Infection Virtumonde
Dernière réponse : dans Sécurité
Bonjour
Hier j'ai été infecté par trojan.virtumonde.. Spyware doctor le detecte mais pas Bit defender. Il ne peut pas réparer.
J'ai lancé Hijack, le log est le suivant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:13, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Lolakath\Application Data\U3\0000184AA475BAFF\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454095 14
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f941b757ef904c7bb350415002e9f73c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f941b757ef904c7bb350415002e9f73c
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes6.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7853 bytes
Quelqu'un peut il m'aider???
Hier j'ai été infecté par trojan.virtumonde.. Spyware doctor le detecte mais pas Bit defender. Il ne peut pas réparer.
J'ai lancé Hijack, le log est le suivant:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:13, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Lolakath\Application Data\U3\0000184AA475BAFF\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454095 14
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f941b757ef904c7bb350415002e9f73c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f941b757ef904c7bb350415002e9f73c
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes6.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7853 bytes
Quelqu'un peut il m'aider???
Autres pages sur : infection virtumonde
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Ca me donne ca, qd je relance spyware maintent il ne le trouve plus ![:)]( ":)")
)
ComboFix 07-12-12.3 - Lolakath 2007-12-13 20:41:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.425 [GMT 1:00]
Running from: C:\Documents and Settings\Lolakath\Bureau\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\hottvplayer
C:\Program Files\hottvplayer\hottv.ico
C:\Program Files\hottvplayer\Ogg\ogg.dll
C:\Program Files\hottvplayer\Ogg\ogg_demux.dll
C:\Program Files\hottvplayer\Ogg\theora_decoder.dll
C:\Program Files\hottvplayer\Ogg\vorbis.dll
C:\Program Files\hottvplayer\Ogg\vorbis_decoder.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\hwotjzt.dat
C:\WINDOWS\system32\hwotjzt_nav.dat
C:\WINDOWS\system32\hwotjzt_navps.dat
c:\WINDOWS\system32\mitywlczd.dat
c:\windows\system32\mitywlczd.exe
c:\WINDOWS\system32\mitywlczd_nav.dat
c:\WINDOWS\system32\mitywlczd_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\urqqnki.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.
2007-12-13 13:58 . 2007-12-13 14:31 <REP> d-------- C:\VundoFix Backups
2007-12-13 13:55 . 2007-12-13 13:55 <REP> d-------- C:\Program Files\Trend Micro
2007-12-13 10:51 . 2007-12-13 10:56 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-13 00:45 . 2007-12-13 00:45 <REP> d-------- C:\Documents and Settings\Lolakath\Application Data\Vodafone Mobile Connect
2007-12-13 00:38 . 2007-12-13 00:38 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-12 23:03 . 2007-12-12 23:15 168 --a------ C:\WINDOWS\system32\ikhcore(2).cfg
2007-12-12 22:45 . 2007-12-12 22:45 92 --a------ C:\WINDOWS\system32\ikhcore(3).cfg
2007-12-12 22:37 . 2007-12-13 00:24 7,070 --ahs---- C:\WINDOWS\system32\yyadd(2).ini
2007-12-12 22:01 . 2007-12-12 22:01 <REP> d-------- C:\Program Files\Helper
2007-12-12 22:01 . 2007-12-12 22:01 57,856 --a------ C:\fjls.exe
2007-12-12 22:01 . 2007-12-12 22:01 20,480 --a------ C:\skaglnck.exe
2007-12-12 22:01 . 2007-12-12 22:01 19,840 --a------ C:\WINDOWS\system32\drivers\Ryg42.sys
2007-12-12 22:01 . 2007-12-12 22:01 80 --a------ C:\tempdel.bat
2007-12-12 22:01 . 2007-12-12 22:01 2 --a------ C:\4754486
2007-12-12 00:16 . 2007-12-12 00:16 <REP> d-------- C:\Documents and Settings\Lolakath\Saved Games
2007-12-12 00:04 . 2007-12-12 22:54 <REP> d-------- C:\Program Files\MSN Games
2007-11-18 17:16 . 2007-12-12 23:40 <REP> d-------- C:\Program Files\Spyware-Secure
2007-11-18 15:45 . 2007-12-13 20:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 15:44 . 2007-12-12 23:17 <REP> d-------- C:\Program Files\Spyware Doctor
2007-11-18 15:44 . 2007-11-18 15:44 <REP> d-------- C:\Documents and Settings\Lolakath\Application Data\PC Tools
2007-11-18 15:44 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-18 15:44 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-18 15:44 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-18 15:44 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-18 15:31 . 2007-11-18 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-18 15:24 . 2007-11-18 15:24 <REP> d-------- C:\Program Files\Picasa2
2007-11-18 15:24 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-18 15:24 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-18 15:23 . 2007-12-13 00:23 <REP> d-------- C:\Program Files\Norton Security Scan
2007-11-18 15:21 . 2007-12-13 10:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-18 14:16 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-17 14:11 . 2007-11-17 14:11 <REP> d-------- C:\Program Files\Sibelius Software
2007-11-17 14:11 . 2007-11-17 14:11 <REP> d-------- C:\Documents and Settings\Lolakath\Application Data\Sibelius Software
2007-11-14 21:14 . 2007-11-17 15:05 <REP> d-------- C:\Program Files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 12:54 --------- d-----w C:\Documents and Settings\Lolakath\Application Data\U3
2007-12-12 23:44 --------- d-----w C:\Program Files\PokerStars
2007-12-12 21:54 --------- d-----w C:\Program Files\Fight for Kisses
2007-12-12 20:55 --------- d-----w C:\Program Files\eMule
2007-12-01 02:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-18 14:27 --------- d-----w C:\Program Files\Google
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 10:58 --------- d-----w C:\Program Files\MSECache
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE6CFDB-E2F8-4CB6-8116-528795AAEB9B}]
C:\WINDOWS\system32\ddayy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 15:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 08:39]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 08:36]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 08:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 16:33]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 10:30 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 09:26]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 13:00 C:\WINDOWS\system32\bthprops.cpl]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-17 18:43]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-05 07:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-18 15:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\thawbrkr32]
thawbrkr32.dll 2004-01-15 07:56 8704 C:\WINDOWS\system32\thawbrkr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9673876-0b9b-11dc-87b8-0011e2fd366c}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe
*Newly Created Service* - MDMXSDK
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-18 14:24:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-13 13:13:08 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 20:45:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-13 20:46:24 - machine was rebooted
.
2007-12-13 09:56:16 --- E O F ---
)ComboFix 07-12-12.3 - Lolakath 2007-12-13 20:41:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.425 [GMT 1:00]
Running from: C:\Documents and Settings\Lolakath\Bureau\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\hottvplayer
C:\Program Files\hottvplayer\hottv.ico
C:\Program Files\hottvplayer\Ogg\ogg.dll
C:\Program Files\hottvplayer\Ogg\ogg_demux.dll
C:\Program Files\hottvplayer\Ogg\theora_decoder.dll
C:\Program Files\hottvplayer\Ogg\vorbis.dll
C:\Program Files\hottvplayer\Ogg\vorbis_decoder.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\hwotjzt.dat
C:\WINDOWS\system32\hwotjzt_nav.dat
C:\WINDOWS\system32\hwotjzt_navps.dat
c:\WINDOWS\system32\mitywlczd.dat
c:\windows\system32\mitywlczd.exe
c:\WINDOWS\system32\mitywlczd_nav.dat
c:\WINDOWS\system32\mitywlczd_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\urqqnki.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.
2007-12-13 13:58 . 2007-12-13 14:31 <REP> d-------- C:\VundoFix Backups
2007-12-13 13:55 . 2007-12-13 13:55 <REP> d-------- C:\Program Files\Trend Micro
2007-12-13 10:51 . 2007-12-13 10:56 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-13 00:45 . 2007-12-13 00:45 <REP> d-------- C:\Documents and Settings\Lolakath\Application Data\Vodafone Mobile Connect
2007-12-13 00:38 . 2007-12-13 00:38 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-12 23:03 . 2007-12-12 23:15 168 --a------ C:\WINDOWS\system32\ikhcore(2).cfg
2007-12-12 22:45 . 2007-12-12 22:45 92 --a------ C:\WINDOWS\system32\ikhcore(3).cfg
2007-12-12 22:37 . 2007-12-13 00:24 7,070 --ahs---- C:\WINDOWS\system32\yyadd(2).ini
2007-12-12 22:01 . 2007-12-12 22:01 <REP> d-------- C:\Program Files\Helper
2007-12-12 22:01 . 2007-12-12 22:01 57,856 --a------ C:\fjls.exe
2007-12-12 22:01 . 2007-12-12 22:01 20,480 --a------ C:\skaglnck.exe
2007-12-12 22:01 . 2007-12-12 22:01 19,840 --a------ C:\WINDOWS\system32\drivers\Ryg42.sys
2007-12-12 22:01 . 2007-12-12 22:01 80 --a------ C:\tempdel.bat
2007-12-12 22:01 . 2007-12-12 22:01 2 --a------ C:\4754486
2007-12-12 00:16 . 2007-12-12 00:16 <REP> d-------- C:\Documents and Settings\Lolakath\Saved Games
2007-12-12 00:04 . 2007-12-12 22:54 <REP> d-------- C:\Program Files\MSN Games
2007-11-18 17:16 . 2007-12-12 23:40 <REP> d-------- C:\Program Files\Spyware-Secure
2007-11-18 15:45 . 2007-12-13 20:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 15:44 . 2007-12-12 23:17 <REP> d-------- C:\Program Files\Spyware Doctor
2007-11-18 15:44 . 2007-11-18 15:44 <REP> d-------- C:\Documents and Settings\Lolakath\Application Data\PC Tools
2007-11-18 15:44 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-18 15:44 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-18 15:44 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-18 15:44 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-18 15:31 . 2007-11-18 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-18 15:24 . 2007-11-18 15:24 <REP> d-------- C:\Program Files\Picasa2
2007-11-18 15:24 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-18 15:24 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-18 15:23 . 2007-12-13 00:23 <REP> d-------- C:\Program Files\Norton Security Scan
2007-11-18 15:21 . 2007-12-13 10:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-18 14:16 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-17 14:11 . 2007-11-17 14:11 <REP> d-------- C:\Program Files\Sibelius Software
2007-11-17 14:11 . 2007-11-17 14:11 <REP> d-------- C:\Documents and Settings\Lolakath\Application Data\Sibelius Software
2007-11-14 21:14 . 2007-11-17 15:05 <REP> d-------- C:\Program Files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 12:54 --------- d-----w C:\Documents and Settings\Lolakath\Application Data\U3
2007-12-12 23:44 --------- d-----w C:\Program Files\PokerStars
2007-12-12 21:54 --------- d-----w C:\Program Files\Fight for Kisses
2007-12-12 20:55 --------- d-----w C:\Program Files\eMule
2007-12-01 02:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-18 14:27 --------- d-----w C:\Program Files\Google
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2007-11-17 13:11 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 10:58 --------- d-----w C:\Program Files\MSECache
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE6CFDB-E2F8-4CB6-8116-528795AAEB9B}]
C:\WINDOWS\system32\ddayy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 15:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 08:39]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 08:36]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 08:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-13 16:33]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-01-05 10:30 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 09:26]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 13:00 C:\WINDOWS\system32\bthprops.cpl]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-17 18:43]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-05 07:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-18 15:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\thawbrkr32]
thawbrkr32.dll 2004-01-15 07:56 8704 C:\WINDOWS\system32\thawbrkr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9673876-0b9b-11dc-87b8-0011e2fd366c}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe
*Newly Created Service* - MDMXSDK
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-18 14:24:03 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-13 13:13:08 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 20:45:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-13 20:46:24 - machine was rebooted
.
2007-12-13 09:56:16 --- E O F ---
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\yyadd(2).ini
C:\fjls.exe
C:\skaglnck.exe
C:\WINDOWS\system32\ddayy.dll
Folder::
C:\Program Files\Spyware-Secure
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE6CFDB-E2F8-4CB6-8116-528795AAEB9B}]
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\yyadd(2).ini
C:\fjls.exe
C:\skaglnck.exe
C:\WINDOWS\system32\ddayy.dll
Folder::
C:\Program Files\Spyware-Secure
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE6CFDB-E2F8-4CB6-8116-528795AAEB9B}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Lassé par la pub ? Créez un compte
- Contenus similaires :
