High-Tech Santé Médecine Droit-Finances

Connecter

la Wii à Internet

Rechercher : dans
Par :

System security 4.51 help !

yannae, le 14 jun 2009 à 13:46:33 
 Signaler ce message aux modérateurs

Bonjour,
Mon ordinateur est infecté par le virus System Security depuis hier...mais ce n'est que depuis ce matin qu'il m'a relaché un peu. Donc j'ai lancé Combofix et obtenu ce rapport .

ComboFix 09-06-13.03 - Microsoft 06/14/2009 13:25.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.460 [GMT 2:00]
Running from: c:\documents and settings\Microsoft\Desktop\combofix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\18862654
c:\documents and settings\All Users\Application Data\98872646
c:\documents and settings\All Users\Application Data\18862654\18862654.exe
c:\documents and settings\All Users\Application Data\18862654\pc18862654cnf
c:\documents and settings\All Users\Application Data\18862654\pc18862654ins
c:\documents and settings\All Users\Application Data\98872646\98872646.exe
C:\GHOST.EXE
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
C:\tj.vbs
c:\windows\ld09.exe
c:\windows\run_1244898236.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-14 11:21 . 2009-06-14 11:21 -------- d-s---w- C:\bibite
2009-06-13 11:18 . 2009-06-13 11:18 2 ---h--w- c:\windows\zaponce53290.dat
2009-06-13 11:18 . 2009-06-13 11:18 2 ---h--w- c:\windows\zaponce53198.dat
2009-06-13 11:17 . 2009-06-13 11:17 -------- d-sh--r- c:\program files\Manson
2009-06-10 10:57 . 2009-06-10 10:57 -------- d-----w- c:\program files\Yontoo Layers Client for Internet Explorer
2009-06-10 10:57 . 2009-04-03 00:37 36864 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2009-06-10 10:57 . 2009-03-30 01:09 222208 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2009-06-10 10:57 . 2008-08-30 09:05 4608 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll­
2009-06-10 10:57 . 2009-06-10 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-06-07 19:08 . 2009-06-07 19:08 -------- d-----w- c:\program files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 11:10 . 2008-03-10 15:24 2048 ----a-w- c:\windows\vknt.tmp
2009-05-16 10:07 . 2008-07-30 13:30 114 ----a-w- c:\windows\system32\{EC4C8FCB-8A0D-47f6-8­F3E-2A34527102F5}.dat
2009-04-06 13:58 . 2009-04-06 13:58 1915520 ----a-w- c:\documents and settings\Microsoft\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
------- Sigcheck -------

[-] 2007-08-02 04:52 1580544 0A874046BB7B547864811CFF0DD19724 c:\windows\sy­stem32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-04-01 17:16 193472 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-05-07 10:54 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\Lenovo\Power2Go\Power2GoExpress.exe" [2007-05-04 2483760]
"mtd2002Svr"="c:\program files\mtd2002\mtdserver.exe" [2002-10-05 544768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vietkey"="c:\program files\Vietkey2000\VKNT.EXE" [2001-10-16 78848]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-11-20 502544]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-20 630784]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-04-29 1486848]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-04-29 1191936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-11-20 151552]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2008-05-07 241664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-20 138008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-20 162584]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-06 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-20 16342528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-10 21:34 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2008-05-07 10:54 589824 ----a-w- c:\windows\system32\PicNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\mtd2002\\mtdserver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\BIN\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\JRE\\BIN\\java.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5/6/2008 11:02 PM 15424]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [3/10/2008 5:34 PM 9344]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [9/10/2008 11:38 PM 57376]
S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [5/7/2008 12:52 PM 17536]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Bewan\Box\Wizard\jswpsapi.exe [9/10/2008 11:38 PM 352338]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [9/10/2008 11:36 PM 27072]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-kell - c:\program files\Manson\liser.exe
HKLM-Run-98872646 - c:\documents and settings\All Users\Application Data\98872646\98872646.exe
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Explorer_Run-dllcache32.exe - c:\windows\system32\dllcache32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mido.dauphine.fr/
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.12/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{035E680E-B668-472F-91F3-E850BCC5051F} - c:\program files\Crawler\Notes\CNotes.exe
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 13:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
c:\windows\system32\PicNotify.dll
c:\windows\system32\Momo.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\picn.dll

- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\imon.dll
.
Completion time: 2009-06-14 13:29
ComboFix-quarantined-files.txt 2009-06-14 11:29

Pre-Run: 8,411,807,744 bytes free
Post-Run: 8,560,787,456 bytes free

166

Quelqu'un pourrait m'aider, s'il vous plait !
Merci d'avance,

Configuration: Windows XP Internet Explorer 7.0

Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net