Paysages - Contacts

Forum de contacts, de partages et d'entraides entre professionnels, étudiants ou amateurs dans le domaine de l'architecture et du paysage

  • Poster un nouveau sujet
  • Répondre au sujet

compliqué prob [Résolu]

Partager
DllD

DllD
Admin

Messages: 71
Date d'inscription: 26/11/2008
Age: 32
  • Message n°16

Re: compliqué prob [Résolu]

Message  DllD le Lun 22 Déc - 1:10

Bon aller,
fais :

> > Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe puis accepte le contrat de licence.
- Si Combofix ne trouve pas de console de récupération système d'installée alors accepte son installation.
- A la fin de l'installation de la console de récupération Combofix va te proposer de lancer une recherche de nuisibles. Clique alors sur <Oui>.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par le forum. Dans ce cas poste le rapport en plusieurs parties.



Bon courage.

A+


Sleep
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°17

Re: compliqué prob [Résolu]

Message  momo le Lun 22 Déc - 1:34

ComboFix 08-12-21.03 - Maud 2008-12-22 1:23:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1376 [GMT 1:00]
Lancé depuis: c:\documents and settings\Maud\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
c:\documents and settings\Maud\Application Data\smss.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-21 18:12 . 2008-12-21 18:12 <REP> d-------- C:\_OTMoveIt
2008-12-21 17:59 . 2007-04-08 17:14 377,344 --a------ c:\documents and settings\Maud\Application Data\lsass.exe
2008-12-21 17:33 . 2008-12-21 17:33 <REP> d-------- c:\program files\PowerISO
2008-12-21 05:22 . 2007-04-08 17:14 377,344 --a------ c:\documents and settings\Maud\Application Data\svchost.exe
2008-12-15 13:16 . 2008-12-15 13:16 <REP> d-------- c:\windows\system32\Color
2008-12-08 02:38 . 2008-12-08 02:38 <REP> d-------- c:\documents and settings\All Users\Application Data\wmp
2008-12-01 14:18 . 2007-04-08 17:14 377,344 --a------ c:\windows\system32\Sexy Girls.scr
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 15:23 . 2008-11-30 15:23 <REP> d-------- c:\program files\IZArc
2008-11-29 21:21 . 2008-11-30 13:41 <REP> d-------- c:\program files\UsbFix
2008-11-27 01:52 . 2008-11-27 01:52 <REP> d-------- C:\rsit
2008-11-24 16:44 . 2008-11-24 16:44 <REP> d-------- c:\documents and settings\Maud\Application Data\Apple Computer
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\program files\Apple Software Update
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 00:16 --------- d-----w c:\documents and settings\Maud\Application Data\Skype
2008-12-22 00:07 --------- d-----w c:\program files\eMule
2008-12-21 17:53 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-21 03:48 --------- d-----w c:\program files\Navilog1
2008-12-20 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 17:44 --------- d-----w c:\documents and settings\Maud\Application Data\Canon
2008-12-15 00:56 --------- d-----w c:\program files\adslTV
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-29 21:31 241,114 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-11-24 23:25 --------- d-----w c:\program files\QuickTime
2008-11-21 02:51 --------- d-----w c:\documents and settings\Maud\Application Data\Toshiba
2008-11-15 04:22 --------- d-----w c:\program files\MSN Messenger
2008-11-03 15:13 --------- d-----w c:\documents and settings\Maud\Application Data\U3
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-04-08 16:14 377,344 ------w c:\windows\inf\smss.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 16:08 381952 -ra------ c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 114688]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 266497]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\Maud\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2007-04-08 377344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 21:23 40448 c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 17840]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2006-09-15 14336]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-08 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-08 7808]
S3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [2006-10-22 34944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80153c76-910d-11dc-9f39-0018de790b41}]
\Shell\AutoRun\command - I:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c987b8-a9b9-11dd-a0ce-0018de790b41}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-FrameWorkService - (no file)
HKLM-Run-FrameWorkService - (no file)


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maud\Application Data\Mozilla\Firefox\Profiles\pbdfv0hw.default\
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 01:28:16
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1256)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\dllhost.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
.
**************************************************************************
.
Heure de fin: 2008-12-22 1:32:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 00:31:55

Avant-CF: 15 185 698 816 octets libres
Après-CF: 15,302,365,184 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

231 --- E O F --- 2008-12-19 02:01:18
  • Revenir en haut
DllD

DllD
Admin

Messages: 71
Date d'inscription: 26/11/2008
Age: 32
  • Message n°18

Re: compliqué prob [Résolu]

Message  DllD le Lun 22 Déc - 3:05

Alors,

voici le scan demandé : http://www.virustotal.com/fr/analisis/311e8aa45cfde3467a039f48630626e4


La suite,
Let's go :

/!\ Pour les personnes ayant les mêmes problèmes ou similaires /!\
Cette manip. est spécifique au PC de l'utilisateur ayant créé cette discussion. La reproduire sur un autre ordinateur pourrait endommager le système.


Alors,
> Avec Combofix :
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80153c76-910d-11dc-9f39-0018de790b41}]

File::
c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\windows\system32\Sexy Girls.scr
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
c:\documents and settings\Maud\Application Data\smss.exe
c:\windows\inf\smss.exe
C:\documents and settings\maud\local settings\application data\hqkmgp.exe
C:\Documents and Settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Documents and Settings\All Users\Application Data\wmp

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image : http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par le forum. Dans ce cas poste le rapport en plusieurs parties.



+

rendeer
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°19

Re: compliqué prob [Résolu]

Message  momo le Lun 22 Déc - 3:35

ComboFix 08-12-21.03 - Maud 2008-12-22 3:24:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1342 [GMT 1:00]
Lancé depuis: c:\documents and settings\Maud\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Maud\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\All Users\Application Data\wmp
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\smss.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\documents and settings\maud\local settings\application data\hqkmgp.exe
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
c:\windows\inf\smss.exe
c:\windows\system32\Sexy Girls.scr
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\windows\inf\smss.exe
c:\windows\system32\Sexy Girls.scr

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-21 17:33 . 2008-12-21 17:33 <REP> d-------- c:\program files\PowerISO
2008-12-15 13:16 . 2008-12-15 13:16 <REP> d-------- c:\windows\system32\Color
2008-12-08 02:38 . 2008-12-08 02:38 <REP> d-------- c:\documents and settings\All Users\Application Data\wmp
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 15:23 . 2008-11-30 15:23 <REP> d-------- c:\program files\IZArc
2008-11-29 21:21 . 2008-11-30 13:41 <REP> d-------- c:\program files\UsbFix
2008-11-27 01:52 . 2008-11-27 01:52 <REP> d-------- C:\rsit
2008-11-24 16:44 . 2008-11-24 16:44 <REP> d-------- c:\documents and settings\Maud\Application Data\Apple Computer
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\program files\Apple Software Update
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 00:16 --------- d-----w c:\documents and settings\Maud\Application Data\Skype
2008-12-22 00:07 --------- d-----w c:\program files\eMule
2008-12-21 17:53 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-21 03:48 --------- d-----w c:\program files\Navilog1
2008-12-20 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 17:44 --------- d-----w c:\documents and settings\Maud\Application Data\Canon
2008-12-15 00:56 --------- d-----w c:\program files\adslTV
2008-11-29 21:31 241,114 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-11-24 23:25 --------- d-----w c:\program files\QuickTime
2008-11-21 02:51 --------- d-----w c:\documents and settings\Maud\Application Data\Toshiba
2008-11-15 04:22 --------- d-----w c:\program files\MSN Messenger
2008-11-03 15:13 --------- d-----w c:\documents and settings\Maud\Application Data\U3
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-04-08 16:14 377,344 ----a-w c:\documents and settings\Maud\Application Data\lsass.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"FrameWorkService"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 114688]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 266497]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]
"FrameWorkService"="" [BU]

c:\documents and settings\Maud\Menu D‚marrer\Programmes\D‚marrage\
DosÿOptimizer.pif [2007-04-08 377344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 21:23 40448 c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 17840]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2006-09-15 14336]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-08 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-08 7808]
S3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [2006-10-22 34944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c987b8-a9b9-11dd-a0ce-0018de790b41}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maud\Application Data\Mozilla\Firefox\Profiles\pbdfv0hw.default\
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 03:29:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\Sexy Girls.scr 377344 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\dllhost.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
.
**************************************************************************
.
Heure de fin: 2008-12-22 3:33:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 02:32:52
ComboFix2.txt 2008-12-22 00:32:09

Avant-CF: 15 297 294 336 octets libres
Après-CF: 15,354,232,832 octets libres

198 --- E O F --- 2008-12-19 02:01:18
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°20

Re: compliqué prob [Résolu]

Message  momo le Lun 22 Déc - 23:10

Ok,

On continue, cette fois ci c'est moi aux commandes. Suspect

1°/ Un nouveau RSIT

http://pastebin.com/f326897bb



2°/ Dans HJT : à fixer

O4 - Startup: Dos Optimizer.pif = ?



3°/ Avec Combo : nouveau CFScript


KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MMTray"=-
"FrameWorkService"=-
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FrameWorkService"=-

File::
C:\Documents and Settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.
C:\Documents and Settings\Maud\Application Data\lsass.exe
C:\Documents and Settings\Maud\Application Data\svchost.exe
c:\documents and settings\Maud\Application Data\smss.exe



afro
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°21

Re: compliqué prob [Résolu]

Message  momo le Lun 22 Déc - 23:27

ComboFix 08-12-21.03 - Maud 2008-12-22 23:14:57.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1444 [GMT 1:00]
Lancé depuis: c:\documents and settings\Maud\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Maud\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\smss.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\svchost.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 23:19 . 2008-12-22 23:19 <REP> d--h----- c:\windows\PIF
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\ZebHelpProcess 2
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\Fichiers communs\Borland Shared
2008-12-22 22:31 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL
2008-12-22 22:31 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\BDEADMIN.CPL
2008-12-22 22:31 . 2008-12-22 23:10 13,030 --a------ C:\PDOXUSRS.NET
2008-12-22 17:13 . 2008-12-22 17:13 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 17:06 . 2008-12-22 17:06 <REP> d-------- c:\program files\Fichiers communs\Control Panels
2008-12-22 17:03 . 2008-12-22 17:03 <REP> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-12-22 16:48 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-12-22 16:48 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-22 16:38 . 2008-12-22 16:38 <REP> d-------- c:\program files\Bonjour
2008-12-22 03:30 . 2007-04-08 17:14 377,344 --a------ c:\windows\system32\Sexy Girls.scr
2008-12-21 17:33 . 2008-12-21 17:33 <REP> d-------- c:\program files\PowerISO
2008-12-15 13:16 . 2008-12-15 13:16 <REP> d-------- c:\windows\system32\Color
2008-12-08 02:38 . 2008-12-08 02:38 <REP> d-------- c:\documents and settings\All Users\Application Data\wmp
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 15:23 . 2008-11-30 15:23 <REP> d-------- c:\program files\IZArc
2008-11-29 21:21 . 2008-11-30 13:41 <REP> d-------- c:\program files\UsbFix
2008-11-27 01:52 . 2008-11-27 01:52 <REP> d-------- C:\rsit
2008-11-24 16:44 . 2008-11-24 16:44 <REP> d-------- c:\documents and settings\Maud\Application Data\Apple Computer
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\program files\Apple Software Update
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:06 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-22 15:58 --------- d-----w c:\program files\QuickTime
2008-12-22 15:31 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-12-22 03:36 --------- d-----w c:\documents and settings\Maud\Application Data\Skype
2008-12-22 02:47 --------- d-----w c:\program files\eMule
2008-12-21 03:48 --------- d-----w c:\program files\Navilog1
2008-12-20 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 17:44 --------- d-----w c:\documents and settings\Maud\Application Data\Canon
2008-12-15 00:56 --------- d-----w c:\program files\adslTV
2008-11-29 21:31 241,114 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-11-21 02:51 --------- d-----w c:\documents and settings\Maud\Application Data\Toshiba
2008-11-15 04:22 --------- d-----w c:\program files\MSN Messenger
2008-11-03 15:13 --------- d-----w c:\documents and settings\Maud\Application Data\U3
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-04-08 16:14 377,344 ------w c:\windows\inf\smss.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_ 1.31.17.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-22 15:48:40 65,536 ----a-r c:\windows\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-12-22 15:57:15 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2008-12-22 15:57:16 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-12-22 15:57:16 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-12-22 15:57:16 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2008-12-22 15:57:16 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-12-22 15:57:15 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-12-22 15:48:29 65,536 ----a-r c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2006-09-29 05:56:38 28,248 ----a-r c:\windows\system32\AdobePDF.dll
+ 2006-02-28 11:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 11:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
- 2008-12-21 18:09:21 2,360,488 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-22 16:12:18 3,559,248 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2007-02-20 14:34:06 190,696 ----a-w c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 15:04:02 2,463,976 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 15:04:04 190,696 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-03-12 13:02:26 947,472 ----a-w c:\windows\system32\msjava.dll
+ 2007-05-10 22:13:07 24,456 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2007-05-10 22:13:22 190,072 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2007-05-10 22:13:07 24,456 ----a-w c:\windows\system32\spool\drivers\w32x86\AdReGP.dll
+ 2007-05-10 22:13:22 190,072 ----a-w c:\windows\system32\spool\drivers\w32x86\ADUIGP.dll
+ 2003-05-05 15:47:20 131,072 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2003-05-05 15:47:20 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\PSCRIPT5.DLL
+ 2007-04-03 04:31:38 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
+ 2007-04-03 04:31:38 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
+ 2007-04-03 04:31:38 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2006-06-05 14:47:40 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 14:47:48 1,080,320 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 14:47:50 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 14:47:50 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
+ 2006-06-05 14:28:32 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHS.dll
+ 2006-06-05 14:28:32 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHT.dll
+ 2006-06-05 14:28:32 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80DEU.dll
+ 2006-06-05 14:28:34 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ENU.dll
+ 2006-06-05 14:28:32 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ESP.dll
+ 2006-06-05 14:28:32 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80FRA.dll
+ 2006-06-05 14:28:32 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ITA.dll
+ 2006-06-05 14:28:32 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80JPN.dll
+ 2006-06-05 14:28:34 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80KOR.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 266497]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 21:23 40448 c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 17840]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2006-09-15 14336]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-08 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-08 7808]
S3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [2006-10-22 34944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c987b8-a9b9-11dd-a0ce-0018de790b41}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°22

Re: compliqué prob [Résolu]

Message  momo le Lun 22 Déc - 23:29

------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maud\Application Data\Mozilla\Firefox\Profiles\pbdfv0hw.default\
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 23:18:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\dllhost.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Heure de fin: 2008-12-22 23:25:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 22:25:06
ComboFix2.txt 2008-12-22 02:33:07
ComboFix3.txt 2008-12-22 00:32:09

Avant-CF: 23 746 686 976 octets libres
Après-CF: 23,737,610,240 octets libres

250 --- E O F --- 2008-12-19 02:01:18
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°23

Re: compliqué prob [Résolu]

Message  momo le Lun 22 Déc - 23:45

Après une deuxième execution :

Zeb Help Process v2.33 by Nicolas Coolman - Rapport Général du 22/12/2008 23:44:07

ComboFix 08-12-21.03 - Maud 2008-12-22 23:32:18.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1430 [GMT 1:00]
Lancé depuis: c:\documents and settings\Maud\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Maud\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\smss.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 23:30 . 2008-12-22 23:30 <REP> d-------- c:\program files\Unlocker
2008-12-22 23:19 . 2008-12-22 23:19 <REP> d--h----- c:\windows\PIF
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\ZebHelpProcess 2
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\Fichiers communs\Borland Shared
2008-12-22 22:31 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL
2008-12-22 22:31 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\BDEADMIN.CPL
2008-12-22 22:31 . 2008-12-22 23:10 13,030 --a------ C:\PDOXUSRS.NET
2008-12-22 17:13 . 2008-12-22 17:13 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 17:06 . 2008-12-22 17:06 <REP> d-------- c:\program files\Fichiers communs\Control Panels
2008-12-22 17:03 . 2008-12-22 17:03 <REP> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-12-22 16:48 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-12-22 16:48 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-22 16:38 . 2008-12-22 16:38 <REP> d-------- c:\program files\Bonjour
2008-12-22 03:30 . 2007-04-08 17:14 377,344 --a------ c:\windows\system32\Sexy Girls.scr
2008-12-21 17:33 . 2008-12-21 17:33 <REP> d-------- c:\program files\PowerISO
2008-12-15 13:16 . 2008-12-15 13:16 <REP> d-------- c:\windows\system32\Color
2008-12-08 02:38 . 2008-12-08 02:38 <REP> d-------- c:\documents and settings\All Users\Application Data\wmp
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 15:23 . 2008-11-30 15:23 <REP> d-------- c:\program files\IZArc
2008-11-29 21:21 . 2008-11-30 13:41 <REP> d-------- c:\program files\UsbFix
2008-11-27 01:52 . 2008-11-27 01:52 <REP> d-------- C:\rsit
2008-11-24 16:44 . 2008-11-24 16:44 <REP> d-------- c:\documents and settings\Maud\Application Data\Apple Computer
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\program files\Apple Software Update
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:06 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-22 15:58 --------- d-----w c:\program files\QuickTime
2008-12-22 15:31 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-12-22 03:36 --------- d-----w c:\documents and settings\Maud\Application Data\Skype
2008-12-22 02:47 --------- d-----w c:\program files\eMule
2008-12-21 03:48 --------- d-----w c:\program files\Navilog1
2008-12-20 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 17:44 --------- d-----w c:\documents and settings\Maud\Application Data\Canon
2008-12-15 00:56 --------- d-----w c:\program files\adslTV
2008-11-29 21:31 241,114 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-11-21 02:51 --------- d-----w c:\documents and settings\Maud\Application Data\Toshiba
2008-11-15 04:22 --------- d-----w c:\program files\MSN Messenger
2008-11-03 15:13 --------- d-----w c:\documents and settings\Maud\Application Data\U3
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 266497]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 21:23 40448 c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 17840]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2006-09-15 14336]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-08 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-08 7808]
S3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [2006-10-22 34944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c987b8-a9b9-11dd-a0ce-0018de790b41}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maud\Application Data\Mozilla\Firefox\Profiles\pbdfv0hw.default\
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 23:36:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\GETPADD.sys 3839 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

.

- - - - - - - > 'winlogon.exe'(1256)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\dllhost.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
.
Heure de fin: 2008-12-22 23:42:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 22:42:51
ComboFix2.txt 2008-12-22 22:25:12
ComboFix3.txt 2008-12-22 02:33:07
ComboFix4.txt 2008-12-22 00:32:09

Avant-CF: 23 715 381 248 octets libres
Après-CF: 23,699,243,008 octets libres

202 --- E O F --- 2008-12-19 02:01:18

Lignes traitées 123/152
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°24

Re: compliqué prob [Résolu]

Message  momo le Mar 23 Déc - 0:04

Après un troisième passage :

ComboFix 08-12-21.03 - Maud 2008-12-22 23:50:25.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1369 [GMT 1:00]
Lancé depuis: c:\documents and settings\Maud\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Maud\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\smss.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
c:\windows\inf\smss.exe
c:\windows\system32\Sexy Girls.scr
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Sexy Girls.scr

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 23:30 . 2008-12-22 23:30 <REP> d-------- c:\program files\Unlocker
2008-12-22 23:19 . 2008-12-22 23:19 <REP> d--h----- c:\windows\PIF
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\ZebHelpProcess 2
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- c:\program files\Fichiers communs\Borland Shared
2008-12-22 22:31 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL
2008-12-22 22:31 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\BDEADMIN.CPL
2008-12-22 22:31 . 2008-12-22 23:47 13,030 --a------ C:\PDOXUSRS.NET
2008-12-22 17:13 . 2008-12-22 17:13 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-22 17:06 . 2008-12-22 17:06 <REP> d-------- c:\program files\Fichiers communs\Control Panels
2008-12-22 17:03 . 2008-12-22 17:03 <REP> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-12-22 16:48 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-12-22 16:48 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-12-22 16:38 . 2008-12-22 16:38 <REP> d-------- c:\program files\Bonjour
2008-12-21 17:33 . 2008-12-21 17:33 <REP> d-------- c:\program files\PowerISO
2008-12-15 13:16 . 2008-12-15 13:16 <REP> d-------- c:\windows\system32\Color
2008-12-08 02:38 . 2008-12-08 02:38 <REP> d-------- c:\documents and settings\All Users\Application Data\wmp
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-11-30 15:23 . 2008-11-30 15:23 <REP> d-------- c:\program files\IZArc
2008-11-29 21:21 . 2008-11-30 13:41 <REP> d-------- c:\program files\UsbFix
2008-11-27 01:52 . 2008-11-27 01:52 <REP> d-------- C:\rsit
2008-11-24 16:44 . 2008-11-24 16:44 <REP> d-------- c:\documents and settings\Maud\Application Data\Apple Computer
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\program files\Apple Software Update
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:06 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-22 15:58 --------- d-----w c:\program files\QuickTime
2008-12-22 15:31 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-12-22 03:36 --------- d-----w c:\documents and settings\Maud\Application Data\Skype
2008-12-22 02:47 --------- d-----w c:\program files\eMule
2008-12-21 03:48 --------- d-----w c:\program files\Navilog1
2008-12-20 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-19 17:44 --------- d-----w c:\documents and settings\Maud\Application Data\Canon
2008-12-15 00:56 --------- d-----w c:\program files\adslTV
2008-11-29 21:31 241,114 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-11-21 02:51 --------- d-----w c:\documents and settings\Maud\Application Data\Toshiba
2008-11-15 04:22 --------- d-----w c:\program files\MSN Messenger
2008-11-03 15:13 --------- d-----w c:\documents and settings\Maud\Application Data\U3
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 266497]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 21:23 40448 c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 17840]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2006-09-15 14336]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\Drivers\SynMini.sys [2006-08-08 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-08-08 7808]
S3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [2006-10-22 34944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c987b8-a9b9-11dd-a0ce-0018de790b41}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maud\Application Data\Mozilla\Firefox\Profiles\pbdfv0hw.default\
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 23:54:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\dllhost.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 0:01:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 23:01:29
ComboFix2.txt 2008-12-22 22:42:57
ComboFix3.txt 2008-12-22 22:25:12
ComboFix4.txt 2008-12-22 02:33:07
ComboFix5.txt 2008-12-22 22:49:49

Avant-CF: 23 677 267 968 octets libres
Après-CF: 23,662,030,848 octets libres

207 --- E O F --- 2008-12-19 02:01:18
  • Revenir en haut
momo

momo

Messages: 16
Date d'inscription: 27/11/2008
  • Message n°25

Re: compliqué prob [Résolu]

Message  momo le Mar 23 Déc - 0:42

ComboFix 08-12-21.03 - Maud 2008-12-23 0:10:40.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1447 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Maud\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Maud\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\All Users\Application Data\wmp
c:\documents and settings\Maud\Application Data\lsass.exe
c:\documents and settings\Maud\Application Data\smss.exe
c:\documents and settings\Maud\Application Data\svchost.exe
c:\documents and settings\Maud\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
c:\windows\inf\smss.exe
c:\windows\system32\Sexy Girls.scr
c:\windows\PIF :#:
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-22 23:30 . 2008-12-22 23:30 <REP> d-------- C:\Program Files\Unlocker
2008-12-22 23:19 . 2008-12-22 23:19 <REP> d--h----- C:\WINDOWS\PIF
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- C:\Program Files\ZebHelpProcess 2
2008-12-22 22:31 . 2008-12-22 22:31 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared
2008-12-22 22:31 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2008-12-22 22:31 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2008-12-22 22:31 . 2008-12-23 00:09 13,030 --a------ C:\PDOXUSRS.NET
2008-12-22 17:13 . 2008-12-22 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-22 17:06 . 2008-12-22 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-12-22 17:03 . 2008-12-22 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-12-22 16:48 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-12-22 16:48 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-22 16:38 . 2008-12-22 16:38 <REP> d-------- C:\Program Files\Bonjour
2008-12-21 17:33 . 2008-12-21 17:33 <REP> d-------- C:\Program Files\PowerISO
2008-12-15 13:16 . 2008-12-15 13:16 <REP> d-------- C:\WINDOWS\system32\Color
2008-12-08 02:38 . 2008-12-08 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\wmp
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-11-30 15:23 . 2008-11-30 15:23 <REP> d-------- C:\Program Files\IZArc
2008-11-29 21:21 . 2008-11-30 13:41 <REP> d-------- C:\Program Files\UsbFix
2008-11-27 01:52 . 2008-11-27 01:52 <REP> d-------- C:\rsit
2008-11-24 16:44 . 2008-11-24 16:44 <REP> d-------- C:\Documents and Settings\Maud\Application Data\Apple Computer
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- C:\Program Files\Apple Software Update
2008-11-24 16:35 . 2008-11-24 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-12-22 15:58 --------- d-----w C:\Program Files\QuickTime
2008-12-22 15:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-12-22 03:36 --------- d-----w C:\Documents and Settings\Maud\Application Data\Skype
2008-12-22 02:47 --------- d-----w C:\Program Files\eMule
2008-12-21 03:48 --------- d-----w C:\Program Files\Navilog1
2008-12-20 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-19 17:44 --------- d-----w C:\Documents and Settings\Maud\Application Data\Canon
2008-12-15 00:56 --------- d-----w C:\Program Files\adslTV
2008-11-29 21:31 241,114 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-11-21 02:51 --------- d-----w C:\Documents and Settings\Maud\Application Data\Toshiba
2008-11-15 04:22 --------- d-----w C:\Program Files\MSN Messenger
2008-11-03 15:13 --------- d-----w C:\Documents and Settings\Maud\Application Data\U3
2008-11-02 08:44 56,572 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:33 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 01:24 110592]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 04:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 04:58 86016]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 21:11 573440]
"PowerForPhone"="C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-06-29 13:40 774144]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 14:20 180224]
"CognizanceTS"="c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 04:12 17920]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 09:28 811008]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09 987136]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 19:33 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 04:02 786521]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 18:14 61440]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 16:46 90112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32 696320]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 21:42 266497]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-11-02 09:38 167936]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 05:15 15872]
"nwiz"="nwiz.exe" [2006-07-20 04:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 00:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 02:04 2879488 C:\WINDOWS\SkyTel.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 10:50 20992 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 110592]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 21:23 40448 c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys [2006-05-16 10:14:00 17840]
R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe -k Cognizance [2006-09-15 08:13:31 14336]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-08 22:15:13 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-08 22:15:13 7808]
S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-10-22 00:10:49 34944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c987b8-a9b9-11dd-a0ce-0018de790b41}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\Maud\Application Data\Mozilla\Firefox\Profiles\pbdfv0hw.default\
FF - plugin: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
  • Revenir en haut
« Voir le sujet précédent · Voir le sujet suivant »
  • Poster un nouveau sujet
  • Répondre au sujet

La date/heure actuelle est Mer 2 Déc - 2:30