Virus Win32/Injector, impossible de s'en débarasser!

Virus Win32/Injector, impossible de s'en débarasser! - Virus/Spywares - Windows & Software

Marsh Posté le 15-07-2010 à 21:54:44    

Bonjour,
 
Et tout d'abord merci pour l'existence de ce forum et les gens qui y passent du temps :)
 
J'ai réçemment subi une infection et je n'arrive pas à m'en débarasser! A chaque fois que je surfe sur Internet, NOD32 m'annonce régulièrement des attaques de type Win32/Injector.NX ou même le fameux Win32/Sality.NAR (mais qui n'apparait heureusement plus...)
Elles sont localisées dans C:/Documents and Settings/NetworkService/Local Settings/Temporary Internet Files, ...
Puis on m'annonce un fichier suspect genre c:/windows/system32/65.scr
 
J'ai fait tourner NOD32 (à jour) + Malwarebyte's Antimalware mais ils n'arrivent pas à l'éradiquer! Ils arrêtent les attaques mais le virus revient tout le temps
Suite à des lectures sur ce forum j'ai téléchargé AVPTool de Kaspersky, fait plusieurs scans en mode sans echec, il m'a supprimé des trucs. j'ai également essay rmsality.exe, et rien de son côté.
 
J'ai téléchargé le fameux ComboFix, je l'ai fait tourner en mode sans echec (en ayant désinstallé l'antivirus), il m'a effectivement supprimé des choses...
 
Suite à tout ces scans et utilitaires exécutés, je resurfe et PAM, même chose (Trojan Injector, fichier douteux windows system32 blabla.scr.
 
Je n'arrive pas à m'en débarasser, HELP!
 
d'après ce que je comprends il faudrait que je fasse un scan ComboFix puis que quelqu'un m'indique un fichier .txt à lui balancer dedans pour effacer les malicieux et ça je ne sais pas faire tout seul! :)
 
Un grand merci d'avance pour votre aide :)
 
baz
 
Ci joint un log HikackThis

Code :
  1. Logfile of Trend Micro HijackThis v2.0.2
  2. Scan saved at 21:11:57, on 15/07/2010
  3. Platform: Windows XP SP3 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  5. Boot mode: Normal
  7. Running processes:
  8. C:\WINDOWS\System32\smss.exe
  9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\Ati2evxx.exe
  13. C:\WINDOWS\system32\svchost.exe
  14. C:\WINDOWS\system32\Ati2evxx.exe
  15. C:\WINDOWS\system32\spoolsv.exe
  16. C:\WINDOWS\system32\acs.exe
  17. C:\Program Files\Bonjour\mDNSResponder.exe
  18. C:\Program Files\Digidesign\Drivers\MMERefresh.exe
  19. C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  20. C:\Program Files\Java\jre6\bin\jqs.exe
  21. C:\Program Files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe
  22. C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
  23. C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
  24. C:\WINDOWS\system32\svchost.exe
  25. C:\WINDOWS\system32\Tablet.exe
  26. C:\WINDOWS\Explorer.EXE
  27. C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
  28. C:\WINDOWS\system32\wscntfy.exe
  29. C:\WINDOWS\System32\DeltaIITray.exe
  30. C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
  31. C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
  32. C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  33. C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
  34. C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
  35. C:\WINDOWS\system32\WTablet\TabUserW.exe
  36. C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
  37. C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
  38. C:\Program Files\Mozilla Firefox\firefox.exe
  39. C:\WINDOWS\System32\svchost.exe
  40. C:\WINDOWS\system32\NOTEPAD.EXE
  41. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  43. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
  44. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  45. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  46. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  47. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
  48. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  49. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  50. O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
  51. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  52. O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  53. O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
  54. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  55. O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  56. O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
  57. O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
  58. O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
  59. O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  60. O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
  61. O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
  62. O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
  63. O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
  64. O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
  65. O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
  66. O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
  67. O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
  68. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  69. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
  70. O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  71. O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
  72. O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
  73. O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
  74. O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
  75. O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
  76. O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')
  77. O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
  78. O4 - S-1-5-18 Startup: Suitcase 11.0.lnk = C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe (User 'SYSTEM')
  79. O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
  80. O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
  81. O4 - .DEFAULT Startup: Suitcase 11.0.lnk = C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe (User 'Default user')
  82. O4 - Startup: PowerReg Scheduler.exe
  83. O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
  84. O4 - Startup: Suitcase 11.0.lnk = C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
  85. O4 - Global Startup: Suitcase 11.0.lnk = ?
  86. O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
  87. O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  88. O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
  89. O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
  90. O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  91. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  92. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  93. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  94. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  95. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  96. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  97. O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
  98. O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
  99. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  100. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  101. O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  102. O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
  103. O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
  104. O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  105. O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  106. O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  107. O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  108. O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  109. O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (file missing)
  110. O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe
  111. O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
  112. O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
  113. O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
  114. O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  116. --
  117. End of file - 10221 bytes


 
Et le dernier log ComboFix (juste avant que je redémarre que que le Virus revienne...)

Code :
  1. ComboFix 10-07-13.08 - Admin 15/07/2010  18:41:04.7.4 - x86 MINIMAL
  2. Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.3327.3053 [GMT 2:00]
  3. Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
  4. FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
  5. .
  7. (((((((((((((((((((((((((((((   Fichiers créés du 2010-06-15 au 2010-07-15  ))))))))))))))))))))))))))))))))))))
  8. .
  10. 2010-07-15 16:34 . 2010-07-15 16:34 -------- d-----w- C:\Kaspersky
  11. 2010-07-15 09:49 . 2010-07-15 16:33 -------- d-----w- c:\windows\LastGood
  12. 2010-07-15 09:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  13. 2010-07-15 09:39 . 2010-07-15 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  14. 2010-07-15 09:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
  15. 2010-07-14 22:54 . 2010-07-14 22:54 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft
  16. 2010-07-14 22:54 . 2010-07-14 22:54 -------- d-sh--w- c:\documents and settings\LocalService.AUTORITE NT
  17. 2010-07-14 22:43 . 2008-04-13 17:33 221184 ----a-w- c:\windows\system32\wmpns.dll
  18. 2010-07-14 22:37 . 2010-07-14 22:37 -------- d--h--w- c:\windows\system32\GroupPolicy
  19. 2010-07-14 10:43 . 2010-07-14 14:16 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
  20. 2010-07-06 21:00 . 2010-07-13 18:44 -------- d-----w- c:\program files\Camera Assistant Software for ViewSonic
  21. 2010-06-26 08:07 . 2007-12-14 02:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
  22. 2010-06-26 06:46 . 2010-06-26 06:46 -------- d-----w- c:\program files\Atheros
  23. 2010-06-24 16:51 . 2010-06-24 16:51 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros
  24. 2010-06-24 16:49 . 2010-06-24 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR
  25. 2010-06-22 21:52 . 2010-06-22 21:52 -------- d-----w- c:\documents and settings\Admin\Application Data\AdSigner
  27. .
  28. ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
  29. .
  30. 2010-07-15 09:47 . 2009-06-21 13:56 -------- d-----w- c:\program files\ESET
  31. 2010-07-15 09:43 . 2009-06-28 08:45 336 ----a-w- c:\windows\system32\tablet.dat
  32. 2010-07-15 09:43 . 2009-06-25 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Extensis
  33. 2010-07-15 09:43 . 2009-07-25 08:10 50312 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
  34. 2010-07-15 09:33 . 2001-10-02 16:17 71248 ----a-w- c:\windows\system32\perfc00C.dat
  35. 2010-07-15 09:33 . 2001-10-02 16:17 458230 ----a-w- c:\windows\system32\perfh00C.dat
  36. 2010-07-14 14:40 . 2009-11-14 08:50 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
  37. 2010-07-13 18:44 . 2009-06-21 14:03 -------- d--h--w- c:\program files\InstallShield Installation Information
  38. 2010-07-13 18:44 . 2010-04-04 12:04 -------- d-----w- c:\program files\Fichiers communs\Apple
  39. 2010-07-13 15:00 . 2009-11-20 08:49 -------- d-----w- c:\program files\Mozilla Thunderbird
  40. 2010-07-06 06:47 . 2010-04-10 09:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
  41. 2010-07-05 19:34 . 2009-06-22 21:58 58720 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  42. 2010-07-03 17:13 . 2009-06-24 23:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Spotify
  43. 2010-07-02 07:46 . 2009-07-06 12:59 -------- d-----w- c:\program files\CCleaner
  44. 2010-06-30 23:31 . 2009-06-24 23:51 -------- d-----w- c:\program files\FlashFXP
  45. 2010-06-27 07:10 . 2009-06-22 21:31 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
  46. 2010-06-26 08:31 . 2010-06-13 11:53 -------- d-----r- c:\program files\Skype
  47. 2010-06-12 13:32 . 2010-03-14 12:21 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
  48. 2010-06-12 13:32 . 2010-07-14 15:51 53632 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
  49. 2010-06-12 13:32 . 2010-06-12 13:33 53632 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
  50. 2010-06-12 11:33 . 2009-07-07 08:24 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
  51. 2010-06-12 11:32 . 2009-07-07 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
  52. 2010-06-04 06:58 . 2010-04-27 20:40 -------- d-----w- c:\program files\TweetDeck
  53. 2010-05-31 21:13 . 2009-06-25 23:02 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
  54. 2010-05-24 12:20 . 2010-05-24 12:20 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30665fa3-n\decora-sse.dll
  55. 2010-05-24 12:20 . 2010-05-24 12:20 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-316fe6ef-n\msvcp71.dll
  56. 2010-05-24 12:20 . 2010-05-24 12:20 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-316fe6ef-n\jmc.dll
  57. 2010-05-24 12:20 . 2010-05-24 12:20 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-316fe6ef-n\msvcr71.dll
  58. 2010-05-24 12:20 . 2010-05-24 12:20 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30665fa3-n\decora-d3d.dll
  59. 2010-05-15 05:41 . 2010-05-15 05:41 411368 ----a-w- c:\windows\system32\deployJava1.dll
  60. 2010-04-27 21:16 . 2010-04-27 21:16 655360 ----a-w- c:\documents and settings\Admin\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
  61. 2010-04-27 21:16 . 2010-04-27 21:16 282624 ----a-w- c:\documents and settings\Admin\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
  62. 2010-04-27 21:16 . 2010-04-27 21:16 208896 ----a-w- c:\documents and settings\Admin\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
  63. 2009-07-06 12:59 . 2009-07-06 12:59 1548 ----a-w- c:\program files\CCleaner.lnk
  64. 2009-07-06 12:26 . 2009-07-06 12:26 645 ----a-w- c:\program files\RegCleaner.lnk
  65. 2002-08-27 16:40 . 2009-06-21 08:50 55313 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
  66. .
  68. (((((((((((((((((((((((((((((   SnapShot@2010-07-14_22.31.56   )))))))))))))))))))))))))))))))))))))))))
  69. .
  70. - 2001-10-02 16:17 . 2010-07-14 15:32 58596              c:\windows\system32\perfc009.dat
  71. + 2001-10-02 16:17 . 2010-07-15 09:33 58596              c:\windows\system32\perfc009.dat
  72. + 2010-07-15 13:17 . 2009-10-22 11:54 37392              c:\windows\LastGood\system32\DRIVERS\89607492.sys
  73. + 2010-07-15 16:33 . 2009-10-22 11:54 37392              c:\windows\LastGood\system32\DRIVERS\65845702.sys
  74. + 2001-10-02 16:17 . 2010-07-15 09:33 392296              c:\windows\system32\perfh009.dat
  75. - 2001-10-02 16:17 . 2010-07-14 15:32 392296              c:\windows\system32\perfh009.dat
  76. + 2010-07-15 13:17 . 2009-09-25 15:59 128016              c:\windows\LastGood\system32\DRIVERS\89607491.sys
  77. + 2010-07-15 13:17 . 2009-10-09 21:31 315408              c:\windows\LastGood\system32\DRIVERS\8960749.sys
  78. + 2010-07-15 16:33 . 2009-09-25 15:59 128016              c:\windows\LastGood\system32\DRIVERS\65845701.sys
  79. + 2010-07-15 16:33 . 2009-10-09 21:31 315408              c:\windows\LastGood\system32\DRIVERS\6584570.sys
  80. + 2009-06-20 23:34 . 2010-07-15 09:48 2086200              c:\windows\system32\FNTCACHE.DAT
  81. .
  82. (((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
  83. .
  84. .
  85. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  86. REGEDIT4
  88. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  89. "Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-02 135664]
  91. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  92. "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
  93. "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
  94. "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
  95. "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
  96. "M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
  97. "DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
  98. "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
  99. "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
  100. "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
  101. "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
  103. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  104. "nlsf"="move" [X]
  105. "Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
  106. "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
  108. c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
  109. PowerReg Scheduler.exe [2009-6-21 0]
  110. Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
  111. Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
  113. c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
  114. PowerReg Scheduler.exe [2009-6-21 0]
  115. Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
  116. Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
  118. c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
  119. PowerReg Scheduler.exe [2009-6-21 0]
  120. Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
  121. Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
  123. c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
  124. Suitcase 11.0.lnk - c:\windows\Installer\{7451C9B5-3E10-4E59-AD37-AB7438D84288}\_01D57C9244869186542E24.exe [2009-6-25 9062]
  125. TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-6-28 114688]
  127. c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
  128. PowerReg Scheduler.exe [2009-6-21 0]
  129. Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-25 3581680]
  130. Suitcase 11.0.lnk - c:\program files\Extensis\Extensis Suitcase 11\Suitcase.exe [2007-5-10 5246976]
  132. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  133. "NoSMHelp"= 1 (0x1)
  134. "MemCheckBoxInRunDlg"= 1 (0x1)
  135. "NoSMBalloonTip"= 1 (0x1)
  136. "NoWelcomeScreen"= 1 (0x1)
  137. "NoAutoUpdate"= 1 (0x1)
  139. [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
  140. "NoSMHelp"= 1 (0x1)
  141. "MemCheckBoxInRunDlg"= 1 (0x1)
  142. "NoSMBalloonTip"= 1 (0x1)
  143. "NoWelcomeScreen"= 1 (0x1)
  144. "NoAutoUpdate"= 1 (0x1)
  146. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  147. "AntiVirusOverride"=dword:00000001
  148. "FirewallOverride"=dword:00000001
  150. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  151. "EnableFirewall"= 0 (0x0)
  152. "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
  154. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  155. "%windir%\\system32\\sessmgr.exe"=
  156. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  157. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  158. "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
  159. "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
  160. "c:\\Program Files\\Spotify\\spotify.exe"=
  161. "c:\\Program Files\\Extensis\\Extensis Suitcase 11\\Bonjour\\mDNSResponder.exe"=
  162. "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  163. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  164. "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  165. "c:\\Program Files\\MediaMonkey\\MediaMonkey.exe"=
  166. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  168. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  169. "5353:TCP"= 5353:TCP:Adobe CSI CS4
  170. "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
  171. "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
  172. "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
  173. "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
  174. "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
  175. "3689:TCP"= 3689:TCP:MonkeyTunes
  176. "5353:UDP"= 5353:UDP:Bonjour
  178. R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [03/10/2009 12:24 16384]
  179. R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22/07/2008 10:01 151592]
  180. R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [23/06/2009 00:29 270888]
  181. S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/12/2009 16:08 691696]
  182. S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
  183. S2 NIHardwareService;NIHardwareService;c:\program files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe [17/07/2009 15:32 3576320]
  184. S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
  185. S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
  186. S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 288112]
  187. S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [25/06/2009 00:36 302728]
  188. S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
  189. S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe --> c:\program files\NETGEAR\WN111v2\jswpsapi.exe [?]
  190. S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
  191. S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [23/06/2009 00:29 65576]
  192. S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2.sys --> c:\windows\system32\DRIVERS\WN111v2.sys [?]
  193. .
  194. Contenu du dossier 'Tâches planifiées'
  196. 2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1060284298-725345543-1003Core.job
  197. - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 09:07]
  199. 2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1060284298-725345543-1003UA.job
  200. - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 09:07]
  201. .
  202. .
  203. ------- Examen supplémentaire -------
  204. .
  205. uStart Page = hxxp://www.google.fr/
  206. uInternet Settings,ProxyOverride = *.local
  207. uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
  208. IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  209. IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
  210. IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
  211. IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  212. IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
  213. FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\idma7jh1.default\
  214. FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
  215. FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
  216. FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
  218. ---- PARAMETRES FIREFOX ----
  219. FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
  220. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "" );
  221. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
  222. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
  223. .
  225. **************************************************************************
  227. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  228. Rootkit scan 2010-07-15 18:45
  229. Windows 5.1.2600 Service Pack 3 NTFS
  231. Recherche de processus cachés ...
  233. Recherche d'éléments en démarrage automatique cachés ...
  235. Recherche de fichiers cachés ...
  237. Scan terminé avec succès
  238. Fichiers cachés: 0
  240. **************************************************************************
  241. .
  242. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  244. [HKEY_USERS\S-1-5-21-1202660629-1060284298-725345543-1003\SOFTWARE\SecuROM\License information*]
  245. "datasecu"=hex:63,55,2b,f4,b8,34,65,db,8a,69,2a,d9,fc,84,ae,44,96,85,ff,d6,4c,
  246.    66,30,16,10,e0,90,6c,53,09,25,d0,3c,6e,b9,e1,b0,e8,e9,a9,9d,22,1c,e5,16,e5,\
  247. "rkeysecu"=hex:c9,3f,58,4e,9e,46,f4,ad,2c,e0,9e,84,61,4e,63,40
  249. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
  250. "Version"=hex:51,20,f8,30,6b,57,ac,7b,ba,d6,10,cd,f1,f7,42,2d,47,66,77,d2,5f,
  251.    3b,5f,1b,98,31,ed,60,4c,57,e6,6a,be,31,b7,b1,19,c3,d9,f0,da,a3,0d,c1,e5,5b,\
  253. [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
  254. "Version"=hex:51,20,f8,30,6b,57,ac,7b,ba,d6,10,cd,f1,f7,42,2d,47,66,77,d2,5f,
  255.    3b,5f,1b,98,31,ed,60,4c,57,e6,6a,be,31,b7,b1,19,c3,d9,f0,da,a3,0d,c1,e5,5b,\
  256. .
  257. --------------------- DLLs chargées dans les processus actifs ---------------------
  259. - - - - - - - > 'winlogon.exe'(244)
  260. c:\windows\system32\Ati2evxx.dll
  261. c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
  262. .
  263. Heure de fin: 2010-07-15  18:47:00
  264. ComboFix-quarantined-files.txt  2010-07-15 16:46
  265. ComboFix2.txt  2010-07-15 14:18
  266. ComboFix3.txt  2010-07-15 09:26
  267. ComboFix4.txt  2010-07-14 23:23
  268. ComboFix5.txt  2010-07-15 16:35
  270. Avant-CF: 56 150 528 000 octets libres
  271. Après-CF: 56 138 510 336 octets libres
  273. - - End Of File - - 1F6B4408618E7697C8D37D25BDC5B6DD

Reply

Marsh Posté le 15-07-2010 à 21:54:44   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed