S'abonner :

Newsletters

Magazines

01men.

Avis sur les produits

Avis sur les logiciels

Avis sur les jeux

Actualités

A propos de 01net

144 utilisateurs connectés

Forum de 01net / Sécurité / TROJANS

TROJANS

fredosborne le 10 juin 2009 à 18h31

:Bonjour a tous voila je viens de chopper un virus ou trojan donc j ai procédé par un scan avec combofix j ai le rapport mais pour moi c est du charabia...y a t il quelqu un pour m aider voila le rapport d analyse...
.
ComboFix 09-06-09.06 - Administrateur 10/06/2009 14:30.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1426 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.COMPUTER\Bureau\saloperie24.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\windows\system32\Drivers\bmuoxn.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_akqet

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-10 au 2009-06-10 ))))))))))))))))))))))))))))))))))))
.

2009-06-09 22:45 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-09 22:45 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-09 22:45 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-09 19:23 . 2009-06-10 12:28 -------- d-----w- c:\program files\a-squared Free
2009-06-09 18:55 . 2009-06-09 18:55 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\AVGTOOLBAR
2009-06-09 18:54 . 2009-06-09 18:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-09 18:50 . 2009-06-09 18:50 3371383 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 18:49 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 18:49 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 18:49 . 2009-06-09 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 09:49 . 2009-06-09 09:49 152576 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 22:35 . 2009-06-09 19:44 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\LimeWire
2009-06-08 22:30 . 2009-03-09 03:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-08 22:30 . 2009-06-09 09:52 -------- d-----w- c:\program files\Java
2009-06-08 22:30 . 2009-06-08 22:30 152576 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-08 22:30 . 2009-06-08 22:31 -------- d-----w- c:\program files\LimeWire
2009-06-08 21:46 . 2009-06-08 21:46 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Local Settings\Application Data\MLSofts
2009-06-08 21:44 . 2009-06-08 21:44 3774 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}\_752D62F47A90D0AF407072.exe
2009-06-08 21:44 . 2009-06-08 21:44 3774 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}\_1C95E64D6E8A7A5CD59C61.exe
2009-06-08 21:44 . 2009-06-08 21:44 2238 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}\_F81FBA7CA626EF34117858.exe
2009-06-08 21:44 . 2009-06-08 21:44 2238 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}\_B20F79C2D5CC8F74A13019.exe
2009-06-08 21:44 . 2009-06-08 21:44 2238 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}\_6FEFF9B68218417F98F549.exe
2009-06-08 21:44 . 2009-06-08 21:44 -------- d-----w- c:\program files\MLSofts
2009-06-08 12:16 . 2009-06-08 12:27 -------- d-----w- c:\program files\The Logo Creator v5
2009-06-08 12:14 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2009-06-08 12:13 . 2009-06-08 12:23 -------- d-----w- c:\program files\The Logo Creator v4
2009-06-07 15:08 . 2009-06-09 17:38 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\.gimp-2.2
2009-06-07 15:07 . 2009-06-07 15:09 -------- d-----w- c:\program files\GIMP-2.0
2009-06-07 15:06 . 2009-06-07 15:06 -------- d-----w- c:\program files\Fichiers communs\GTK
2009-06-04 16:15 . 2009-06-04 16:15 20480 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6\itstv.exe
2009-05-26 11:16 . 2009-05-26 11:16 20480 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5\itstv.exe
2009-05-24 17:14 . 2009-05-24 17:14 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-24 17:13 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-24 17:13 . 2009-05-24 17:13 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-23 10:25 . 2009-05-23 10:25 -------- d-----w- C:\Données Ciel
2009-05-22 13:27 . 2009-05-22 13:27 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EBP
2009-05-22 13:27 . 2009-05-22 13:27 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Comptabilité et Facturation
2009-05-22 13:22 . 2006-05-10 12:18 1929216 ----a-w- c:\windows\system32\cdintf250.dll
2009-05-22 13:22 . 2009-05-22 13:22 -------- d-----w- C:\EBP
2009-05-22 13:03 . 2009-05-22 13:03 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Local Settings\Application Data\EBP
2009-05-22 13:02 . 2009-05-22 23:39 -------- d-----w- c:\program files\EBP
2009-05-19 23:55 . 2009-05-19 23:55 0 ----a-w- c:\windows\nsreg.dat
2009-05-19 19:45 . 2009-05-19 19:45 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\DivX
2009-05-19 19:31 . 2009-01-04 10:35 31232 ----a-w- c:\windows\system\vdremote.dll
2009-05-19 19:31 . 2009-01-04 10:35 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-05-18 11:36 . 2001-03-26 22:00 53248 ----a-w- C:\gendel32.exe
2009-05-17 20:41 . 2009-05-17 20:41 20480 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.4\itstv.exe
2009-05-12 13:05 . 2009-05-12 13:05 20480 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
2009-05-11 20:58 . 2009-05-11 20:58 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\???????sAppData

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 22:53 . 2009-04-24 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-06-09 18:43 . 2009-01-30 13:31 -------- d-----w- c:\program files\ESET
2009-06-09 18:26 . 2009-04-25 14:03 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-09 18:25 . 2009-04-23 11:27 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-06-08 22:23 . 2009-01-30 22:14 -------- d-----w- c:\program files\eMule
2009-06-08 22:00 . 2009-02-21 23:16 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\dvdcss
2009-06-08 21:29 . 2009-04-20 19:35 -------- d-----w- c:\program files\AVS4YOU
2009-06-08 21:29 . 2009-04-20 19:36 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-05-30 08:31 . 2009-05-07 23:05 -------- d-----w- c:\program files\Shareware.Pro-FR
2009-05-24 18:22 . 2009-03-01 19:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-23 10:37 . 2009-04-21 13:22 -------- d-----w- c:\program files\VSO
2009-05-23 10:25 . 2009-05-23 10:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ciel
2009-05-23 10:23 . 2009-01-30 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 10:20 . 2009-05-23 10:20 40960 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut2_86399190A8D6415886C824080024A1F3.exe
2009-05-23 10:20 . 2009-05-23 10:20 40960 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\NewShortcut1_86399190A8D6415886C824080024A1F3.exe
2009-05-23 10:20 . 2009-05-23 10:20 40960 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Installer\{86399190-A8D6-4158-86C8-24080024A1F3}\ARPPRODUCTICON.exe
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\program files\Ciel
2009-05-23 10:20 . 2009-05-23 10:20 2232 ----a-w- c:\windows\java\Packages\Data\ZTF17RJ9.DAT
2009-05-23 10:20 . 2009-05-23 10:20 155995 ----a-w- c:\windows\java\Packages\0GXRZTVJ.ZIP
2009-05-23 10:20 . 2009-05-23 10:20 2678 ----a-w- c:\windows\java\Packages\Data\S97B135B.DAT
2009-05-23 10:20 . 2009-05-23 10:20 2678 ----a-w- c:\windows\java\Packages\Data\WBDNP3BT.DAT
2009-05-23 10:20 . 2009-05-23 10:20 2678 ----a-w- c:\windows\java\Packages\Data\X7VVFZLJ.DAT
2009-05-23 10:20 . 2009-05-23 10:20 2678 ----a-w- c:\windows\java\Packages\Data\SHV3P3FT.DAT
2009-05-23 10:20 . 2009-05-23 10:20 2678 ----a-w- c:\windows\java\Packages\Data\7J5NVJPV.DAT
2009-05-20 08:59 . 2009-02-05 22:56 -------- d-----w- c:\program files\DivX
2009-05-19 19:18 . 2009-04-09 15:26 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\VSO
2009-05-19 19:18 . 2009-04-21 13:22 47360 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\pcouffin.sys
2009-05-19 19:18 . 2009-04-21 13:22 47360 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\pcouffin.sys
2009-05-17 18:37 . 2009-01-30 22:23 -------- d-----w- c:\program files\Windows Live
2009-05-17 18:24 . 2009-02-22 13:33 86576 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-05-17 18:24 . 2009-02-22 13:33 392728 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-05-17 18:24 . 2009-02-22 13:33 132672 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-05-17 17:06 . 2009-01-30 11:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-16 18:40 . 2009-04-28 20:04 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\vlc
2009-05-14 19:49 . 2009-04-29 11:41 -------- d-----w- c:\program files\Fichiers communs\LightScribe
2009-05-12 18:06 . 2009-05-08 19:56 -------- d-----w- c:\program files\MediaCoder
2009-05-10 13:07 . 2009-02-22 00:14 -------- d-----w- c:\program files\HomePlayer
2009-05-08 14:01 . 2009-05-08 13:57 -------- d-----w- c:\program files\Ripp-it_AM
2009-05-08 13:58 . 2009-05-08 13:58 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-07 11:15 . 2009-05-06 20:29 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EoRezo
2009-05-06 20:29 . 2009-05-06 20:29 698903 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\EoRezo\SoftwareUpdate\unins000.exe
2009-05-06 10:12 . 2001-08-28 18:00 76732 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-06 10:12 . 2001-08-28 18:00 471578 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-05 23:53 . 2009-01-30 22:23 -------- d-----w- c:\program files\Microsoft
2009-05-05 23:53 . 2009-05-05 23:53 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-05-05 23:52 . 2009-05-05 23:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-05 23:51 . 2009-05-05 23:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-05 23:21 . 2009-05-05 23:21 -------- d-----w- c:\program files\Pegasys Inc
2009-05-05 23:20 . 2009-01-30 13:02 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-05-04 20:10 . 2009-05-04 20:10 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-04-30 22:02 . 2009-04-30 21:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-04-30 21:50 . 2009-04-24 22:45 -------- d-----w- c:\program files\Yahoo!
2009-04-30 18:19 . 2009-01-30 19:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-30 14:24 . 2009-04-30 13:59 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\DAEMON Tools Pro
2009-04-30 14:14 . 2009-04-30 14:11 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\DAEMON Tools Lite
2009-04-30 14:13 . 2009-04-30 14:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2009-04-30 14:11 . 2009-04-30 09:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-30 14:04 . 2009-04-30 13:59 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-04-30 13:01 . 2009-04-30 13:01 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-04-30 09:48 . 2009-04-30 09:48 -------- d-----w- c:\program files\Alcohol Soft
2009-04-27 11:14 . 2009-04-26 16:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2009-04-27 11:08 . 2009-04-26 16:58 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-04-26 18:08 . 2009-04-26 18:08 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Nero
2009-04-26 18:07 . 2009-04-26 18:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2009-04-26 18:04 . 2009-04-26 18:04 -------- d-----w- c:\program files\Ahead
2009-04-26 18:04 . 2009-02-21 13:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ahead
2009-04-26 16:58 . 2009-01-30 13:40 -------- d-----w- c:\program files\Nero
2009-04-26 11:46 . 2009-04-26 11:46 -------- d-----w- c:\program files\Hercules
2009-04-26 11:45 . 2009-04-26 11:45 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\InstallShield
2009-04-26 10:42 . 2009-04-25 12:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-26 10:19 . 2009-04-26 10:19 -------- d-----w- c:\program files\MSXML 4.0
2009-04-26 10:17 . 2009-04-25 17:43 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-25 22:11 . 2009-02-08 19:59 -------- d-----w- c:\program files\Google
2009-04-25 17:45 . 2009-04-25 17:45 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Windows Search
2009-04-25 14:03 . 2009-04-25 14:03 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\TuneUp Software
2009-04-25 14:03 . 2009-04-25 14:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software
2009-04-25 14:03 . 2009-04-25 14:03 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-25 12:28 . 2009-03-05 19:53 0 ----a-r- c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-04-25 05:14 . 2009-04-21 13:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Htm Support Bait Deaf
2009-04-24 22:43 . 2009-04-24 19:25 106 ----a-w- c:\windows\system32\jpg.dat
2009-04-24 19:07 . 2009-02-15 15:39 -------- d-----w- c:\program files\Secured IE
2009-04-24 16:18 . 2009-04-21 13:17 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\vghd
2009-04-24 16:18 . 2009-04-21 13:17 5 ----a-w- c:\windows\sbacknt.bin
2009-04-24 16:18 . 2009-04-21 13:17 152904 ----a-w- c:\windows\system32\vghd.scr
2009-04-23 12:32 . 2009-02-15 15:39 -------- d-----w- c:\program files\securedie
2009-04-23 12:10 . 2009-04-21 13:25 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\PLAN LICENSE
2009-04-22 23:41 . 2009-04-22 23:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-04-22 23:07 . 2009-04-22 23:07 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Malwarebytes
2009-04-22 23:07 . 2009-04-22 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-22 22:52 . 2009-04-22 22:52 -------- d-----w- c:\program files\microsoft frontpage
2009-04-21 14:32 . 2009-04-21 14:32 -------- d-----w- c:\program files\Fichiers communs\Scanner
2009-04-21 13:25 . 2009-04-21 13:25 -------- d-----w- c:\program files\PLAN LICENSE
2009-04-20 19:46 . 2009-04-20 19:45 1966080 ----a-w- c:\documents and settings\Administrateur.COMPUTER\Application Data\AVS4YOU\AVSUpdateManager\Downloads\AVSUpdate.AVSUpdateManager.exe
2009-04-20 19:45 . 2009-04-20 19:36 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\AVS4YOU
2009-04-20 19:36 . 2009-04-20 19:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-04-20 13:29 . 2009-04-16 19:50 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\ImTOO Software Studio
2009-04-16 19:25 . 2009-02-21 13:25 -------- d-----w- c:\documents and settings\Administrateur.COMPUTER\Application Data\Ahead
2009-03-30 13:51 . 2009-03-30 13:51 332 ----a-w- c:\windows\desctemp.dat
2009-03-19 09:44 . 2009-04-07 17:41 53248 ------w- c:\windows\system32\DrvMon.exe
2009-03-12 22:49 . 2009-02-27 00:18 737280 ----a-w- c:\windows\iun6002.exe
.

------- Sigcheck -------

[-] 2008-06-04 21:18 979968 D1EA0A366973ECA3E03F1ACBEFDA8F43 c:\windows\explorer.exe

[-] 2008-04-28 03:00 1571840 1697B0EFD4E0FF0181F70CB73F04A518 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-06-09_23.01.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 12:32 . 2009-06-10 12:32 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
2009-05-30 08:32 2094616 ----a-w- c:\program files\Shareware.Pro-FR\tbSha0.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LClock"="c:\windows\LSD\LClock\lclock.exe" [2004-09-19 65536]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2009-03-19 53248]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SoftwareHelper"="c:\documents and settings\Administrateur.COMPUTER\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-06-09 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"WinLSD_SP3"="c:\windows\LSD\end.cmd" [2008-06-17 9944]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [BU]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Administrateur.COMPUTER\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-3-5 0]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
WiFi Station N.lnk - c:\program files\Hercules\WiFi Station N\WiFiN.exe [2009-4-26 25048360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"<NO NAME>"= NoActiveDesktop
"DWORD"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"
"AntiVirusDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/05/2009 01:53 55152]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [24/05/2009 19:14 603904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [21/02/2009 15:14 93696]
R3 rt2870;Hercules Wireless N USB Driver;c:\windows\system32\drivers\rt2870.sys [21/02/2009 15:30 560896]
S0 fxum;fxum;c:\windows\system32\drivers\jkcg.sys --> c:\windows\system32\drivers\jkcg.sys [?]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 HerculesWiFi;HerculesWiFi;c:\windows\system32\HerculesWiFiService.exe --> c:\windows\system32\HerculesWiFiService.exe [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contenu du dossier 'Tâches planifiées'

2009-06-10 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 13:04]

2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{CFA7E67A-DD75-4ECC-8A42-484C13BEC33B}.job
- c:\windows\system32\msfeedssync.exe [2008-04-29 02:31]

2009-06-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-26 20:18]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrateur.COMPUTER\Application Data\Mozilla\Firefox\Profiles\tl48qduv.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 14:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1606980848-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,8e,67,73,a8,8b,ce,46,be,51,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,8e,67,73,a8,8b,ce,46,be,51,bd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,8e,67,73,a8,8b,ce,46,be,51,bd,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\SHDOCVW.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\LSD\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2009-06-10 14:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-10 12:36
ComboFix2.txt 2009-06-09 23:05
ComboFix3.txt 2009-05-17 16:48
ComboFix4.txt 2009-04-30 22:45
ComboFix5.txt 2009-06-10 12:30

Avant-CF: 63 200 841 728 octets libres
Après-CF: 63 207 419 904 octets libres

331 --- E O F --- 2009-05-27 22:51

MERCI :youpi:

répondre

rubised le 10 juin 2009 à 18h50

bonjour,
télécharge Genproc suis bien le tuto stp et poste moi son rapport
genproc ici
http://www.genproc.com/tutorial_genproc/tutorial_genproc.html

-------
Merci et bon surf

répondre

Curson le 10 juin 2009 à 19h23

Bonjour fredosborne, :hello:

rubised,

Ce système est une version modifiée de Windows, donc illégale.

"WinLSD_SP3"="c:\windows\LSD\end.cmd"

Cordialement.

-------
Si votre sujet reste sans réponse, merci de le signaler ici.

répondre

rubised le 10 juin 2009 à 19h57

Curson
merci en effet j'ai complètement oublié de le vérifier,tu as entièrement raison
donc pas de désinfection

-------
Merci et bon surf

répondre

totoftotof le 10 juin 2009 à 22h54

bonjour

effectivement pas de désinfection pour une version illégale de Windows

fredosborne, donc réinstallez votre version d'origine si c'est un ordi de marque que vous avez en vous servant de la partition de restauration

ou soit achetez une version de Windows XP Edition Familiale SP3 OEM : http://www.materiel.net/ctl/OS/2627-Windows_XP_Edition_Familiale_SP3_oem_.htm(...)

répondre