|
| |||||||
| S'inscrire | Site Spy | Liste des membres | Faire un don | Recherche | Aujourd'hui, les postes | Marquer les forums comme lus | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
23e juin 2009, 10:38
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! J'ai récemment téléchargé un thème application. Lors de l'installation, Kaspersky invité une alerte disant ordinateur est infecté par des logiciels malveillants MultiPacked.Multi.Generic. Mon Kaspersky cessé de travailler et mes fenêtres thème est parti-Je suis bloqué avec des fenêtres classiques. Aide s'il vous plaît! |
|
#2
23e juin 2009, 11:25
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! Essayez de me faire l'un des journaux, vous pouvez partir d'ici. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24e juin 2009, 11:44
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! On dirait que le forum a eu un pépin. S'il vous plaît envoyer ces DDS logs. Télécharger de la DDS | ICI | ou | ICI | ou | ICI | et de l'enregistrer sur votre bureau. Vista utilisateurs clic droit sur dds et sélectionnez Exécuter en tant qu'administrateur (vous recevrez un UAC invite, s'il vous plaît le permettent) * XP Double-cliquez sur dds pour l'exécuter. * Si votre antivirus ou de pare-feu pour bloquer DDS essayez s'il vous plaît puis de lui permettre de fonctionner. * Lorsque vous avez terminé DDS ouvrira deux (2) journaux. 1) DDS.txt 2) Attach.txt * Enregistrer les logs de votre bureau. * S'il vous plaît copiez et collez la totalité du contenu de deux journaux de votre prochaine réponse. Note: DDS vous donnera les instructions pour envoyer le log Attach.txt en tant que pièce jointe. S'il vous plaît, il suffit d'envoyer comme vous le feriez pour tout autre journal de copier et le coller dans la réponse.
__________________ |
|
#4
24e juin 2009, 13:55
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! DDS (Ver_09-05-14.01) - NTFSx86 Dirigé par souris à 16:53:23.36 le mercredi 06.24.2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On analyse à l'accès handicapés * (mise à jour) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security permis * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) Running Processes ============== =============== C: \ WINDOWS \ system32 \ svchost-k DcomLaunch svchost.exe C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ Wcescomm.exe C: \ PROGRA ~ 1 \ MICROS ~ 4 \ rapimgr.exe svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com Pseudo Rapport HJT ============== =============== uStart Page = hxxp: / / google.com / uInternet Settings, ProxyOverride = *. local BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - c: \ Program Files \ Fichiers communs \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - c: \ program files \ skype \ toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Classe: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-In 2 SSV Helper: (dbc80044-A445-435b-bc74-9c25c1c588a9) - c: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Classe: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - c: \ Program Files \ Java \ jre6 \ lib \ déployer \ jqs \ ie \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - c: \ program files \ Veoh Networks \ veoh \ Plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-A342-7c2a440a9478) - n ° de dossier Essai: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe Essai: [H / PC Connection Agent] "c: \ program files \ microsoft activesync \ Wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "c: \ program files \ créatif \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "c: \ program files \ créatif \ shared files \ module loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "c: \ program files \ créatif \ shared files \ module loader \ dllml.exe" -1 audiodrvemulator "c: \ program files \ créatif \ shared files \ module loader \ audio émulateur \ AudDrvEm.dll" mRun: [VolPanel] "c: \ program files \ créatif \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE c: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] c: \ program files \ fichiers communs \ apple \ mobile device support \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Ajouter à Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporter vers Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - c: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - c: \ program files \ skype \ toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ java \ classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: cdo - (CD00020A-8B95-11D1-82dB-00C04FB1625D) - C: \ Program Files \ Fichiers communs \ Microsoft Shared \ Web Folders \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Souscription:! SASWinLogon - c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL Notify: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Classe: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL ================= =================== FIREFOX FF - ProfilePath -- ============= SERVICES / DRIVERS =============== R0 KL1; KL1; c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; c: \ program files \ SUPERAntiSpyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Security; c: \ program files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> c: \ program files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ program files \ viewpoint \ common \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; c: \ program files \ SUPERAntiSpyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; c: \ program files \ SUPERAntiSpyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ se32.sys Cuba [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53; c: \ windows \ syste m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] Créé Dernière 30 =============== ================ 2009-06-17 13:58 <DIR> - d ----- c: \ program files \ LSoft Technologies 2009-06-13 12:32 <DIR> - d ----- c: \ program files \ iPod 2009-06-13 12:32 <DIR> - d ----- c: \ program files \ iTunes Find3M ==================== ==================== ============= FINISH: 16:54:12.42 =============== Sauf si expressément MANDATE, NE PAS CE POST LOG. Si requis, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professionnel Boot Device: \ Device \ HarddiskVolume1 Installation Date: 5/12/2008 2:38:20 PM System Uptime: 6/24/2009 12:33:35 PM (4 heures) Carte mère: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Processeur: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz Partitions de disque ==== ========================= A: est amovible C: est FIXE (NTFS) - 128 GIB total, 60.146 GIB libre. D: est FIXE (NTFS) - 69 GIB total, 60.479 GIB libre. E: est-CDROM (CDFS) F: est-CDROM (CDFS) G: est FIXE (NTFS) - 245 GIB total, 138.326 GIB libre. H: est-CDROM () I: est-CDROM () J: est-CDROM () K: est-CDROM () ==== Disabled Device Manager objets ============= Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Fabricant: Realtek Semiconductor Corp Nom: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Description: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Fabricant: Microsoft Nom: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== Points de restauration système =================== RP202: 3/26/2009 6:14:01 PM - Système Checkpoint RP203: 3/27/2009 9:06:08 PM - Système Checkpoint RP204: 3/30/2009 12:43:20 PM - Système Checkpoint RP205: 4/1/2009 5:11:23 PM - Système Checkpoint RP206: 4/3/2009 3:31:49 PM - Système Checkpoint RP207: 4/6/2009 11:30:33 AM - Système Checkpoint RP208: 4/8/2009 1:48:55 AM - Enlevée MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installé MapleStory. RP210: 4/8/2009 2:00:33 AM - Enlevée MapleStory. RP211: 4/8/2009 2:12:11 AM - Installé MapleStory. RP212: 4/9/2009 1:53:58 PM - Système Checkpoint RP213: 4/11/2009 6:22:36 AM - Système Checkpoint RP214: 4/14/2009 11:18:28 AM - Système Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3.0 RP216: 4/18/2009 1:32:37 AM - Système Checkpoint RP217: 4/21/2009 2:37:36 PM - Système Checkpoint RP218: 4/22/2009 5:07:27 PM - Système Checkpoint RP219: 4/24/2009 2:41:28 PM - Système Checkpoint RP220: 4/25/2009 10:07:27 PM - Système Checkpoint RP221: 4/28/2009 6:48:10 AM - Installé Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - Système Checkpoint RP223: 5/3/2009 11:36:18 PM - Système Checkpoint RP224: 5/5/2009 2:29:10 PM - Système Checkpoint RP225: 5/6/2009 8:29:33 PM - Système Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3.0 RP227: 5/7/2009 11:16:03 AM - Installé Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - Système Checkpoint RP229: 5/10/2009 5:10:12 PM - Système Checkpoint RP230: 5/11/2009 9:02:07 PM - Système Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3.0 RP232: 5/14/2009 2:28:00 PM - Enlevée ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - Système Checkpoint RP234: 5/17/2009 1:28:31 AM - Système Checkpoint RP235: 5/17/2009 4:58:00 PM - Installé LG USB Modem driver RP236: 5/19/2009 11:34:48 AM - Système Checkpoint RP237: 5/20/2009 12:47:48 PM - Système Checkpoint RP238: 5/23/2009 10:08:08 AM - Système Checkpoint RP239: 6/1/2009 10:03:10 AM - Système Checkpoint RP240: 6/2/2009 10:03:30 AM - Système Checkpoint RP241: 6/3/2009 11:47:56 AM - Système Checkpoint RP242: 6/5/2009 11:10:53 PM - Système Checkpoint RP243: 6/7/2009 2:46:24 PM - Système Checkpoint RP244: 6/9/2009 11:32:41 AM - Système Checkpoint RP245: 6/10/2009 5:52:30 PM - Système Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3.0 RP247: 6/12/2009 12:14:34 PM - Système Checkpoint RP248: 6/13/2009 1:12:33 PM - Système Checkpoint RP249: 6/14/2009 9:20:14 PM - Système Checkpoint RP250: 6/15/2009 9:53:46 PM - Système Checkpoint RP251: 6/17/2009 12:27:01 AM - Système Checkpoint RP252: 6/21/2009 7:28:06 PM - Système Checkpoint RP253: 6/22/2009 8:08:50 PM - Système Checkpoint RP254: 6/23/2009 2:54:41 PM - Enlevée Garmin City Navigator NT Amérique du Nord 2009 Update RP255: 6/23/2009 2:58:20 PM - Enlevée palmOne RP256: 6/24/2009 3:58:18 PM - Système Checkpoint ==== Programmes installés ====================== ==== Event Viewer Messages de la semaine dernière ======== ==== End of File =========================== |
|
#5
24e juin 2009, 14:05
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! Télécharger ComboFix © SUBS de l'un des liens ci-dessous. Assurez-vous haut mettre à la Desktop. Lien # 1 Link # 2 ** Note: Il est important de le sauvegarder directement sur votre bureau NE PAS exécutez-le encore! Note: les instructions ci-dessous ont été créées spécifiquement pour cet utilisateur. Si vous n'êtes pas cet utilisateur, NE PAS suivre ces instructions, sous peine d'endommager le fonctionnement de votre système Supprimer ces fichiers / dossiers, comme suit: 1. Aller à Démarrer > Courir > Type Notepad.exe et cliquez sur OK pour ouvrir le Bloc-notes. Il devoir être Bloc-notes, Wordpad pas. 2. Copiez le texte ci-dessous dans la case code en mettant en lumière tout le texte et en appuyant sur Ctrl + C Code: Killall: DDS: uInternet Settings, ProxyOverride = *. local EB: (32683183-48a0-441b-A342-7c2a440a9478) - n ° de dossier IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - c: \ program files \ messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: Point de vue Gestionnaire de dossier: c: \ program files \ point de vue 4. Ensuite, cliquez sur Fichier > Sauver 5. Nom du fichier CFScript.txt - Enregistrez le fichier sur votre bureau 6. Ensuite, faites glisser le CFScript (maintenez enfoncé le bouton gauche tout en faisant glisser le fichier) et déposez-le (la libération du bouton gauche de la souris) dans ComboFix.exe comme vous le voyez sur la capture d'écran ci-dessous. Important: Exécutez cette instruction attentivement!  ComboFix va commencer à exécuter, il suffit de suivre les instructions. Après un redémarrage (dans le cas où il demande de redémarrer l'ordinateur), il va produire un journal pour vous. Post que log (Combofix.txt) dans votre prochaine réponse. Note: Ne pas ComboFix clic de souris, la fenêtre en cours d'exécution. Cette mai cause votre système de gel
__________________ |
|
#6
25e juin 2009, 08:45
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Souris 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Du: c: \ documents and settings \ Mouse \ Desktop \ ComboFix.exe Interrupteurs de commande utilisés:: c: \ documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On analyse à l'accès handicapés * (mise à jour) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security permis * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ program files \ point de vue c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys c: \ Program Files \ Messenger \ msmsgs.exe c: \ program files \ viewpoint \ Common \ ViewpointService.exe c: \ program files \ viewpoint \ Common \ VistaBoot.sdll c: \ program files \ viewpoint \ Viewpoint Media Player \ AxMetaStream.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ ClassIDs.ini c: \ program files \ viewpoint \ Viewpoint Media Player \ ComponentMgr.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ MetaStreamID.ini c: \ program files \ viewpoint \ Viewpoint Media Player \ MtsAxInstaller.exe c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ Cursors.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ JpegReader.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ SWFView.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ npViewpoint.dll c: \ program files \ viewpoint \ Viewpoint Media Player \ npViewpoint.xpt c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ desktop.ini c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ desktop.ini c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formats \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Service Manager ------- \ Legacy_ossrv ------- \ Service_ossrv Créée à partir de ((((((((((((((((((((((((( Files 2009-05-24 au 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Jeux 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ documents and settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ program files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ program files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w C: \ Program Files \ Fichiers communs \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ arpproducticon.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ documents and settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit entrées par défaut ne sont pas indiquées REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "c: \ program files \ Microsoft ActiveSync \ Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "c: \ program files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "c: \ program files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "c: \ program files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "c: \ program files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "c: \ program files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ program files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "c: \ program files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853a-EBB7F4A000DA)" = "c: \ program files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ Adobe Gamma Loader.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon démarrage [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo démarrage [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ Microsoft Office.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ pss \ Microsoft Office.lnkCommon démarrage [HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ software \ microsoft \ security center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ software \ microsoft \ security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ French \ \ setup.exe" = "c: \ program files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ program files \ Microsoft ActiveSync \ Wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ Wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ program files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; c: \ program files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; c: \ program files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ se32.sys Cuba [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; c: \ program files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Autres Services / Drivers --- En mémoire NewlyCreated * * - SASDIFSV . Contenu de la "Tâches planifiées" dossier 2009-06-13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 c: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - ORPHELINS REMOVED - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . Supplementary Scan ------- ------- . uStart Page = hxxp: / / google.com / IE: Ajouter à Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporter vers Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector par Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS scanning processus cachés ... scanning hidden autostart entries ... de balayage des fichiers cachés ... scan effectué avec succès les fichiers cachés: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED REGISTRY KEYS [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, e8, e1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, d9, c8, 28,51, af, b0, 29, a3, 98, a9, c3, a8, 8 bis, 5e, d3, 39,87, e2, 63,26, f1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, dc, e4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6 bis, 9 quater, d6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, c9, 26, eb, a7, df, 4d, 25, c2, 62,83,25, da, ec, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, a1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, e7, 8d, 86,8 c, 21,01, be, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, b9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, c7, 40,4 b, cd, 44, cd, b9, a6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-843B-4fb1-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4 bis, d5, 24,8 d, 3 bis, 49, c4, b0, 18, ed, a7, 3f, 8d, 37, a4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, a7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, e8, 04,4 a, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, e8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, ea, f8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, c6, f6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, ce, ch, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, b9, 6b, c6, a2, 44,8 d, 59, a6, f5, 3d, ce, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, b5, b9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, eb, bc, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 a, b7, cc, b5, b9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8 bis, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | aaaa ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sous Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Autres processus en cours ----------------------- -- . c: \ program files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ program files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe c: \ program files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ program files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Délai: 2009-06-24 19:29 - machine a redémarré ComboFix-quarantaine-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 octets libres Post-Run: 67799437312 octets libres WindowsXP-KB310994-SP2-Pro-Bootdisk-FRA.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professionnel" / noexecute = optin / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professionnel" / fastdetect / noexecute = OptIn Courant par défaut = 3 = 3 = 1 Failed LastKnownGood = 4 Sets = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25e juin 2009, 09:58
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! Supprimer ces fichiers / dossiers, comme suit: 1. Aller à Démarrer > Courir > Type Notepad.exe et cliquez sur OK pour ouvrir le Bloc-notes. Il devoir être Bloc-notes, Wordpad pas. 2. Copiez le texte ci-dessous dans la case code en mettant en lumière tout le texte et en appuyant sur Ctrl + C Code: Killall: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-843B-4fb1 - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | aaaa ¤ • € | ù • A ~ *] 4. Ensuite, cliquez sur Fichier > Sauver 5. Nom du fichier CFScript.txt - Enregistrez le fichier sur votre bureau 6. Ensuite, faites glisser le CFScript (maintenez enfoncé le bouton gauche tout en faisant glisser le fichier) et déposez-le (la libération du bouton gauche de la souris) dans ComboFix.exe comme vous le voyez sur la capture d'écran ci-dessous. Important: Exécutez cette instruction attentivement! ComboFix va commencer à exécuter, il suffit de suivre les instructions. Après un redémarrage (dans le cas où il demande de redémarrer l'ordinateur), il va produire un journal pour vous. Post que log (Combofix.txt) dans votre prochaine réponse. Note: Ne pas ComboFix clic de souris, la fenêtre en cours d'exécution. Cette mai cause votre système de gel ---------- Aussi permettez-moi de savoir comment l'ordinateur est en marche maintenant. .
__________________ |
|
#8
25e juin 2009, 16:17
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Souris 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Du: c: \ documents and settings \ Mouse \ Desktop \ ComboFix.exe Interrupteurs de commande utilisés:: c: \ documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On analyse à l'accès handicapés * (mise à jour) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * handicapés * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . Créée à partir de ((((((((((((((((((((((((( Files 2009-05-25 au 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Jeux 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ documents and settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ program files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ program files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w C: \ Program Files \ Fichiers communs \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ arpproducticon.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ documents and settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ Wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ Kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit entrées par défaut ne sont pas indiquées REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "c: \ program files \ Microsoft ActiveSync \ Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "c: \ program files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "c: \ program files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "c: \ program files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "c: \ program files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "c: \ program files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ program files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "c: \ program files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853a-EBB7F4A000DA)" = "c: \ program files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ Adobe Gamma Loader.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon démarrage [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo démarrage [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ Microsoft Office.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ pss \ Microsoft Office.lnkCommon démarrage [HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ software \ microsoft \ security center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ software \ microsoft \ security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ French \ \ setup.exe" = "c: \ program files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ program files \ Microsoft ActiveSync \ Wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ Wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ program files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; c: \ program files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; c: \ program files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ se32.sys Cuba [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; c: \ program files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Contenu de la "Tâches planifiées" dossier 2009-06-13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 c: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . Supplementary Scan ------- ------- . uStart Page = hxxp: / / google.com / IE: Ajouter à Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporter vers Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector par Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS scanning processus cachés ... scanning hidden autostart entries ... de balayage des fichiers cachés ... scan effectué avec succès les fichiers cachés: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED REGISTRY KEYS [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, e8, e1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, d9, c8, 28,51, af, b0, 29, a3, 98, a9, c3, a8, 8 bis, 5e, d3, 39,87, e2, 63,26, f1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, dc, e4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6 bis, 9 quater, d6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, c9, 26, eb, a7, df, 4d, 25, c2, 62,83,25, da, ec, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, a1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, e7, 8d, 86,8 c, 21,01, be, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, b9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, c7, 40,4 b, cd, 44, cd, b9, a6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-843B-4fb1-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4 bis, d5, 24,8 d, 3 bis, 49, c4, b0, 18, ed, a7, 3f, 8d, 37, a4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, a7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, e8, 04,4 a, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, e8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, ea, f8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, c6, f6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, ce, ch, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, b9, 6b, c6, a2, 44,8 d, 59, a6, f5, 3d, ce, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, b5, b9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, eb, bc, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 a, b7, cc, b5, b9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8 bis, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | aaaa ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sous Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Autres processus en cours ----------------------- -- . c: \ program files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ program files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ program files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe c: \ program files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Délai: 2009-06-25 19:14 - machine a redémarré ComboFix-quarantaine-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 octets libres Post-Run: 67883995136 octets libres Courant par défaut = 3 = 3 = 1 Failed LastKnownGood = 4 Sets = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25e juin 2009, 18:13
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! Désolé j'ai oublié quelque chose. Supprimer ces fichiers / dossiers, comme suit: 1. Aller à Démarrer > Courir > Type Notepad.exe et cliquez sur OK pour ouvrir le Bloc-notes. Il devoir être Bloc-notes, Wordpad pas. 2. Copiez le texte ci-dessous dans la case code en mettant en lumière tout le texte et en appuyant sur Ctrl + C Code: Killall: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-843B-4fb1-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Components \ h-€ | aaaa ¤ • € | ù • A ~ *] 4. Ensuite, cliquez sur Fichier > Sauver 5. Nom du fichier CFScript.txt - Enregistrez le fichier sur votre bureau 6. Ensuite, faites glisser le CFScript (maintenez enfoncé le bouton gauche tout en faisant glisser le fichier) et déposez-le (la libération du bouton gauche de la souris) dans ComboFix.exe comme vous le voyez sur la capture d'écran ci-dessous. Important: Exécutez cette instruction attentivement! ComboFix va commencer à exécuter, il suffit de suivre les instructions. Après un redémarrage (dans le cas où il demande de redémarrer l'ordinateur), il va produire un journal pour vous. Post que log (Combofix.txt) dans votre prochaine réponse. Note: Ne pas ComboFix clic de souris, la fenêtre en cours d'exécution. Cette mai cause votre système de gel ---------- Aussi permettez-moi de savoir comment l'ordinateur est en marche maintenant. .
__________________ |
|
#10
26e juin 2009, 00:59
| |||
| |||
| Infectés par le MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Souris 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Du: c: \ documents and settings \ Mouse \ Desktop \ ComboFix.exe Interrupteurs de commande utilisés:: c: \ documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On analyse à l'accès handicapés * (mise à jour) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * handicapés * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . Créée à partir de ((((((((((((((((((((((((( Files 2009-05-26 au 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ program files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Jeux 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- aw-c: \ documents and settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ program files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ program files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ documents and settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ documents and settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ program files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ program files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w C: \ Program Files \ Fichiers communs \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ documents and settings \ Mouse \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ documents and settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ arpproducticon.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ documents and settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ Wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ Kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit entrées par défaut ne sont pas indiquées REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "c: \ program files \ Microsoft ActiveSync \ Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "c: \ program files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "c: \ program files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "c: \ program files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "c: \ program files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "c: \ program files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ program files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "c: \ program files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853a-EBB7F4A000DA)" = "c: \ program files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ Adobe Gamma Loader.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon démarrage [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo démarrage [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Démarrer ^ Programmes ^ Démarrage ^ Microsoft Office.lnk] path = c: \ documents and settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ pss \ Microsoft Office.lnkCommon démarrage [HKEY_LOCAL_MACHINE \ software \ microsoft \ shared tools \ msconfig \ services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ software \ microsoft \ security center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ software \ microsoft \ security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ French \ \ setup.exe" = "c: \ program files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ program files \ Microsoft ActiveSync \ Wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ Wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ program files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; c: \ program files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; c: \ program files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ se32.sys Cuba [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; c: \ program files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Contenu de la "Tâches planifiées" dossier 2009-06-13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ program files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 c: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . Supplementary Scan ------- ------- . uStart Page = hxxp: / / google.com / IE: Ajouter à Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xporter vers Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector par Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS scanning processus cachés ... scanning hidden autostart entries ... de balayage des fichiers cachés ... scan effectué avec succès les fichiers cachés: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED REGISTRY KEYS [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, e8, e1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, d9, c8, 28,51, af, b0, 29, a3, 98, a9, c3, a8, 8 bis, 5e, d3, 39,87, e2, 63,26, f1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, dc, e4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6 bis, 9 quater, d6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, c9, 26, eb, a7, df, 4d, 25, c2, 62,83,25, da, ec, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, a1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, e7, 8d, 86,8 c, 21,01, be, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, b9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, c7, 40,4 b, cd, 44, cd, b9, a6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-843B-4fb1-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4 bis, d5, 24,8 d, 3 bis, 49, c4, b0, 18, ed, a7, 3f, 8d, 37, a4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, a7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, e8, 04,4 a, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, e8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, ea, f8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, c6, f6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, ce, ch, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, b9, 6b, c6, a2, 44,8 d, 59, a6, f5, 3d, ce, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, b5, b9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, eb, bc, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 a, b7, cc, b5, b9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8 bis, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | aaaa ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sous Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (672) c: \ program files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Autres processus en cours ----------------------- -- . c: \ program files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ program files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ program files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ MICROS ~ 4 \ rapimgr.exe c: \ program files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Délai: 2009-06-26 3:57 - machine a redémarré ComboFix-quarantaine-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 octets libres Post-Run: 67888648192 octets libres Courant par défaut = 3 = 3 = 1 Failed LastKnownGood = 4 Sets = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Bookmarks |
Similar Threads | ||||
| Fil | Thread Starter | Forum | Réponses | Last Post |
| Problème avec Trojan Horse Downloader Generic 9 | OGB | Virus, Spyware et sécurité | 7 | 21 novembre 2009 13:06 |
| Multi Desktop Application? | Haun | General Chat Software | 6 | 31 mars 2009 01:30 |
| Heur Trojan Generic | kathymer | Virus, Spyware et sécurité | 10 | 29 Nov 2008 12:58 |
| Infectées par Heur.trojan.generic Aide S'il vous plaît | ruffryder2k7 | Virus, Spyware et sécurité | 17 | 6 Nov 2008 10:39 |
| Êtes-vous en mesure de synchroniser un générique lecteur mp3 [pas un iPod] avec iTunes? | reyrey_angulo | Sound, Haut-parleurs et lecteurs MP3 | 1 | 18 Mar 2007 15:39 |
| Thread Tools | |
| |
