Comment supprimer des virus?
Fermé
sarah-novice-
Messages postés
27
Date d'inscription
mercredi 23 septembre 2009
Statut
Membre
Dernière intervention
24 septembre 2009
-
23 sept. 2009 à 15:53
Utilisateur anonyme - 25 sept. 2009 à 15:58
Utilisateur anonyme - 25 sept. 2009 à 15:58
A voir également:
- Comment supprimer des virus?
- Comment supprimer une page sur word - Guide
- Supprimer compte instagram - Guide
- Comment supprimer bing - Guide
- Supprimer edge - Guide
- Comment récupérer des messages supprimés sur whatsapp - Guide
46 réponses
sarah-novice-
Messages postés
27
Date d'inscription
mercredi 23 septembre 2009
Statut
Membre
Dernière intervention
24 septembre 2009
24 sept. 2009 à 17:10
24 sept. 2009 à 17:10
cc j'ai esséyé mais ça à bloké mon ordi donc je l'ai éttein et quand j'ai redémarer le virus " anna i lieb you malik@3" est revenu donc j'ai refait le truk de combofix et voila l'autre rapport
ComboFix 09-09-23.02 - H@ 24/09/2009 15:52.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.244 [GMT 1:00]
Lancé depuis: c:\documents and settings\H@\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-24 au 2009-09-24 ))))))))))))))))))))))))))))))))))))
.
2009-09-24 08:23 . 2009-09-24 08:25 -------- dc-h--w- c:\windows\ie8
2009-09-23 20:56 . 2009-09-24 14:27 5304 --sha-r- c:\windows\kubernesis.dll.vbe
2009-09-23 20:56 . 2009-09-24 14:27 5304 --sha-r- C:\kubernesis.vbe
2009-09-23 17:36 . 2009-09-23 18:07 -------- d-----w- C:\UsbFix
2009-09-23 17:30 . 2009-09-23 17:30 -------- d-----w- c:\documents and settings\H@\Local Settings\Application Data\Yahoo!
2009-09-23 16:13 . 2009-09-24 12:03 -------- d-----w- C:\ToolBar SD
2009-09-23 14:56 . 2009-09-23 16:43 -------- d-----w- C:\GenProc
2009-09-23 12:45 . 2009-09-23 12:45 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-09-23 12:44 . 2009-09-23 12:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-23 12:19 . 2009-09-23 12:19 -------- d-----w- c:\documents and settings\H@\Application Data\Malwarebytes
2009-09-23 12:19 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 12:19 . 2009-09-23 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 12:19 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 12:19 . 2009-09-23 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 11:59 . 2009-09-23 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-23 11:59 . 2009-09-23 11:59 -------- d-----w- c:\documents and settings\H@\Application Data\Yahoo!
2009-09-23 11:58 . 2009-09-23 11:59 -------- d-----w- c:\program files\Yahoo!
2009-09-23 11:58 . 2009-09-23 11:59 -------- d-----w- c:\program files\CCleaner
2009-09-23 11:25 . 2009-09-23 13:29 -------- d-----w- C:\rsit
2009-09-20 10:15 . 2009-09-20 10:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-20 10:15 . 2006-09-12 20:00 197632 ----a-w- c:\windows\system32\CNMLM83.DLL
2009-09-20 10:15 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-20 10:14 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-20 10:12 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-18 12:02 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-17 20:52 . 2009-09-21 18:35 28 ----a-w- c:\windows\mscpt.dat
2009-09-17 20:52 . 2009-09-17 20:52 -------- d-----w- c:\program files\TLKGAMES
2009-09-17 11:17 . 2009-07-29 19:37 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
2009-09-17 11:17 . 2009-07-29 19:37 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage d'impression
2009-09-17 11:17 . 2009-07-29 19:37 -------- d-----w- c:\documents and settings\Administrateur\Bureau
2009-09-17 11:17 . 2009-07-29 19:37 -------- d-----r- c:\documents and settings\Administrateur\Menu Démarrer
2009-09-17 11:17 . 2009-07-29 18:50 -------- d--h--w- c:\documents and settings\Administrateur\Modèles
2009-09-16 10:32 . 2009-09-24 14:21 -------- d-----w- c:\documents and settings\H@\Tracing
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-15 22:08 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-15 22:07 . 2009-09-15 22:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-15 22:06 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-15 22:06 . 2009-09-15 22:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-15 22:04 . 2009-09-15 22:04 -------- d-----w- c:\program files\Microsoft
2009-09-15 22:04 . 2009-09-15 22:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 22:04 . 2009-09-15 22:08 -------- d-----w- c:\program files\Windows Live
2009-09-14 18:27 . 2009-09-14 18:27 -------- d-----w- c:\program files\OpenAL
2009-09-14 18:27 . 2009-09-14 18:29 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-14 18:27 . 2009-09-14 18:29 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-14 18:26 . 2009-09-14 18:27 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-09-13 22:23 . 2009-09-13 22:23 -------- d-----w- C:\Sierra
2009-09-05 23:16 . 2009-09-05 23:16 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-05 11:23 . 2009-09-05 11:23 -------- d-----w- c:\program files\RY's GAMES
2009-09-02 18:58 . 2009-09-02 18:58 -------- d-----w- c:\program files\MOVAVI
2009-09-02 18:58 . 2009-09-02 18:58 -------- d-----w- c:\program files\ConvertMovie 5.0
2009-09-01 20:42 . 2009-09-01 20:43 -------- d-----w- C:\Temp
2009-09-01 14:10 . 2009-09-01 14:10 -------- d-----w- c:\program files\JoshMadison
2009-08-27 22:05 . 2009-09-10 11:35 -------- d-----w- C:\downloads
2009-08-27 22:05 . 2009-08-27 22:05 -------- d-----w- c:\documents and settings\H@\Application Data\GrabPro
2009-08-27 22:05 . 2009-09-08 21:35 -------- d-----w- c:\documents and settings\H@\Application Data\Orbit
2009-08-27 13:11 . 2009-08-27 13:11 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-27 11:41 . 2009-08-27 11:41 -------- d-----w- c:\documents and settings\H@\Application Data\AdobeUM
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 14:21 . 2009-07-30 17:13 86120 ----a-w- c:\documents and settings\H@\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 11:18 . 2009-09-17 11:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
2009-09-17 11:18 . 2009-09-17 11:18 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2009-09-17 08:51 . 2001-08-28 12:00 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-17 08:51 . 2001-08-28 12:00 470708 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-31 21:07 . 2009-08-21 19:20 -------- d-----w- c:\program files\Free FLV Converter
2009-08-27 21:40 . 2009-08-23 19:07 -------- d-----w- c:\program files\eMule
2009-08-23 22:14 . 2009-07-29 18:46 -------- d-----w- c:\program files\DivX
2009-08-23 22:14 . 2009-08-23 10:46 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-23 19:07 . 2009-08-23 19:07 -------- d-----w- c:\program files\Feneris
2009-08-23 12:33 . 2009-08-23 10:46 -------- d-----w- c:\program files\Google
2009-08-21 19:06 . 2009-08-21 18:35 -------- d-----w- c:\program files\Free Audio Pack
2009-08-19 02:36 . 2009-08-21 19:20 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-08-18 19:25 . 2009-07-29 19:29 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-13 08:24 . 2009-08-12 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-13 08:24 . 2009-08-12 19:32 -------- d-----w- c:\program files\NOS
2009-08-03 20:10 . 2009-08-03 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-08-03 20:08 . 2009-08-03 20:08 -------- d-----w- c:\program files\IVT Corporation
2009-07-31 16:47 . 2009-07-29 18:49 -------- d-----w- c:\documents and settings\H@\Application Data\Skype
2009-07-31 15:53 . 2009-07-31 15:53 -------- d-----w- c:\documents and settings\H@\Application Data\CyberLink
2009-07-30 17:31 . 2009-07-29 18:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 17:29 . 2009-07-30 17:29 -------- d-----w- c:\documents and settings\H@\Application Data\DivX
2009-07-30 17:29 . 2009-07-30 17:29 -------- d-----w- c:\documents and settings\H@\Application Data\Media Player Classic
2009-07-30 17:29 . 2009-07-29 18:42 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-07-30 17:21 . 2009-07-30 17:12 -------- d-----w- c:\documents and settings\H@\Application Data\ATI
2009-07-30 17:18 . 2009-07-30 17:08 -------- d-----w- c:\program files\ATI Technologies
2009-07-29 19:29 . 2009-07-29 19:29 -------- d-----w- c:\program files\Avira
2009-07-29 19:29 . 2009-07-29 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-29 19:25 . 2009-07-29 19:25 592 ----a-w- c:\windows\chgkey.vbs
2009-07-29 19:17 . 2009-07-29 19:17 125 ----a-w- c:\documents and settings\H@\Local Settings\Application Data\fusioncache.dat
2009-07-29 19:16 . 2009-07-29 19:16 -------- d-----w- c:\program files\Java
2009-07-29 19:16 . 2009-07-29 19:16 -------- d-----w- c:\program files\Fichiers communs\Java
2009-07-29 19:15 . 2009-07-29 19:15 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-07-29 19:14 . 2009-07-29 19:14 -------- d-----w- c:\program files\Windows Journal Viewer
2009-07-29 19:08 . 2009-07-29 19:08 -------- d-----w- c:\program files\HighMAT CD Writing Wizard
2009-07-29 19:08 . 2009-07-29 19:08 -------- d-----w- c:\program files\UTILS
2009-07-29 19:01 . 2009-07-29 19:01 -------- d-----w- c:\program files\microsoft frontpage
2009-07-29 18:55 . 2009-07-29 18:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-29 18:51 . 2009-07-29 18:50 -------- d-----w- c:\program files\Winamp
2009-07-29 18:50 . 2009-07-29 18:50 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-29 18:48 . 2009-07-29 18:48 -------- d-----w- c:\program files\Skype
2009-07-29 18:48 . 2009-07-29 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-29 18:48 . 2009-07-29 18:48 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-29 18:47 . 2009-07-29 18:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-29 18:43 . 2009-07-29 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-29 18:43 . 2009-07-29 18:43 -------- d-----w- c:\program files\CyberLink
2009-07-29 18:37 . 2009-07-29 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-29 18:35 . 2009-07-29 18:35 -------- d-----w- c:\program files\Microsoft Works
2009-07-29 18:35 . 2009-07-29 18:35 -------- d-----w- c:\program files\MSBuild
2009-07-29 18:33 . 2009-07-29 18:33 -------- d-----w- c:\program files\Microsoft.NET
2009-07-29 18:30 . 2009-07-29 18:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-10 12:01 . 2009-07-10 12:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
.
------- Sigcheck -------
[-] 2006-03-18 . 3A248CD2D4683CEAD73DEA60FEA9794D . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
c:\windows\system32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2009-09-24_12.37.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 13:09 . 2008-10-16 13:09 51224 c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
+ 2008-10-16 13:09 . 2008-10-16 13:09 92696 c:\windows\SoftwareDistribution\SelfUpdate\cdm.dll
+ 2008-10-16 13:12 . 2008-10-16 13:12 561688 c:\windows\SoftwareDistribution\SelfUpdate\wuapi.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2009-09-20 53248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"kubernesis.dll"="c:\windows\kubernesis.dll.vbe" [2009-09-24 5304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-04-23 54784]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\H@\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\H@\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-7-31 135680]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre d'‚tat systŠme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-7-16 626176]
kubernscan.vbe [2009-9-24 5304]
YzToolBar.lnk - c:\program files\UTILS\YzToolbar\YzToolBar.exe [2009-7-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\RY's GAMES\\HALF LIFE COMPIL N°1\\hl.exe"=
"c:\\Program Files\\RY's GAMES\\HALF LIFE COMPIL N°1\\hltv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6827:TCP"= 6827:TCP:miqvik
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/07/2009 20:29 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/09/2009 23:08 54752]
S2 nwwnmtkg;Installer Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 16:10 14336]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nwwnmtkg
.
.
------- Examen supplémentaire -------
.
IE: {{A0E6D3BD-A661-447D-8634-0751467857F3} - c:\program files\UTILS\EasyRead\ZoomOut.js
IE: {{AEBB571B-4C48-438D-808D-999F168CDECE} - c:\program files\UTILS\EasyRead\ZoomIn.js
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 15:55
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwwnmtkg]
"ServiceDll"="c:\windows\system32\pxeqog.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-09-24 15:57
ComboFix-quarantined-files.txt 2009-09-24 14:57
ComboFix2.txt 2009-09-24 12:39
Avant-CF: 10 088 468 480 octets libres
Après-CF: 10 117 619 712 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
264
ComboFix 09-09-23.02 - H@ 24/09/2009 15:52.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.244 [GMT 1:00]
Lancé depuis: c:\documents and settings\H@\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-24 au 2009-09-24 ))))))))))))))))))))))))))))))))))))
.
2009-09-24 08:23 . 2009-09-24 08:25 -------- dc-h--w- c:\windows\ie8
2009-09-23 20:56 . 2009-09-24 14:27 5304 --sha-r- c:\windows\kubernesis.dll.vbe
2009-09-23 20:56 . 2009-09-24 14:27 5304 --sha-r- C:\kubernesis.vbe
2009-09-23 17:36 . 2009-09-23 18:07 -------- d-----w- C:\UsbFix
2009-09-23 17:30 . 2009-09-23 17:30 -------- d-----w- c:\documents and settings\H@\Local Settings\Application Data\Yahoo!
2009-09-23 16:13 . 2009-09-24 12:03 -------- d-----w- C:\ToolBar SD
2009-09-23 14:56 . 2009-09-23 16:43 -------- d-----w- C:\GenProc
2009-09-23 12:45 . 2009-09-23 12:45 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-09-23 12:44 . 2009-09-23 12:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-23 12:19 . 2009-09-23 12:19 -------- d-----w- c:\documents and settings\H@\Application Data\Malwarebytes
2009-09-23 12:19 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 12:19 . 2009-09-23 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 12:19 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 12:19 . 2009-09-23 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 11:59 . 2009-09-23 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-23 11:59 . 2009-09-23 11:59 -------- d-----w- c:\documents and settings\H@\Application Data\Yahoo!
2009-09-23 11:58 . 2009-09-23 11:59 -------- d-----w- c:\program files\Yahoo!
2009-09-23 11:58 . 2009-09-23 11:59 -------- d-----w- c:\program files\CCleaner
2009-09-23 11:25 . 2009-09-23 13:29 -------- d-----w- C:\rsit
2009-09-20 10:15 . 2009-09-20 10:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-09-20 10:15 . 2006-09-12 20:00 197632 ----a-w- c:\windows\system32\CNMLM83.DLL
2009-09-20 10:15 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-20 10:14 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-20 10:12 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-18 12:02 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-17 20:52 . 2009-09-21 18:35 28 ----a-w- c:\windows\mscpt.dat
2009-09-17 20:52 . 2009-09-17 20:52 -------- d-----w- c:\program files\TLKGAMES
2009-09-17 11:17 . 2009-07-29 19:37 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
2009-09-17 11:17 . 2009-07-29 19:37 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage d'impression
2009-09-17 11:17 . 2009-07-29 19:37 -------- d-----w- c:\documents and settings\Administrateur\Bureau
2009-09-17 11:17 . 2009-07-29 19:37 -------- d-----r- c:\documents and settings\Administrateur\Menu Démarrer
2009-09-17 11:17 . 2009-07-29 18:50 -------- d--h--w- c:\documents and settings\Administrateur\Modèles
2009-09-16 10:32 . 2009-09-24 14:21 -------- d-----w- c:\documents and settings\H@\Tracing
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-15 22:08 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-15 22:07 . 2009-09-15 22:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-15 22:06 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-15 22:06 . 2009-09-15 22:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-15 22:04 . 2009-09-15 22:04 -------- d-----w- c:\program files\Microsoft
2009-09-15 22:04 . 2009-09-15 22:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 22:04 . 2009-09-15 22:08 -------- d-----w- c:\program files\Windows Live
2009-09-14 18:27 . 2009-09-14 18:27 -------- d-----w- c:\program files\OpenAL
2009-09-14 18:27 . 2009-09-14 18:29 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-14 18:27 . 2009-09-14 18:29 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-14 18:26 . 2009-09-14 18:27 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-09-13 22:23 . 2009-09-13 22:23 -------- d-----w- C:\Sierra
2009-09-05 23:16 . 2009-09-05 23:16 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-05 11:23 . 2009-09-05 11:23 -------- d-----w- c:\program files\RY's GAMES
2009-09-02 18:58 . 2009-09-02 18:58 -------- d-----w- c:\program files\MOVAVI
2009-09-02 18:58 . 2009-09-02 18:58 -------- d-----w- c:\program files\ConvertMovie 5.0
2009-09-01 20:42 . 2009-09-01 20:43 -------- d-----w- C:\Temp
2009-09-01 14:10 . 2009-09-01 14:10 -------- d-----w- c:\program files\JoshMadison
2009-08-27 22:05 . 2009-09-10 11:35 -------- d-----w- C:\downloads
2009-08-27 22:05 . 2009-08-27 22:05 -------- d-----w- c:\documents and settings\H@\Application Data\GrabPro
2009-08-27 22:05 . 2009-09-08 21:35 -------- d-----w- c:\documents and settings\H@\Application Data\Orbit
2009-08-27 13:11 . 2009-08-27 13:11 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-27 11:41 . 2009-08-27 11:41 -------- d-----w- c:\documents and settings\H@\Application Data\AdobeUM
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 14:21 . 2009-07-30 17:13 86120 ----a-w- c:\documents and settings\H@\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 11:18 . 2009-09-17 11:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
2009-09-17 11:18 . 2009-09-17 11:18 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2009-09-17 08:51 . 2001-08-28 12:00 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-17 08:51 . 2001-08-28 12:00 470708 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-31 21:07 . 2009-08-21 19:20 -------- d-----w- c:\program files\Free FLV Converter
2009-08-27 21:40 . 2009-08-23 19:07 -------- d-----w- c:\program files\eMule
2009-08-23 22:14 . 2009-07-29 18:46 -------- d-----w- c:\program files\DivX
2009-08-23 22:14 . 2009-08-23 10:46 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-23 19:07 . 2009-08-23 19:07 -------- d-----w- c:\program files\Feneris
2009-08-23 12:33 . 2009-08-23 10:46 -------- d-----w- c:\program files\Google
2009-08-21 19:06 . 2009-08-21 18:35 -------- d-----w- c:\program files\Free Audio Pack
2009-08-19 02:36 . 2009-08-21 19:20 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-08-18 19:25 . 2009-07-29 19:29 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-13 08:24 . 2009-08-12 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-13 08:24 . 2009-08-12 19:32 -------- d-----w- c:\program files\NOS
2009-08-03 20:10 . 2009-08-03 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-08-03 20:08 . 2009-08-03 20:08 -------- d-----w- c:\program files\IVT Corporation
2009-07-31 16:47 . 2009-07-29 18:49 -------- d-----w- c:\documents and settings\H@\Application Data\Skype
2009-07-31 15:53 . 2009-07-31 15:53 -------- d-----w- c:\documents and settings\H@\Application Data\CyberLink
2009-07-30 17:31 . 2009-07-29 18:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 17:29 . 2009-07-30 17:29 -------- d-----w- c:\documents and settings\H@\Application Data\DivX
2009-07-30 17:29 . 2009-07-30 17:29 -------- d-----w- c:\documents and settings\H@\Application Data\Media Player Classic
2009-07-30 17:29 . 2009-07-29 18:42 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-07-30 17:21 . 2009-07-30 17:12 -------- d-----w- c:\documents and settings\H@\Application Data\ATI
2009-07-30 17:18 . 2009-07-30 17:08 -------- d-----w- c:\program files\ATI Technologies
2009-07-29 19:29 . 2009-07-29 19:29 -------- d-----w- c:\program files\Avira
2009-07-29 19:29 . 2009-07-29 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-29 19:25 . 2009-07-29 19:25 592 ----a-w- c:\windows\chgkey.vbs
2009-07-29 19:17 . 2009-07-29 19:17 125 ----a-w- c:\documents and settings\H@\Local Settings\Application Data\fusioncache.dat
2009-07-29 19:16 . 2009-07-29 19:16 -------- d-----w- c:\program files\Java
2009-07-29 19:16 . 2009-07-29 19:16 -------- d-----w- c:\program files\Fichiers communs\Java
2009-07-29 19:15 . 2009-07-29 19:15 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-07-29 19:14 . 2009-07-29 19:14 -------- d-----w- c:\program files\Windows Journal Viewer
2009-07-29 19:08 . 2009-07-29 19:08 -------- d-----w- c:\program files\HighMAT CD Writing Wizard
2009-07-29 19:08 . 2009-07-29 19:08 -------- d-----w- c:\program files\UTILS
2009-07-29 19:01 . 2009-07-29 19:01 -------- d-----w- c:\program files\microsoft frontpage
2009-07-29 18:55 . 2009-07-29 18:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-29 18:51 . 2009-07-29 18:50 -------- d-----w- c:\program files\Winamp
2009-07-29 18:50 . 2009-07-29 18:50 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-29 18:48 . 2009-07-29 18:48 -------- d-----w- c:\program files\Skype
2009-07-29 18:48 . 2009-07-29 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-29 18:48 . 2009-07-29 18:48 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-29 18:47 . 2009-07-29 18:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-29 18:43 . 2009-07-29 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-29 18:43 . 2009-07-29 18:43 -------- d-----w- c:\program files\CyberLink
2009-07-29 18:37 . 2009-07-29 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-29 18:35 . 2009-07-29 18:35 -------- d-----w- c:\program files\Microsoft Works
2009-07-29 18:35 . 2009-07-29 18:35 -------- d-----w- c:\program files\MSBuild
2009-07-29 18:33 . 2009-07-29 18:33 -------- d-----w- c:\program files\Microsoft.NET
2009-07-29 18:30 . 2009-07-29 18:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-10 12:01 . 2009-07-10 12:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
.
------- Sigcheck -------
[-] 2006-03-18 . 3A248CD2D4683CEAD73DEA60FEA9794D . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
c:\windows\system32\wscntfy.exe ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2009-09-24_12.37.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 13:09 . 2008-10-16 13:09 51224 c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
+ 2008-10-16 13:09 . 2008-10-16 13:09 92696 c:\windows\SoftwareDistribution\SelfUpdate\cdm.dll
+ 2008-10-16 13:12 . 2008-10-16 13:12 561688 c:\windows\SoftwareDistribution\SelfUpdate\wuapi.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2009-09-20 53248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"kubernesis.dll"="c:\windows\kubernesis.dll.vbe" [2009-09-24 5304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-04-23 54784]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\H@\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\H@\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-7-31 135680]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre d'‚tat systŠme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-7-16 626176]
kubernscan.vbe [2009-9-24 5304]
YzToolBar.lnk - c:\program files\UTILS\YzToolbar\YzToolBar.exe [2009-7-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\RY's GAMES\\HALF LIFE COMPIL N°1\\hl.exe"=
"c:\\Program Files\\RY's GAMES\\HALF LIFE COMPIL N°1\\hltv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6827:TCP"= 6827:TCP:miqvik
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/07/2009 20:29 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/09/2009 23:08 54752]
S2 nwwnmtkg;Installer Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 16:10 14336]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nwwnmtkg
.
.
------- Examen supplémentaire -------
.
IE: {{A0E6D3BD-A661-447D-8634-0751467857F3} - c:\program files\UTILS\EasyRead\ZoomOut.js
IE: {{AEBB571B-4C48-438D-808D-999F168CDECE} - c:\program files\UTILS\EasyRead\ZoomIn.js
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 15:55
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwwnmtkg]
"ServiceDll"="c:\windows\system32\pxeqog.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-09-24 15:57
ComboFix-quarantined-files.txt 2009-09-24 14:57
ComboFix2.txt 2009-09-24 12:39
Avant-CF: 10 088 468 480 octets libres
Après-CF: 10 117 619 712 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
264
sarah-novice-
Messages postés
27
Date d'inscription
mercredi 23 septembre 2009
Statut
Membre
Dernière intervention
24 septembre 2009
24 sept. 2009 à 18:28
24 sept. 2009 à 18:28
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:45, on 24/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\H@\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\H@\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: kubernscan.vbe
O4 - Global Startup: YzToolBar.lnk = C:\Program Files\UTILS\YzToolbar\YzToolBar.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Diminuer la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\Program Files\UTILS\EasyRead\ZoomOut.js (file missing)
O9 - Extra button: Agrandir la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\Program Files\UTILS\EasyRead\ZoomIn.js (file missing)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{736CE2C4-A8A4-4826-A8BA-70C24A40EAA1}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Scan saved at 17:21:45, on 24/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\H@\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\H@\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: kubernscan.vbe
O4 - Global Startup: YzToolBar.lnk = C:\Program Files\UTILS\YzToolbar\YzToolBar.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Diminuer la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\Program Files\UTILS\EasyRead\ZoomOut.js (file missing)
O9 - Extra button: Agrandir la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\Program Files\UTILS\EasyRead\ZoomIn.js (file missing)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{736CE2C4-A8A4-4826-A8BA-70C24A40EAA1}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
sarah-novice-
Messages postés
27
Date d'inscription
mercredi 23 septembre 2009
Statut
Membre
Dernière intervention
24 septembre 2009
24 sept. 2009 à 21:25
24 sept. 2009 à 21:25
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-09-24 20:18:14
PROTECTIONS: 0
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@atdmt[3].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@xiti[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@ad.yieldmanager[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@weborama[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@smartadserver[2].txt
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\Documents and Settings\H@\Bureau\UsbFix_Upload_Me_HOME.zip[UsbFix_Upload_Me/Desktop.ini.UsbFix]
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\UsbFix\Quarantine\F\RECYCLER\k-1-3542-4232123213-7676767-8888886\Desktop.ini.UsbFix
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\UsbFix\Quarantine\F\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini.UsbFix
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No D:\UsbFix\Quarantine\F\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini.UsbFix
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
209275 HIGH MS08-049
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
191618 HIGH MS08-025
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
108738 HIGH MS06-004
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
;===================================================================================================================================================================================
ANALYSIS: 2009-09-24 20:18:14
PROTECTIONS: 0
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@atdmt[3].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@xiti[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@ad.yieldmanager[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@weborama[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\H@\Cookies\h@@smartadserver[2].txt
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\Documents and Settings\H@\Bureau\UsbFix_Upload_Me_HOME.zip[UsbFix_Upload_Me/Desktop.ini.UsbFix]
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\UsbFix\Quarantine\F\RECYCLER\k-1-3542-4232123213-7676767-8888886\Desktop.ini.UsbFix
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\UsbFix\Quarantine\F\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini.UsbFix
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No D:\UsbFix\Quarantine\F\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini.UsbFix
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
209275 HIGH MS08-049
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
191618 HIGH MS08-025
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
108738 HIGH MS06-004
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
;===================================================================================================================================================================================
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
23 sept. 2009 à 16:39
23 sept. 2009 à 16:39
Fait ceci :
◆ Clique ici pour installer Genproc
► Installe sur ton bureaux GenProc en suivant le lien d'en haut
► Double clique sur le raccourci GenProc.exe
► Poste le contenu du rapport qui s'ouvre
# Si le rapport ne s'ouvre pas :
- Démarrer > Poste de travail > Disque local > GenProc > Arguments ; GenProc[1].txt
Ou alors
- Démarrer > Poste de travail > Disque local > GenProc > Page ; GenProc[1].html
( CTRL + A pour sélectionner le rapport, CTRL + C pour le copier, CTRL + V pour le coller )
◆ Clique ici pour installer Genproc
► Installe sur ton bureaux GenProc en suivant le lien d'en haut
► Double clique sur le raccourci GenProc.exe
► Poste le contenu du rapport qui s'ouvre
# Si le rapport ne s'ouvre pas :
- Démarrer > Poste de travail > Disque local > GenProc > Arguments ; GenProc[1].txt
Ou alors
- Démarrer > Poste de travail > Disque local > GenProc > Page ; GenProc[1].html
( CTRL + A pour sélectionner le rapport, CTRL + C pour le copier, CTRL + V pour le coller )
