"urgent" probleme malware protectore 2008 (3/4)

ComboFix 08-07-09.5 - Administrateur 2008-07-11 15:36:27.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.57 [GMT 2:00]Endroit: D:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
[color=purple]The following files were disabled during the run:[/color]
D:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\WinNt64.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))))))
.

2008-07-11 14:56 . 2008-07-11 14:56 <REP> d-------- D:\Program Files\Enigma Software Group
2008-07-11 13:15 . 2008-07-11 13:15 21,504 --a------ D:\WINDOWS\system32\ioczqe.dll
2008-07-10 18:16 . 2008-07-10 18:16 <REP> d-------- D:\_OTMoveIt
2008-07-10 16:57 . 2008-07-10 16:46 60,928 --a------ D:\WINDOWS\system32\18.tmp
2008-07-10 14:53 . 2008-07-10 14:53 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 14:53 . 2008-07-10 14:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 14:53 . 2008-07-10 14:53 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-10 14:53 . 2008-07-07 17:35 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 14:53 . 2008-07-07 17:35 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 13:40 . 2008-07-10 13:40 25,154,969 --a------ D:\WINDOWS\LPT$VPN.399
2008-07-10 13:39 . 2008-07-10 13:40 <REP> d-------- D:\WINDOWS\AU_Temp
2008-07-10 13:39 . 2008-07-10 13:40 25,154,969 --a------ D:\WINDOWS\VPTNFILE.399
2008-07-10 09:57 . 2008-07-10 09:47 60,928 --a------ D:\WINDOWS\system32\33.tmp
2008-07-07 11:39 . 2008-07-07 11:39 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Quark
2008-07-07 11:36 . 2008-07-07 11:38 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Quark
2008-07-07 11:34 . 2008-07-07 11:36 <REP> d-------- D:\Program Files\Quark
2008-07-05 11:14 . 2008-07-05 11:14 <REP> d-------- D:\WINDOWS\system32\repository
2008-06-25 23:29 . 2008-07-10 16:09 0 --a------ D:\WINDOWS\system32\12520850e.sys
2008-06-24 10:31 . 2008-07-10 16:13 37,246,063 --ahs---- D:\WINDOWS\system32\1041b.sys
2008-06-24 10:31 . 2008-06-24 10:31 21,504 --ahs---- D:\WINDOWS\system32\actmoviec.dll
2008-06-18 03:05 . 2008-06-18 03:05 268 --ah----- D:\sqmdata02.sqm
2008-06-18 03:05 . 2008-06-18 03:05 244 --ah----- D:\sqmnoopt02.sqm
2008-06-14 10:58 . 2008-07-10 09:53 335 --a-s---- D:\WINDOWS\system32\816125296.dat
2008-06-13 00:40 . 2008-06-13 00:40 <REP> d-------- D:\Program Files\Fichiers communs\Adobe AIR
2008-06-13 00:40 . 2008-06-13 00:40 <REP> d-------- D:\Program Files\Adobe Media Player
2008-06-12 12:15 . 2008-07-11 15:41 30,720 --a------ D:\WINDOWS\system32\drivers\Pvc05.sys
2008-06-11 00:44 . 2008-07-11 15:40 13,824 --------- D:\WINDOWS\system32\WinNt64.dll
2008-06-11 00:44 . 2008-06-11 00:44 13,824 --a------ D:\WINDOWS\system32\WinNt64.dl_

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 13:42 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Skype
2008-07-11 13:41 --------- d-----w D:\Program Files\Wanadoo
2008-07-10 11:40 91,744 ----a-w D:\WINDOWS\BPMNT.dll
2008-07-10 11:40 71,749 ----a-w D:\WINDOWS\hcextoutput.dll
2008-07-10 11:40 333,576 ----a-w D:\WINDOWS\tsc.exe
2008-07-10 11:40 1,213,784 ----a-w D:\WINDOWS\vsapi32.dll
2008-06-10 22:44 29,696 ----a-w D:\WINDOWS\system32\drivers\Pvc84.sys
2008-04-24 08:08 77,824 ----a-w D:\WINDOWS\system32\mmocr0.dll
2008-01-29 22:40 15,397 ----a-w D:\Program Files\settings.dat
.

------- Sigcheck -------

2004-08-10 13:00 359040 1745b00fc1141404b28f4b94f69a8871 D:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-10 13:00 359040 1745b00fc1141404b28f4b94f69a8871 D:\WINDOWS\system32\drivers\tcpip.sys

2004-11-25 23:20 506368 048cb871e6f98e41f072b85c67c30925 D:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-10_16.29.19.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 14:26:02 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-07-11 13:40:33 2,048 --s-a-w D:\WINDOWS\bootstat.dat
- 2008-07-10 14:22:01 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-11 12:02:18 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-10 14:22:01 1,802,240 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-07-11 12:02:18 1,802,240 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-07-10 14:11:48 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071020080711\index.dat
+ 2008-07-10 21:58:22 278,528 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071020080711\index.dat
+ 2008-07-11 13:00:15 180,224 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071120080712\index.dat
+ 2008-07-11 13:41:18 6,784 ----a-w D:\WINDOWS\system32\drivers\tcpsr.sys
+ 2004-12-07 08:11:00 258,352 ----a-w D:\WINDOWS\system32\unicows.dll
+ 2006-09-11 09:56:00 526,184 ----a-w D:\WINDOWS\system32\XceedCry.dll
+ 2006-12-21 13:18:00 497,496 ----a-w D:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"WOOKIT"="D:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:58 21687592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="D:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]
"NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Glock Suite 1.1"="D:\WINDOWS\system32\glock32.exe" [2004-08-10 13:00 13312]
"SpyHunter Security Suite"="D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= D:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ioczqe]
2008-07-11 13:15 21504 D:\WINDOWS\system32\ioczqe.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpu27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc84.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\WEB\\apache\\apache.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Pvc05;Pvc05;D:\WINDOWS\system32\Drivers\Pvc05.sys [2008-07-11 15:41]
R0 Pvc84;Pvc84;D:\WINDOWS\system32\Drivers\Pvc84.sys [2008-06-11 00:44]
R3 P1130VID;Creative WebCam NX Pro;D:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-05-08 03:00]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;D:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 17:37]
R3 tcpsr;tcpsr;D:\WINDOWS\System32\drivers\tcpsr.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;D:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - TCPSR
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-03 20:21:05 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 15:40:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvDhcpusnjsvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvseclogon]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvseclogonW32Time]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSEventSystem]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSWmiApSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browserstisvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserstisvcLmHosts]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserstisvcRemoteAccess]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserstisvcTermService]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpehSched]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcpusnjsvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadminMSDTC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheRSVP]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvclanmanserverxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcNetDDE]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserverxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationlanmanserverxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHNSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmseclogon]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmseclogonProtectedStorage]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetmanRemoteAccess]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentAudioSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasManFTRTSVC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSsSENS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPDnscache]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessBrowserstisvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetectionDhcp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetectionSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetectionSamSsClipSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientTlntSvr]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmtwscsvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvcSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvWmi]
"ImagePath"=" srv"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\system32\ioczqe.dll
-> D:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: D:\WINDOWS\explorer.exe
-> D:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\ehome\ehRecvr.exe
D:\WINDOWS\ehome\ehSched.exe
D:\WINDOWS\system32\FTRTSVC.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\WINDOWS\ehome\ehmsas.exe
D:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
D:\PROGRA~1\Wanadoo\ComComp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-11 15:52:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 13:50:44
ComboFix2.txt 2008-07-11 12:06:50
ComboFix3.txt 2008-07-10 14:30:47

Pre-Run: 48,528,560,128 octets libres
Post-Run: 48,208,068,608 octets libres

255

"urgent" probleme malware protectore 2008

Participer! →

looping74 →

Le 11 juillet à 15:05 #

Ichigo11 →

Le 11 juillet à 15:06 #

looping74 →

Le 11 juillet à 16:27 #

Ichigo11 →

Le 11 juillet à 18:32 #

looping74 →

Le 14 juillet à 23:56 #

Ichigo11 →

Le 15 juillet à 00:01 #

looping74 →

Le 15 juillet à 00:09 #

Ichigo11 →

Le 15 juillet à 00:13 #

looping74 →

Le 15 juillet à 00:25 #

Ichigo11 →

Le 15 juillet à 00:29 #

Participer! →

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Forums

Navigation

Publicité

Connectés

Recherche

Concours

Partenaires

	"urgent" probleme malware protectore 2008
	» Liste des Forums » Virus, troyens, etc... » Discussion