Votre question

Interprétation fichier combofix

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Août 2009 13:25:43

Bonjour à tous,

Ma conjointe avait (et oui avait) un trojan TDSS sur son protable.
Suite à mes recherches sur le net, j'ai découvert Combofix.

Quelqu'un pourrait-il me dire si le rapport de Combofix renferme d'autres informations pouvant m'aider à nettoyer (si nécessaire) le portable en question.

Voici la suite des événements

Combofix une première fois (très bien fonctionné)
CCLeaner pour nettoyer la base de régistre
Combofix une 2e fois pour vérifier

Voici les 2 rapports

1er

ComboFix 09-08-10.06 - Annick 2009-08-18 6:38.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.894.519 [GMT -4:00]
Running from: c:\documents and settings\Annick\Bureau\Testit.exe
AV: avast! antivirus 4.8.1335 [VPS 090817-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3629131078-548763069-1643840128-1003
c:\recycler\S-1-5-21-776561741-789336058-1060284298-1003
c:\windows\Installer\75cf9.msp
c:\windows\Installer\99acab.msp
c:\windows\system32\drivers\geyekrjwespppu.sys
c:\windows\system32\geyekrflcflryf.dll
c:\windows\system32\geyekrfsyyqtma.dll
c:\windows\system32\geyekrinvxacbq.dat
c:\windows\system32\geyekrwqbdmexg.dat


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrabpqxvnq
-------\Legacy_geyekrabpqxvnq
-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-17 21:28 . 2009-08-17 21:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Studio-Scrap2
2009-08-17 21:27 . 2006-01-30 13:32 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2009-08-17 21:27 . 2004-12-07 11:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-08-17 21:27 . 2009-08-17 21:27 -------- d-----w- c:\program files\Tracker Software
2009-08-17 21:26 . 2003-03-19 11:04 618496 ----a-w- c:\windows\system32\stlpmt45.dll
2009-08-17 21:26 . 2008-08-30 00:00 1500160 ----a-w- c:\windows\system32\cc3260mt.dll
2009-08-17 21:26 . 2008-08-30 00:00 1007104 ----a-w- c:\windows\system32\cc3290mt.dll
2009-08-17 21:26 . 1999-02-23 09:16 98304 ----a-w- c:\windows\system32\Dunzip32.dll
2009-08-17 21:26 . 1999-02-23 09:16 125440 ----a-w- c:\windows\system32\Dzip32.dll
2009-08-17 21:26 . 1995-10-11 07:00 133904 ----a-w- c:\windows\system32\MFCANS32.DLL
2009-08-17 21:26 . 2002-03-06 11:00 22016 ----a-w- c:\windows\system32\borlndmm.dll
2009-08-17 21:26 . 2009-08-17 21:30 -------- d-----w- c:\documents and settings\Annick\Application Data\Studio-Scrap2
2009-08-17 21:26 . 2009-08-17 21:27 -------- d-----w- c:\program files\StudioScrap2-Decouverte
2009-08-09 14:56 . 2009-08-09 17:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trymedia
2009-08-09 14:54 . 2009-08-09 17:45 -------- d-----w- C:\GameHouse Games
2009-08-09 14:54 . 2009-08-09 17:45 -------- d-----w- c:\program files\RealArcade
2009-08-04 11:26 . 2009-08-06 07:11 -------- d-----w- c:\documents and settings\Annick\Application Data\vlc
2009-08-03 22:34 . 2009-08-03 22:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-02 19:12 . 2009-08-02 19:12 -------- d-----w- c:\documents and settings\Annick\Application Data\Yahoo!
2009-08-02 19:12 . 2009-08-02 19:19 -------- d-----w- c:\program files\Yahoo!
2009-08-02 19:12 . 2009-08-02 19:12 -------- d-----w- c:\program files\CCleaner
2009-08-02 16:24 . 2009-08-18 09:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-02 16:24 . 2009-08-02 16:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 22:14 . 2009-08-01 22:14 -------- d-----w- c:\windows\ERUNT
2009-08-01 22:13 . 2009-08-01 22:49 -------- d-----w- C:\SDFix
2009-07-31 23:18 . 2009-07-31 23:18 -------- d-----w- c:\documents and settings\Annick\Application Data\Malwarebytes
2009-07-31 23:18 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-31 23:18 . 2009-07-31 23:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-31 23:18 . 2009-08-18 02:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 23:18 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 21:54 . 2009-07-31 21:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-31 21:54 . 2009-08-18 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-31 21:54 . 2009-07-31 21:54 -------- d-----w- c:\documents and settings\Annick\Application Data\SUPERAntiSpyware.com
2009-07-28 02:09 . 2009-07-28 02:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SpinTop Games
2009-07-28 02:06 . 2009-07-28 02:06 -------- d-----w- c:\program files\Mystery P.I. Vegas Deluxe
2009-07-27 10:55 . 2009-07-27 10:55 -------- d-----w- c:\program files\bfgclient
2009-07-27 10:54 . 2009-08-09 17:39 -------- d-----w- c:\program files\BigFish
2009-07-27 10:54 . 2009-07-27 10:54 -------- d-----w- c:\program files\Nouveau dossier
2009-07-27 10:52 . 2009-08-09 17:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2009-07-27 03:25 . 2009-07-27 03:25 -------- d-----w- c:\documents and settings\Annick\Application Data\Meridian93
2009-07-27 01:04 . 2009-07-27 01:05 -------- d-----w- c:\documents and settings\Annick\Application Data\Pirateville
2009-07-26 20:17 . 2009-07-26 20:17 -------- d-----w- c:\documents and settings\Annick\Application Data\cerasus.media
2009-07-26 14:12 . 2009-07-26 14:12 -------- d-----w- c:\program files\Hidden Expedition - Everest
2009-07-24 17:32 . 2009-07-24 17:32 -------- d-----w- c:\documents and settings\Annick\Local Settings\Application Data\Slapdash Games
2009-07-24 17:32 . 2009-07-24 17:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Slapdash Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 12:27 . 2009-06-28 21:42 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-09 14:56 . 2009-06-23 00:39 -------- d-----w- c:\documents and settings\Annick\Application Data\PlayFirst
2009-08-09 14:56 . 2009-06-23 00:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PlayFirst
2009-07-31 21:51 . 2008-01-27 22:44 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-28 02:07 . 2008-04-05 20:18 -------- d-----w- c:\program files\Zylom Games
2009-07-26 13:52 . 2009-07-12 03:52 -------- d-----w- c:\program files\THE GAME OF LIFE - Path to Success
2009-07-18 19:17 . 2009-07-18 19:17 -------- d-----w- c:\program files\VideoLAN
2009-07-15 12:00 . 2002-09-16 14:59 84928 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 12:00 . 2002-09-16 14:59 510892 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 22:33 . 2009-07-14 22:33 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-14 22:33 . 2009-07-14 22:33 -------- d-----w- c:\program files\Lavasoft
2009-07-14 22:33 . 2008-01-27 22:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-11 13:58 . 2009-07-11 13:58 -------- d-----w- c:\documents and settings\Annick\Application Data\GOL_byHasbro
2009-07-11 13:52 . 2009-07-11 13:50 -------- d-----w- c:\program files\The Game Of Life by Hasbro
2009-07-08 18:03 . 2009-07-08 18:02 -------- d-----w- c:\documents and settings\Annick\Application Data\SecretIslandFraBF
2009-07-07 13:29 . 2009-07-07 13:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
2009-07-04 23:40 . 2005-04-15 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 22:10 . 2009-07-04 22:10 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 14:49 . 2009-07-14 22:34 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-14 23:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 04:24 . 2007-07-10 01:41 2932 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]
"Google Update"="c:\documents and settings\Annick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\progra~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-03 692316]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2002-10-23 176197]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-02-11 26112]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-05-21 4608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Annick\Menu D‚marrer\Programmes\D‚marrage\
HardCopy Pro.lnk - c:\program files\HardCopy Pro\HardCopy Pro\HardCopy Pro.exe [2009-6-17 229376]

c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERIC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-07-14 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-07-28 74480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-07 20560]
S2 Synergy Client;Synergy Client;c:\program files\Synergy\synergyc.exe [2006-04-02 446464]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-07-25 386784]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-07-25 43392]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-08-27 16194]
S3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-02-17 292352]
S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-02-17 273536]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2004-05-04 19112]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2009-05-07 356434]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-05-07 57440]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\DRIVERS\wg511nd5.sys --> c:\windows\system32\DRIVERS\wg511nd5.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-02-14 560896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 WinPhlash;WinPhlash;c:\swsetup\sp27643\PhlashNT.sys [2003-07-23 21984]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Notify-mbapfavi - (no file)
Notify-wiwpatiq - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 06:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????X???1?6?6?0??@???? ?X#B?????????????l|B? ???X??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\sirenacm.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-08-18 6:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 10:51

Pre-Run: 17 805 299 712 octets libres
Post-Run: 18 702 385 152 octets libres

207 --- E O F --- 2009-02-19 05:25

2e fichier

ComboFix 09-08-10.06 - Annick 2009-08-18 6:59.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.894.536 [GMT -4:00]
Running from: c:\documents and settings\Annick\Bureau\Testit.exe
AV: avast! antivirus 4.8.1335 [VPS 090817-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-17 21:28 . 2009-08-17 21:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Studio-Scrap2
2009-08-17 21:27 . 2006-01-30 13:32 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2009-08-17 21:27 . 2004-12-07 11:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-08-17 21:27 . 2009-08-17 21:27 -------- d-----w- c:\program files\Tracker Software
2009-08-17 21:26 . 2003-03-19 11:04 618496 ----a-w- c:\windows\system32\stlpmt45.dll
2009-08-17 21:26 . 2008-08-30 00:00 1500160 ----a-w- c:\windows\system32\cc3260mt.dll
2009-08-17 21:26 . 2008-08-30 00:00 1007104 ----a-w- c:\windows\system32\cc3290mt.dll
2009-08-17 21:26 . 1999-02-23 09:16 98304 ----a-w- c:\windows\system32\Dunzip32.dll
2009-08-17 21:26 . 1999-02-23 09:16 125440 ----a-w- c:\windows\system32\Dzip32.dll
2009-08-17 21:26 . 1995-10-11 07:00 133904 ----a-w- c:\windows\system32\MFCANS32.DLL
2009-08-17 21:26 . 2002-03-06 11:00 22016 ----a-w- c:\windows\system32\borlndmm.dll
2009-08-17 21:26 . 2009-08-17 21:30 -------- d-----w- c:\documents and settings\Annick\Application Data\Studio-Scrap2
2009-08-17 21:26 . 2009-08-17 21:27 -------- d-----w- c:\program files\StudioScrap2-Decouverte
2009-08-09 14:56 . 2009-08-09 17:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trymedia
2009-08-09 14:54 . 2009-08-09 17:45 -------- d-----w- C:\GameHouse Games
2009-08-09 14:54 . 2009-08-09 17:45 -------- d-----w- c:\program files\RealArcade
2009-08-04 11:26 . 2009-08-06 07:11 -------- d-----w- c:\documents and settings\Annick\Application Data\vlc
2009-08-03 22:34 . 2009-08-03 22:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-02 19:12 . 2009-08-02 19:12 -------- d-----w- c:\documents and settings\Annick\Application Data\Yahoo!
2009-08-02 19:12 . 2009-08-02 19:19 -------- d-----w- c:\program files\Yahoo!
2009-08-02 19:12 . 2009-08-02 19:12 -------- d-----w- c:\program files\CCleaner
2009-08-02 16:24 . 2009-08-18 10:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-02 16:24 . 2009-08-02 16:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 22:14 . 2009-08-01 22:14 -------- d-----w- c:\windows\ERUNT
2009-08-01 22:13 . 2009-08-01 22:49 -------- d-----w- C:\SDFix
2009-07-31 23:18 . 2009-07-31 23:18 -------- d-----w- c:\documents and settings\Annick\Application Data\Malwarebytes
2009-07-31 23:18 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-31 23:18 . 2009-07-31 23:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-31 23:18 . 2009-08-18 02:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 23:18 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 21:54 . 2009-07-31 21:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-31 21:54 . 2009-08-18 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-31 21:54 . 2009-07-31 21:54 -------- d-----w- c:\documents and settings\Annick\Application Data\SUPERAntiSpyware.com
2009-07-28 02:09 . 2009-07-28 02:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SpinTop Games
2009-07-28 02:06 . 2009-07-28 02:06 -------- d-----w- c:\program files\Mystery P.I. Vegas Deluxe
2009-07-27 10:55 . 2009-07-27 10:55 -------- d-----w- c:\program files\bfgclient
2009-07-27 10:54 . 2009-08-09 17:39 -------- d-----w- c:\program files\BigFish
2009-07-27 10:54 . 2009-07-27 10:54 -------- d-----w- c:\program files\Nouveau dossier
2009-07-27 10:52 . 2009-08-09 17:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2009-07-27 03:25 . 2009-07-27 03:25 -------- d-----w- c:\documents and settings\Annick\Application Data\Meridian93
2009-07-27 01:04 . 2009-07-27 01:05 -------- d-----w- c:\documents and settings\Annick\Application Data\Pirateville
2009-07-26 20:17 . 2009-07-26 20:17 -------- d-----w- c:\documents and settings\Annick\Application Data\cerasus.media
2009-07-26 14:12 . 2009-07-26 14:12 -------- d-----w- c:\program files\Hidden Expedition - Everest
2009-07-24 17:32 . 2009-07-24 17:32 -------- d-----w- c:\documents and settings\Annick\Local Settings\Application Data\Slapdash Games
2009-07-24 17:32 . 2009-07-24 17:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Slapdash Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 12:27 . 2009-06-28 21:42 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-09 14:56 . 2009-06-23 00:39 -------- d-----w- c:\documents and settings\Annick\Application Data\PlayFirst
2009-08-09 14:56 . 2009-06-23 00:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PlayFirst
2009-07-31 21:51 . 2008-01-27 22:44 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-28 02:07 . 2008-04-05 20:18 -------- d-----w- c:\program files\Zylom Games
2009-07-26 13:52 . 2009-07-12 03:52 -------- d-----w- c:\program files\THE GAME OF LIFE - Path to Success
2009-07-18 19:17 . 2009-07-18 19:17 -------- d-----w- c:\program files\VideoLAN
2009-07-15 12:00 . 2002-09-16 14:59 84928 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 12:00 . 2002-09-16 14:59 510892 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 22:33 . 2009-07-14 22:33 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-14 22:33 . 2009-07-14 22:33 -------- d-----w- c:\program files\Lavasoft
2009-07-14 22:33 . 2008-01-27 22:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-11 13:58 . 2009-07-11 13:58 -------- d-----w- c:\documents and settings\Annick\Application Data\GOL_byHasbro
2009-07-11 13:52 . 2009-07-11 13:50 -------- d-----w- c:\program files\The Game Of Life by Hasbro
2009-07-08 18:03 . 2009-07-08 18:02 -------- d-----w- c:\documents and settings\Annick\Application Data\SecretIslandFraBF
2009-07-07 13:29 . 2009-07-07 13:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Alawar Stargaze
2009-07-04 23:40 . 2005-04-15 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 22:10 . 2009-07-04 22:10 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 14:49 . 2009-07-14 22:34 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-14 23:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 04:24 . 2007-07-10 01:41 2932 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_10.47.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-18 10:54 . 2009-08-18 10:54 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
+ 2009-08-18 10:54 . 2009-08-18 10:54 16384 c:\windows\temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]
"Google Update"="c:\documents and settings\Annick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\progra~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-03 692316]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2002-10-23 176197]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-02-11 26112]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-05-21 4608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Annick\Menu D‚marrer\Programmes\D‚marrage\
HardCopy Pro.lnk - c:\program files\HardCopy Pro\HardCopy Pro\HardCopy Pro.exe [2009-6-17 229376]

c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mbapfavi]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wiwpatiq]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-07-14 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-07-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-07-28 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-07 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 Synergy Client;Synergy Client;c:\program files\Synergy\synergyc.exe [2006-04-02 446464]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-07-25 386784]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-02-17 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-02-17 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2004-05-04 19112]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-05-07 57440]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-07-25 43392]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-08-27 16194]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2009-05-07 356434]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\DRIVERS\wg511nd5.sys --> c:\windows\system32\DRIVERS\wg511nd5.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-02-14 560896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 WinPhlash;WinPhlash;c:\swsetup\sp27643\PhlashNT.sys [2003-07-23 21984]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 07:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?6?6?0??`???? ?X#B?????????????l|B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1724)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-18 7:06
ComboFix-quarantined-files.txt 2009-08-18 11:06

Pre-Run: 17 766 445 056 octets libres
Post-Run: 17 729 830 912 octets libres

190 --- E O F --- 2009-02-19 05:25

Autres pages sur : interpretation fichier combofix

a c 296 8 Sécurité
18 Août 2009 15:10:55

Bonjour,

Le rootkit TDSS a été supprimé.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    18 Août 2009 18:52:36

    Oui, j'utilise déjà MBAM,

    Je vais faire la mise à jour d'aujourd'hui et coller le rapport ce soir.

    Merci
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    19 Août 2009 11:55:10

    Désolé pour le retard,

    Voici le rapport de MBAM, C'est d'ailleurs grâce à lui que j'ai trouvé le nom du trojan, mais il n'était pas en mesure de l'enlever.

    Merci encore

    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2653
    Windows 5.1.2600 Service Pack 2

    2009-08-19 05:52:59
    mbam-log-2009-08-19 (05-52-59).txt

    Type de recherche: Examen rapide
    Eléments examinés: 101122
    Temps écoulé: 12 minute(s), 32 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 296 8 Sécurité
    19 Août 2009 15:28:38

    Tu n'as plus de souci ?
    19 Août 2009 18:47:48

    Tout semble beau, je voulais juste savoir si quelqu'un voyait quelques choses de spécial dans le rapport de combofix... à la longueur qu'il a, il doit bien vouloir dire quelques chose
    a c 296 8 Sécurité
    19 Août 2009 18:49:10

    Rien de particulier dans le rapport ComboFix.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS