Se connecter / S'enregistrer
Votre question

Virus avec processus changeant de nom (ComboFix inclus)

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Novembre 2010 14:20:14

Bonjour,

J'ai récupéré il y a quelque jours le virus AntiVirus 2010 que je pensait avoir supprimé (plus de problème jusqu'a maintenant).
Cependant je remarque la présence de processus aux noms bizarre qui réapparaissent sous un nouveau nom lorsque je les supprime.
Tous ces processus sont décrit de la manière suivante : 74tjn6X8C hMwFP28s PlFk38wEj
Aucune recherche internet ne m'a permis de trouver de réponse satisfaisant, je m'en remet donc à votre expertise.
Ci-joint un log ComboFix effectué il y a peu.

Merci d'avance
Spoiler
ComboFix 10-10-31.03 - Jérémy 01/11/2010 12:54:55.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1832 [GMT 1:00]
Lancé depuis: c:\users\Jérémy\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrateur\AppData\Roaming\BITS
c:\users\Administrateur\AppData\Roaming\BITS\BITS.ini
c:\users\Administrateur\AppData\Roaming\BITS\DHTTable.dat
c:\users\Administrateur\AppData\Roaming\BITS\ProxyList.ini
c:\users\Jérémy\AppData\Roaming\BITS
c:\users\Jérémy\AppData\Roaming\BITS\BITS.ini
c:\users\Jérémy\AppData\Roaming\BITS\DHTTable.dat
c:\users\Jérémy\AppData\Roaming\BITS\ProxyList.ini
c:\users\Jérémy\AppData\Roaming\MSA
c:\users\Jérémy\AppData\Roaming\MSA\bbzzkzz16.exe
c:\users\Jérémy\AppData\Roaming\MSA\userid.dat
c:\windows\system32\psisdeccd.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-01 au 2010-11-01 ))))))))))))))))))))))))))))))))))))
.

2010-11-01 12:10 . 2010-11-01 12:10 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2010-11-01 11:13 . 2010-11-01 11:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-01 07:27 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-11-01 07:19 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-01 07:19 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-01 07:19 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-01 06:47 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-01 06:27 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-01 06:27 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-01 06:27 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-01 06:27 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-01 06:27 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-01 06:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-01 05:59 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-01 05:59 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-01 05:51 . 2010-11-01 05:51 -------- d-----w- c:\program files\MSXML 4.0
2010-11-01 05:42 . 2010-10-30 13:33 175616 ----a-w- c:\users\Jérémy\dllMsiHndInstaller.exe
2010-10-31 19:49 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-31 19:48 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-10-31 19:48 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-31 19:48 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2010-10-31 19:48 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2010-10-31 19:48 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-10-31 19:48 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-10-31 19:48 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-10-31 19:44 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-10-31 19:44 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-31 19:44 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-31 19:44 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-31 19:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-10-31 19:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-10-31 19:36 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-10-31 19:36 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-31 19:36 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-10-31 19:36 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-10-31 19:36 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-10-31 19:36 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-10-31 19:36 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-10-31 19:22 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-31 19:22 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-10-31 19:20 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-31 19:19 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-10-31 19:19 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-31 19:19 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-31 19:19 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-31 19:19 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-31 19:18 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-31 19:18 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-31 19:18 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-31 19:18 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-31 19:18 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-31 19:18 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-10-31 19:18 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-10-31 19:18 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-31 19:02 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-10-31 18:54 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-10-31 18:54 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-10-31 18:54 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-10-31 18:54 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-10-31 18:54 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-10-31 18:54 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-10-31 18:54 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-10-31 18:54 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-10-31 18:54 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-10-31 18:51 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-31 18:11 . 2010-11-01 06:32 -------- d-----w- c:\program files\Microsoft.NET
2010-10-31 18:11 . 2010-10-31 18:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-31 18:08 . 2010-10-31 18:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-31 18:06 . 2010-10-31 18:06 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-30 05:58 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B50D1F92-70BA-4328-A715-A4F94EEC7875}\mpengine.dll
2010-10-28 15:39 . 2009-06-07 14:25 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-28 15:39 . 2009-06-07 14:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-28 15:39 . 2010-10-28 15:39 -------- d-----w- c:\program files\Xvid
2010-10-28 15:39 . 2009-06-07 14:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-28 15:19 . 2010-10-28 15:19 -------- d-----w- c:\windows\system32\1067
2010-10-28 14:50 . 2010-10-31 18:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-28 14:48 . 2010-10-28 14:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-28 14:38 . 2010-10-28 14:38 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-28 14:31 . 2010-10-28 14:31 -------- d-----w- c:\program files\Wikikou
2010-10-28 12:36 . 2010-10-28 14:28 -------- d-----w- c:\program files\Enigma Software Group
2010-10-28 12:27 . 2010-10-28 14:27 -------- d-----w- c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP
2010-10-28 12:27 . 2010-10-28 12:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-21 16:34 . 2010-10-21 16:34 -------- d-----w- c:\windows\fr
2010-10-21 16:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-21 16:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-21 16:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-21 16:12 . 2010-10-28 14:27 -------- d-----w- c:\users\Jérémy\AppData\Local\Windows Live
2010-10-21 15:59 . 2009-06-25 11:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-21 15:29 . 2010-10-21 15:30 -------- d-----w- c:\windows\system32\ca-ES
2010-10-21 15:29 . 2010-10-21 15:30 -------- d-----w- c:\windows\system32\eu-ES
2010-10-21 15:29 . 2010-10-21 15:29 -------- d-----w- c:\windows\system32\vi-VN
2010-10-21 15:23 . 2010-10-21 15:23 -------- d-----w- c:\windows\system32\SPReview
2010-10-21 15:11 . 2009-04-10 21:43 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\fr\Microsoft.Ink.Resources.dll
2010-10-21 15:11 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-10-21 15:11 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-10-21 15:09 . 2009-04-10 21:28 61440 ----a-w- c:\windows\system32\davclnt.dll
2010-10-21 15:00 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-21 14:59 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2010-10-21 14:58 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-10-21 14:56 . 2010-10-21 14:56 -------- d-----w- c:\windows\system32\EventProviders
2010-10-21 14:46 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 14:55 . 2010-10-28 15:35 661351 ----a-w- c:\windows\RON 2010 FRENCH DL Uninstaller.exe
2010-10-13 14:48 . 2010-10-13 14:48 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-10-12 15:59 . 2010-10-12 15:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-10-05 09:28 . 2010-10-05 09:28 -------- d-----w- c:\program files\PixiePack Codec Pack

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-30 13:33 . 2010-11-01 05:42 175616 ----a-w- c:\users\Jérémy\dllMsiHndInstaller.exe
2010-10-30 13:33 . 2010-11-01 05:42 175616 ----a-w- c:\users\Jérémy\dllMsiHndInstaller.exe
2010-10-19 20:51 . 2010-02-18 22:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-02-20 07:42 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-23 20:45 . 2010-03-30 10:48 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-23 20:45 . 2010-03-30 10:48 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-15 02:50 . 2010-06-13 14:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-30 07:10 . 2010-08-30 07:10 48 ----a-w- c:\users\Jérémy\AppData\Roaming\tigersetting.dll
2010-08-30 07:10 . 2010-08-30 07:10 48 ----a-w- c:\users\Jérémy\AppData\Roaming\tigersetting.dll
2010-08-26 16:33 . 2010-10-31 19:44 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-31 19:44 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-31 19:44 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-31 19:44 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-18 15:10 . 2010-09-23 20:45 809560 ----a-r- c:\windows\system32\tmpE82.tmp
2010-08-18 15:10 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmpE81.tmp
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056]
"VisualStudio"="c:\users\jérémy\appdata\locallow\sun\java\deployment\systemcache\6.0\46\f84c6ae-520e2dc6-n\visualjavafx.exe" [2010-10-30 175616]
"MediaLibr"="c:\users\jérémy\appdata\roaming\divx\player\librmedia.exe" [2010-10-30 175616]
"DreamShieldPackageInstallerProvidersamedioctobre"="c:\users\jérémy\appdata\roaming\lksoft\dreamshield\logs\dreamshieldpackageinstallerprovidersamedioctobre.exe" [2010-10-30 175616]
"LibrMedia"="c:\users\Jérémy\AppData\Roaming\DivX\Player\LibrMedia.exe" [2010-10-30 175616]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2010-04-07 5758976]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LibrMedia"="c:\users\Jérémy\AppData\Roaming\DivX\Player\LibrMedia.exe" [2010-10-30 175616]
"MillenniumWindows"="c:\users\jérémy\dllmsihndinstaller.exe" [2010-10-30 175616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-05-21 794624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"BCSSync"="d:\microsoft office\Office14\BCSSync.exe" [2010-01-21 91520]

c:\users\J‚r‚my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Diinote.lnk - c:\program files\Diinote\Diinote.exe [2009-10-2 621568]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe"
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-02-22 159744]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\microsoft office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 3768]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 PKWCap;PKWCap service;c:\windows\system32\DRIVERS\PKWCap.sys [2008-04-28 995328]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-06 721904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-29 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2010-11-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-12 09:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = search.net-studio.org
uInternet Settings,ProxyServer = http-proxy.ensiie.fr:3128
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: E&xport to Microsoft Excel - d:\micros~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - d:\micros~2\Office14\ONBttnIE.dll/105
IE: Télécharger avec Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: {178EB342-2F78-4F98-8A8E-9F942569CC40} = 62.201.129.99 62.201.159.99
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jérémy\AppData\Roaming\Mozilla\Firefox\Profiles\nrd6837g.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\micros~2\Office14\NPAUTHZ.DLL
FF - plugin: d:\micros~2\Office14\NPSPWRAP.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-AntiVirus 2010 - c:\users\Jérémy\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe
HKCU-RunServices-ymjsdwkld[1] - c:\users\Jérémy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31DHFHJS\ymjsdwkld[1].exe
MSConfigStartUp-633mh3uwensg - c:\users\Jérémy\AppData\Roaming\MSA\bbzzkzz16.exe
MSConfigStartUp-AntiVirus 2010 - c:\users\Jérémy\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe
MSConfigStartUp-SecurityCenter - c:\users\Jérémy\AppData\Roaming\AntiVirus 2010\securitycenter.exe
MSConfigStartUp-ymjsdwkld[1] - c:\users\Jérémy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31DHFHJS\ymjsdwkld[1].exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 13:11
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP0000011AA665C1483CD76FF1 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3483033774-1916243921-4121711049-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:D c,aa,90,36,30,b1,63,59,ce,d1,b2,8f,b0,82,72,2a,e7,b2,4b,b0,01,
e3,08,78,87,b0,76,2b,a1,32,37,06,a8,56,76,a0,73,d0,f0,a6,ec,35,36,60,d9,51,\
"rkeysecu"=hex:8d,77,6c,24,23,df,f4,8b,31,2b,e8,64,cb,34,90,64

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2010-11-01 13:15:41
ComboFix-quarantined-files.txt 2010-11-01 12:15

Avant-CF: 3 573 997 568 octets libres
Après-CF: 4 410 769 408 octets libres

- - End Of File - - BD1E86158F7C713A5A9DEA60E07CB577

Autres pages sur : virus processus changeant nom combofix inclus

1 Novembre 2010 17:36:21

En effet, merci quand même.
m
0
l
Contenus similaires
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS