 [GMT 1:00]
Endroit: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: F:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
F:\WINDOWS\system32\blphcvndj0e1fl.scr
F:\WINDOWS\system32\lphcvndj0e1fl.exe
F:\WINDOWS\system32\phcvndj0e1fl.bmp
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\WINDOWS\system32\blphcvndj0e1fl.scr
F:\WINDOWS\system32\lphcvndj0e1fl.exe
F:\WINDOWS\system32\phcvndj0e1fl.bmp
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-19 17:48 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 09:39 . 2008-06-19 17:47 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 15:27 . 2008-06-26 15:32 <REP> d-------- F:\Program Files\Trojan Remover
2008-06-26 15:27 . 2008-06-26 15:27 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-06-26 15:27 . 2003-02-02 19:06 153,088 --a------ F:\WINDOWS\system32\UNRAR3.dll
2008-06-26 15:27 . 2002-03-06 00:00 75,264 --a------ F:\WINDOWS\system32\unacev2.dll
2008-06-25 17:28 . 1997-02-27 06:00 94,992 --a------ F:\WINDOWS\system32\VB5FR.DLL
2008-06-25 17:28 . 1997-09-24 22:46 89,600 --a------ F:\WINDOWS\system32\Grid32.OCX
2008-06-25 17:28 . 2001-05-19 18:47 31,744 --a------ F:\WINDOWS\system32\Grid32.oca
2008-06-21 09:11 . 2008-06-21 09:34 <REP> d-------- F:\Program Files\PMSSAARI
2008-06-11 11:17 . 2008-06-11 11:17 0 --a------ F:\1D.tmp
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\WINDOWS\Crystal
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\Program Files\Seagate Software
2008-06-11 08:27 . 2008-06-11 08:27 <REP> d-------- F:\Program Files\MapInfo MapX
2008-06-10 09:10 . 2008-06-10 09:10 <REP> d-------- F:\MySQLpb
2008-06-07 08:09 . 2004-08-04 00:54 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-06-06 11:57 . 2001-03-17 20:34 22,528 --a------ F:\WINDOWS\system32\WNASPI32.DLL
2008-06-06 11:57 . 2002-07-17 08:05 16,512 --a------ F:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-06 11:56 . 2008-06-06 11:56 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\AVS4YOU
2008-06-06 11:55 . 2008-06-06 11:55 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2008-06-06 11:55 . 2006-03-03 10:02 658,432 --a------ F:\WINDOWS\system32\cc3270mt.dll
2008-06-06 11:55 . 2002-01-05 15:40 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-06-06 11:55 . 2003-05-21 13:50 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-06-06 11:47 . 2008-06-26 15:30 <REP> d-------- F:\Program Files\Fx Audio Conveter
2008-06-06 11:15 . 2008-06-06 11:15 33,846 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2008-06-06 11:15 . 2008-06-06 11:15 3,311 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2008-06-06 10:44 . 2005-02-24 14:10 2,084,864 --a------ F:\WINDOWS\system32\AudDesign.dll
2008-06-06 10:44 . 2005-03-11 19:37 1,986,560 --a------ F:\WINDOWS\system32\AudFile.dll
2008-06-06 10:44 . 2005-02-24 14:11 1,212,416 --a------ F:\WINDOWS\system32\AudioInfos.dll
2008-06-06 10:44 . 2005-02-24 14:11 479,232 --a------ F:\WINDOWS\system32\AudioVisu.dll
2008-06-06 10:44 . 2005-02-24 17:21 458,752 --a------ F:\WINDOWS\system32\AudPlayer.dll
2008-06-06 10:44 . 2005-03-10 18:00 454,656 --a------ F:\WINDOWS\system32\AudioRecord.dll
2008-06-06 10:44 . 2005-02-24 14:10 417,792 --a------ F:\WINDOWS\system32\AudDisplay.dll
2008-06-06 10:44 . 2005-02-24 13:51 348,160 --a------ F:\WINDOWS\system32\WMAFile.dll
2008-06-06 10:44 . 2005-01-10 14:54 116,296 --a------ F:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Program Files\Illustrate
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AccurateRip
2008-06-06 10:01 . 2008-06-06 11:15 133,632 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité\Application Data\AVG7
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 16:52 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-27 10:30 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\AVG7
2008-06-27 07:07 --------- d---a-w F:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-26 14:29 --------- d-----w F:\Program Files\ABAEnglishCourse
2008-06-21 08:34 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-06-21 08:34 --------- d-----w F:\Program Files\Fichiers communs\SAGE
2008-06-21 08:08 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-06-13 10:43 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\MySQL
2008-06-11 06:49 --------- d-----w F:\Program Files\MyFOGESCO
2008-06-11 06:48 74,752 ----a-w F:\WINDOWS\ST6UNST.EXE
2008-06-11 06:48 290,816 ------w F:\WINDOWS\Setup1.exe
2008-06-11 06:47 --------- d-----w F:\Program Files\MyMAJDB
2008-05-23 08:09 --------- d-----w F:\Program Files\Boson Software
2008-04-29 18:38 --------- d-----w F:\Program Files\Organizer
2008-04-29 18:34 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Konrad Papala
2008-04-25 06:45 499,712 ----a-w F:\WINDOWS\system32\msvcp71.dll
2008-04-25 06:45 348,160 ----a-w F:\WINDOWS\system32\msvcr71.dll
2008-04-16 18:57 37,888 ----a-w F:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_16.34.31,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 07:06:03 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-27 15:50:07 2,048 --s-a-w F:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2002-05-14 20:29 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2002-05-14 20:20 114688]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-02-26 15:33 146432]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 10:30 579584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 07:45 219136]
F:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-13 20:39:45 69632]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2008-05-15 07:54:16 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-03-16 13:44 296544 F:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Serveur Sage;Serveur Sage;F:\WINDOWS\system32\CBASE.EXE [2001-05-04 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;F:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 20:37:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"G:\MySQL\Server\bin\mysqld-nt\" --defaults-file=\"G:\MySQL\Server\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-27 20:39:19
ComboFix-quarantined-files.txt 2008-06-27 19:39:07
ComboFix2.txt 2008-06-27 16:15:17
ComboFix3.txt 2008-06-27 15:35:26
Pre-Run: 907,034,624 octets libres
Post-Run: 914,378,752 octets libres
165 --- E O F --- 2008-03-11 20:36:36
ComboFix 08-06-20.4 - Administrateur 2008-06-27 20:35:08.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.514 [GMT 1:00]
Endroit: F:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: F:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
F:\WINDOWS\system32\blphcvndj0e1fl.scr
F:\WINDOWS\system32\lphcvndj0e1fl.exe
F:\WINDOWS\system32\phcvndj0e1fl.bmp
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\WINDOWS\system32\blphcvndj0e1fl.scr
F:\WINDOWS\system32\lphcvndj0e1fl.exe
F:\WINDOWS\system32\phcvndj0e1fl.bmp
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-27 09:39 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-27 09:39 . 2008-06-19 17:48 34,296 --a------ F:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 09:39 . 2008-06-19 17:47 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 15:27 . 2008-06-26 15:32 <REP> d-------- F:\Program Files\Trojan Remover
2008-06-26 15:27 . 2008-06-26 15:27 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-06-26 15:27 . 2003-02-02 19:06 153,088 --a------ F:\WINDOWS\system32\UNRAR3.dll
2008-06-26 15:27 . 2002-03-06 00:00 75,264 --a------ F:\WINDOWS\system32\unacev2.dll
2008-06-25 17:28 . 1997-02-27 06:00 94,992 --a------ F:\WINDOWS\system32\VB5FR.DLL
2008-06-25 17:28 . 1997-09-24 22:46 89,600 --a------ F:\WINDOWS\system32\Grid32.OCX
2008-06-25 17:28 . 2001-05-19 18:47 31,744 --a------ F:\WINDOWS\system32\Grid32.oca
2008-06-21 09:11 . 2008-06-21 09:34 <REP> d-------- F:\Program Files\PMSSAARI
2008-06-11 11:17 . 2008-06-11 11:17 0 --a------ F:\1D.tmp
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\WINDOWS\Crystal
2008-06-11 08:27 . 2008-06-11 08:28 <REP> d-------- F:\Program Files\Seagate Software
2008-06-11 08:27 . 2008-06-11 08:27 <REP> d-------- F:\Program Files\MapInfo MapX
2008-06-10 09:10 . 2008-06-10 09:10 <REP> d-------- F:\MySQLpb
2008-06-07 08:09 . 2004-08-04 00:54 221,184 --a------ F:\WINDOWS\system32\wmpns.dll
2008-06-06 11:57 . 2001-03-17 20:34 22,528 --a------ F:\WINDOWS\system32\WNASPI32.DLL
2008-06-06 11:57 . 2002-07-17 08:05 16,512 --a------ F:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-06 11:56 . 2008-06-06 11:56 <REP> d-------- F:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:55 . 2008-06-06 12:00 <REP> d-------- F:\Program Files\AVS4YOU
2008-06-06 11:55 . 2008-06-06 11:55 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2008-06-06 11:55 . 2006-03-03 10:02 658,432 --a------ F:\WINDOWS\system32\cc3270mt.dll
2008-06-06 11:55 . 2002-01-05 15:40 487,424 --a------ F:\WINDOWS\system32\msvcp70.dll
2008-06-06 11:55 . 2003-05-21 13:50 24,576 --a------ F:\WINDOWS\system32\msxml3a.dll
2008-06-06 11:47 . 2008-06-26 15:30 <REP> d-------- F:\Program Files\Fx Audio Conveter
2008-06-06 11:15 . 2008-06-06 11:15 33,846 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.bmp
2008-06-06 11:15 . 2008-06-06 11:15 3,311 --a------ F:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2008-06-06 10:44 . 2005-02-24 14:10 2,084,864 --a------ F:\WINDOWS\system32\AudDesign.dll
2008-06-06 10:44 . 2005-03-11 19:37 1,986,560 --a------ F:\WINDOWS\system32\AudFile.dll
2008-06-06 10:44 . 2005-02-24 14:11 1,212,416 --a------ F:\WINDOWS\system32\AudioInfos.dll
2008-06-06 10:44 . 2005-02-24 14:11 479,232 --a------ F:\WINDOWS\system32\AudioVisu.dll
2008-06-06 10:44 . 2005-02-24 17:21 458,752 --a------ F:\WINDOWS\system32\AudPlayer.dll
2008-06-06 10:44 . 2005-03-10 18:00 454,656 --a------ F:\WINDOWS\system32\AudioRecord.dll
2008-06-06 10:44 . 2005-02-24 14:10 417,792 --a------ F:\WINDOWS\system32\AudDisplay.dll
2008-06-06 10:44 . 2005-02-24 13:51 348,160 --a------ F:\WINDOWS\system32\WMAFile.dll
2008-06-06 10:44 . 2005-01-10 14:54 116,296 --a------ F:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Program Files\Illustrate
2008-06-06 10:01 . 2008-06-06 10:01 <REP> d-------- F:\Documents and Settings\Administrateur\Application Data\AccurateRip
2008-06-06 10:01 . 2008-06-06 11:15 133,632 --a------ F:\WINDOWS\system32\SpoonUninstall.exe
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Favoris
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-02-26 15:37 <REP> d-------- F:\Documents and Settings\Invité\Bureau
2008-06-02 07:17 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité\Application Data\AVG7
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage réseau
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:37 <REP> d--h----- F:\Documents and Settings\Invité\Voisinage d'impression
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-02-26 15:04 <REP> d--h----- F:\Documents and Settings\Invité\Modèles
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-06-02 07:17 <REP> dr------- F:\Documents and Settings\Invité\Mes documents
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-02-26 15:37 <REP> dr------- F:\Documents and Settings\Invité\Menu Démarrer
2008-06-02 07:16 . 2008-06-02 07:17 <REP> d-------- F:\Documents and Settings\Invité
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 16:52 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Skype
2008-06-27 10:30 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\AVG7
2008-06-27 07:07 --------- d---a-w F:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-26 14:29 --------- d-----w F:\Program Files\ABAEnglishCourse
2008-06-21 08:34 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-06-21 08:34 --------- d-----w F:\Program Files\Fichiers communs\SAGE
2008-06-21 08:08 --------- d-----w F:\Program Files\Fichiers communs\InstallShield
2008-06-13 10:43 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\MySQL
2008-06-11 06:49 --------- d-----w F:\Program Files\MyFOGESCO
2008-06-11 06:48 74,752 ----a-w F:\WINDOWS\ST6UNST.EXE
2008-06-11 06:48 290,816 ------w F:\WINDOWS\Setup1.exe
2008-06-11 06:47 --------- d-----w F:\Program Files\MyMAJDB
2008-05-23 08:09 --------- d-----w F:\Program Files\Boson Software
2008-04-29 18:38 --------- d-----w F:\Program Files\Organizer
2008-04-29 18:34 --------- d-----w F:\Documents and Settings\Administrateur\Application Data\Konrad Papala
2008-04-25 06:45 499,712 ----a-w F:\WINDOWS\system32\msvcp71.dll
2008-04-25 06:45 348,160 ----a-w F:\WINDOWS\system32\msvcr71.dll
2008-04-16 18:57 37,888 ----a-w F:\WINDOWS\system32\rar.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_16.34.31,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 07:06:03 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-27 15:50:07 2,048 --s-a-w F:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Yahoo! Pager"="F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2002-05-14 20:29 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2002-05-14 20:20 114688]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-02-26 15:33 146432]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-25 10:30 579584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"AVG7_Run"="F:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-25 07:45 219136]
F:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-03-13 20:39:45 69632]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2008-05-15 07:54:16 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-03-16 13:44 296544 F:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Serveur Sage;Serveur Sage;F:\WINDOWS\system32\CBASE.EXE [2001-05-04 09:51]
S3 ASPI;Advanced SCSI Programming Interface Driver;F:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 20:37:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"G:\MySQL\Server\bin\mysqld-nt\" --defaults-file=\"G:\MySQL\Server\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-27 20:39:19
ComboFix-quarantined-files.txt 2008-06-27 19:39:07
ComboFix2.txt 2008-06-27 16:15:17
ComboFix3.txt 2008-06-27 15:35:26
Pre-Run: 907,034,624 octets libres
Post-Run: 914,378,752 octets libres
165 --- E O F --- 2008-03-11 20:36:36
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 27 Juin 2008 21:46
Bien. Ca doit aller mieux, non ?
Ajoute un rapport HijackThis stp.
Ajoute un rapport HijackThis stp.
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
Re: desinfection et demandes d'analyses
par luis roni » 28 Juin 2008 09:11
oui c'est bon ! voila de nouveau hit....
merci surtout pour la disponibilité!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:24, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\LimeWire\LimeWire.exe
E:\LOGICIELS\UTILITAIRES\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
--
End of file - 7030 bytes
merci surtout pour la disponibilité!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:24, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
G:\MySQL\Server\bin\mysqld-nt.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\CBASE.EXE
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
F:\Program Files\SuperCopier2\SuperCopier2.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\LimeWire\LimeWire.exe
E:\LOGICIELS\UTILITAIRES\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD26E6A1-03B9-4F1A-BB6A-70ECA2EF2C26}: NameServer = 217.12.180.19,81.199.0.36,66.178.2.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - G:\MySQL\Server\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Serveur Sage - Sage - F:\WINDOWS\system32\CBASE.EXE
--
End of file - 7030 bytes
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par luis roni » 28 Juin 2008 12:43
bonjour je reviens juste signaler la lenteur du poste ! je sais pas si il ya une recette pour memedier....
merci d'avance
merci d'avance
-
luis roni - Messages: 25
- Inscription: 26 Juin 2008 18:14
Re: desinfection et demandes d'analyses
par Falkra » 28 Juin 2008 14:51
Je ne sais pas si c'est lié, on va déjà shooter les entrées inactives des infections dont on a viré les fichiers.
Relance HijackThis, coche ces lignes et fais "fix checked" en bas à gauche :
Tu as 3 DNS, un en Italie, un en Israel et un aux USA. C'est voulu ?
Si la machine n'es dans aucun de ces trois pays, ça doit ralentir la connexion.
Relance HijackThis, coche ces lignes et fais "fix checked" en bas à gauche :
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - F:\PROGRA~1\Crawler\ctbr.dll (file missing)
Tu as 3 DNS, un en Italie, un en Israel et un aux USA. C'est voulu ?
Si la machine n'es dans aucun de ces trois pays, ça doit ralentir la connexion.
-
Falkra - Admin libellules.ch
- Messages: 24461
- Inscription: 30 Jan 2005 14:44
- Localisation: 127.0.0.1
17 messages
• Page 1 sur 1
Retourner vers Désinfections et demandes d'analyse
Qui est en ligne
Utilisateurs parcourant ce forum: chirac et 2 invités
A consulter aussi : The Site Oueb - Forum ADSL - Tutoriels vidéo - Annuaire phpBB SEO - Windows 7 - Windows Vista
