no save
Identification
Assistance
Achat
News

Forum | virus/sécurité
HIjackthis
CaptainZack, le dim. 23 nov. 2008 à 12:43:05
OUla, donc apparemment je suis encore infecter par CID ?

Rapport de SmitFraud :

SmitFraudFix v2.376

Rapport fait à 11:48:58,10, 23/11/2008
Executé à partir de C:\Documents and Settings\waelkens\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 preymaster.humanhead.com
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\config.ini supprimé
C:\WINDOWS\Tasks\At?.job supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C2132D90-9662-445E-ADDC-1CE46A312C21}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB6DEAFC-9202-4679-8981-772AF369289F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5117914C-15EB-4FDF-854E-08858678B038}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB6DEAFC-9202-4679-8981-772AF369289F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5117914C-15EB-4FDF-854E-08858678B038}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FB6DEAFC-9202-4679-8981-772AF369289F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FB6DEAFC-9202-4679-8981-772AF369289F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin











---------------------------------------------------------------------------------------






Rapport Combofix :



omboFix 08-11-22.02 - waelkens 2008-11-23 12:31:46.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.587 [GMT 1:00]
Lancé depuis: d:\iso\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\waelkens\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\setup.inf
c:\windows\ktd32.atm
c:\windows\system32\Bank.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\tdssadw.dll
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\tdssl.dll
c:\windows\system32\tdsslog.dll
c:\windows\system32\tdssmain.dll
c:\windows\system32\tdssserf.dll
c:\windows\system32\tdssserf1.dll
c:\windows\system32\tdssservers.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.

2008-11-22 19:33 . 2008-11-23 11:49 3,820 --a------ c:\windows\system32\tmp.reg
2008-11-22 19:32 . 2008-11-22 19:34 <REP> d-------- c:\documents and settings\waelkens\SmitfraudFix
2008-11-22 19:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 19:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 19:32 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-22 19:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-22 19:32 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-22 19:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 19:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 19:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 17:11 . 2008-11-22 17:11 <REP> d-------- C:\rsit
2008-11-22 16:56 . 2008-11-22 17:04 <REP> d-------- c:\program files\Navilog1
2008-11-22 03:26 . 2008-11-22 03:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 17:42 . 2008-11-21 17:42 <REP> d-------- C:\Logs
2008-11-20 09:56 . 2008-11-20 09:56 <REP> d-------- c:\program files\Lavasoft
2008-11-20 09:56 . 2008-11-20 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 20:56 . 2008-11-20 15:41 <REP> d-------- c:\program files\adslTV
2008-11-16 20:56 . 2008-11-16 20:56 <REP> d-------- c:\documents and settings\waelkens\Application Data\vlc
2008-11-15 18:27 . 2008-11-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-14 22:24 . 2008-11-14 22:24 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 17:46 . 2008-11-13 17:46 <REP> d-------- c:\documents and settings\waelkens\OngameNetwork
2008-11-11 08:36 . 2008-11-11 08:36 <REP> d-------- C:\Medion
2008-11-02 08:25 . 2008-11-02 08:25 2,425 --ah----- C:\mxfilerelatedcache.mxc2
2008-11-02 08:25 . 2008-11-02 08:25 1,520 --a------ C:\yannickk_1.avd
2008-10-25 12:55 . 2008-10-25 12:55 86,016 --a------ C:\yannickk.ifo
2008-10-25 12:55 . 2008-10-25 12:55 161 --a------ C:\yannickk.rpk
2008-10-25 12:55 . 2008-10-25 12:55 19 --a------ C:\yannickk.lst
2008-10-25 12:50 . 2008-10-25 12:55 555,194,368 --a------ C:\yannickk_1.vob
2008-10-24 19:03 . 2008-10-24 19:03 0 --a------ c:\windows\DXT108.tmp
2008-10-24 19:03 . 2008-10-24 19:03 0 --a------ c:\windows\DXT107.tmp
2008-10-24 19:03 . 2008-10-24 19:03 0 --a------ c:\windows\DXT106.tmp
2008-10-24 19:03 . 2008-10-24 19:03 0 --a------ c:\windows\DXT105.tmp
2008-10-24 19:03 . 2008-10-24 19:03 0 --a------ c:\windows\DXT104.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 11:31 --------- d-----w c:\program files\Wanadoo
2008-11-23 10:54 --------- d-----w c:\documents and settings\waelkens\Application Data\Skype
2008-11-23 08:15 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2008-11-22 18:33 5,632 -csha-w c:\program files\Thumbs.db
2008-11-21 10:39 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 10:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 14:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Orbit
2008-11-20 08:56 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-20 08:51 --------- d-----w c:\documents and settings\waelkens\Application Data\Lavasoft
2008-11-17 14:35 46,162 ----a-w c:\documents and settings\waelkens\Application Data\wklnhst.dat
2008-11-14 22:20 --------- d-----w c:\program files\DivX
2008-11-07 21:22 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-05 18:00 --------- d-----w c:\documents and settings\waelkens\Application Data\uTorrent
2008-11-05 11:23 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 12:41 --------- d-----w c:\program files\RomStation
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:16 --------- d-----w c:\program files\Morgan
2008-10-18 12:22 209,636 ----a-w c:\windows\IPUI_DivXG400.exe
2008-10-18 12:20 --------- d-----w c:\program files\Rippackv3
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 12:51 --------- d-----w c:\documents and settings\waelkens\Application Data\FileZilla
2008-10-16 10:52 --------- d-----w c:\documents and settings\waelkens\Application Data\Apple Computer
2008-10-15 17:08 --------- d-----w c:\program files\DaemonTools_WhenUSave_Installer
2008-10-15 17:07 --------- d-----w c:\program files\Kodak
2008-10-15 16:40 --------- d-----w c:\program files\eRightSoft
2008-10-15 15:49 --------- d-----w c:\program files\BitComet
2008-10-15 09:49 --------- d-----w c:\program files\iTunes
2008-10-15 09:49 --------- d-----w c:\program files\iPod
2008-10-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 09:48 --------- d-----w c:\program files\Bonjour
2008-10-15 09:47 --------- d-----w c:\program files\QuickTime
2008-10-15 09:46 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-15 09:44 --------- d-----w c:\program files\Apple Software Update
2008-10-02 14:49 --------- d-----w c:\program files\Warcraft III
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:30 98,304 ----a-w c:\windows\DUMPc8fd.tmp
2008-09-30 14:28 98,304 ----a-w c:\windows\DUMP3718.tmp
2008-09-28 06:41 --------- d-----w c:\program files\Combined Community Codec Pack
2008-09-26 13:44 --------- d-----w c:\documents and settings\waelkens\Application Data\Dev-Cpp
2008-09-26 13:02 --------- d-----w c:\documents and settings\waelkens\Application Data\codeblocks
2008-09-26 11:56 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-09-26 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-24 09:14 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-23 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-09-23 17:48 --------- d-----w c:\program files\Guitar Pro 5
2008-09-23 17:48 --------- d-----w c:\program files\Garena
2008-09-23 17:47 --------- d-----w c:\program files\Sports Interactive
2008-09-23 17:46 --------- d-----w c:\program files\eMule
2008-09-23 14:47 --------- d-----w c:\program files\Dofus
2008-09-19 21:55 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-06-09 08:26 85,944 -c--a-w c:\documents and settings\waelkens\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 14:15 47,360 -c--a-w c:\documents and settings\waelkens\Application Data\pcouffin.sys
2007-05-21 11:11 47 -c--a-w c:\documents and settings\waelkens\fixsize.cmd
2007-04-04 20:30 95,232 -c--a-w c:\documents and settings\waelkens\filechop.exe
2007-03-08 23:10 18,690 -c--a-w c:\documents and settings\waelkens\make-multi.exe
2007-02-25 12:00 1 -c--a-w c:\documents and settings\waelkens\SI.bin
2006-07-28 08:30 88,102 -c--a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 -c--a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 -c--a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 -c--a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 -c--a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 -c--a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 -c--a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 -c--a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 -c--a-w c:\program files\DSETUP.dll
2006-06-05 23:07 31 -c----w c:\documents and settings\waelkens\getfile.dat
2006-05-31 05:39 181,745 -c----w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 -c----w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-16 13:05 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-01-25 16:24 8 -csh--r c:\windows\system32\F2A38CDCBF.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2005-01-25 16:24 5,744 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"SteamKeyFr"="c:\program files\SteamKeyFr\SteamKeyFr.exe" [2004-01-28 212992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25367592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"TrueDownloaderAutoStart"="c:\program files\TrueDownloader\TrueDownloader.exe" [2005-02-20 520258]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="d:\program files\Valve\Steam\Steam.exe" [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="f:\soirée pétanque\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2007-03-18 1187840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2007-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\waelkens\\Bureau\\yannicl\\programme C C++\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft
"4670:TCP"= 4670:TCP:emule port
"4671:UDP"= 4671:UDP:emule portudp
"3724:TCP"= 3724:TCP:BLIZZARD

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-30 78416]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-05-01 4484]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-30 20560]
R2 UxTuneUp;Extension de conception TuneUp;c:\windows\System32\svchost.exe -k netsvcs [2005-01-20 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-02-05 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-01-20 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-01-20 19928]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys []
S3 AIDA32Driver;AIDA32Driver;\??\c:\program files\AIDA32 - Personal System Information\aida32.sys [2004-02-23 3584]
S3 CardReaderFilter;Card Reader Filter;\??\c:\windows\system32\Drivers\USBCRFT.SYS [2005-01-20 17408]
S3 lac97inf;lac97inf;\??\c:\docume~1\waelkens\LOCALS~1\Temp\lac97inf.sys []
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2007-01-10 274567]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac68d9a-f886-11da-a67e-001109df929d}]
\Shell\AutoRun\command - L:\PreyStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd32168-dd23-11db-a8d2-001109df929d}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925fa382-1aac-11db-a6cd-001109df929d}]
\Shell\AutoRun\command - M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5651a3-8e67-11da-a58f-001109df929d}]
\Shell\AutoRun\command - livebox.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-23 c:\windows\Tasks\AF65D5EA91324F1E.job
- c:\docume~1\waelkens\applic~1\cdromw~1\BLEH LITE BAIT.exe []

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 06:27]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-M1000Mnt - M1000Rmv.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\waelkens\Application Data\Mozilla\Firefox\Profiles\vrvfhw56.default\
FF -: plugin - c:\documents and settings\waelkens\Application Data\Mozilla\Firefox\Profiles\vrvfhw56.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 12:33:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TrueDownloaderAutoStart = c:\program files\TrueDownloader\TrueDownloader.exe /silent??????????????&?O?p?t?i?o?n?s???i?e?r?????????????????P?a?n?i?e?r???s?i?o?n? ?:???????????????M?o?t? ?d?e? ?p?a?s?s?e?:???????????????h?e?u?r?e?(?s?)?????a?i?s???????????????S?u?p?p?r?.? ?U?R?L???e

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
Heure de fin: 2008-11-23 12:35:07
ComboFix-quarantined-files.txt 2008-11-23 11:34:36

Avant-CF: 7 907 942 400 octets libres
Après-CF: 7,916,593,152 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

324 --- E O F --- 2008-11-14 21:24:20
PrécédentLyonnais92
nov. 08
Lyonnais92
nov. 08
Suivant
REPONSES
Lyonnais92
nov. 08
CaptainZack
nov. 08
CaptainZack
nov. 08
CaptainZack
nov. 08
CaptainZack
nov. 08
Lyonnais92
nov. 08
CaptainZack
nov. 08
Lyonnais92
nov. 08
CaptainZack
nov. 08
Lyonnais92
nov. 08
Version Web
Mentions légales (c)2009
Réalisé par RedShift
no save