Votre question

Infection pas infection

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Juillet 2009 21:25:13

Bonjour, j'ai telechargé un fichier nommé codec.exe qui était caché dans le setup.exe...

Bon apparemment yavait virus car nod 32 m'indiquait un virus trojan type kryptic...

Je poste ici les rapports malawarebyte et combofix...

C'est grave docteur ???

Merci d'avance à tous et longue vie a ce forum.

Autres pages sur : infection infection

1 Juillet 2009 21:29:17

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1878
Windows 5.1.2600 Service Pack 3

01/07/2009 21:06:00
mbam-log-2009-07-01 (21-06-00).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 233096
Temps écoulé: 31 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
1 Juillet 2009 21:29:33

ComboFix 09-07-01.01 - SkyCoke 01/07/2009 21:17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1362 [GMT 2:00]
Lancé depuis: c:\documents and settings\SkyCoke\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://xuri.info
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-01 au 2009-07-01 ))))))))))))))))))))))))))))))))))))
.

2009-07-01 18:07 . 2009-07-01 18:07 -------- d-sh--w- C:\Diskeeper
2009-07-01 17:48 . 2009-07-01 17:48 -------- d-----w- c:\program files\Fichiers communs\Diskeeper Corporation
2009-07-01 17:48 . 2009-07-01 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-07-01 16:03 . 2009-07-01 16:03 -------- d-sh--w- c:\documents and settings\SkyCoke\PrivacIE
2009-06-30 08:40 . 2009-06-30 08:40 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-06-30 08:40 . 2009-06-30 08:40 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-06-26 16:30 . 2009-06-25 14:36 1291640 ----a-w- c:\documents and settings\SkyCoke\Application Data\Mozilla\Firefox\Profiles\8xlsxpvz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-26 16:30 . 2009-06-25 14:36 729088 ----a-w- c:\documents and settings\SkyCoke\Application Data\Mozilla\Firefox\Profiles\8xlsxpvz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-25 19:24 . 2009-06-25 19:24 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-06-25 07:53 . 2009-06-25 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-25 07:50 . 2009-06-25 07:54 -------- d-----w- c:\documents and settings\SkyCoke\Application Data\DAEMON Tools Lite
2009-06-19 06:43 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-19 06:43 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-19 06:43 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-19 06:43 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-19 06:43 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-19 06:43 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-19 06:43 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-17 09:17 . 2009-06-17 09:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-17 09:17 . 2009-06-17 09:17 -------- d-sh--w- c:\documents and settings\SkyCoke\IETldCache
2009-06-17 09:11 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 09:11 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 09:11 . 2009-06-17 09:11 -------- d-----w- c:\windows\ie8updates
2009-06-17 09:11 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-17 09:10 . 2009-06-17 09:11 -------- dc-h--w- c:\windows\ie8
2009-06-08 17:51 . 2009-06-29 12:17 -------- d-----w- c:\documents and settings\SkyCoke\Application Data\dvdcss
2009-06-07 18:41 . 2009-06-07 18:44 -------- d-----w- c:\documents and settings\SkyCoke\Application Data\vlc
2009-06-02 17:31 . 2009-06-02 17:31 1878984 ----a-w- c:\documents and settings\SkyCoke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 19:16 . 2008-09-26 15:28 -------- d-----w- c:\documents and settings\SkyCoke\Application Data\uTorrent
2009-07-01 18:03 . 2008-05-18 00:35 -------- d-----w- c:\program files\Tweak-XP Pro 4
2009-07-01 17:31 . 2009-03-17 17:06 -------- d-----w- c:\program files\MagicISO
2009-07-01 17:31 . 2008-09-25 18:05 -------- d-----w- c:\program files\GigaTribe
2009-07-01 17:31 . 2008-08-27 08:09 -------- d-----w- c:\program files\MKVtoolnix
2009-07-01 17:31 . 2008-05-19 11:04 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-01 17:31 . 2008-05-18 00:32 -------- d-----w- c:\program files\DivX
2009-07-01 08:19 . 2001-09-28 12:00 86366 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-01 08:19 . 2001-09-28 12:00 513458 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 07:46 . 2008-09-25 18:06 -------- d-----w- c:\documents and settings\SkyCoke\Application Data\GigaTribe
2009-06-29 17:25 . 2008-06-17 18:15 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-29 17:25 . 2008-06-17 18:15 189640 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-26 16:36 . 2008-11-10 08:48 139152 ----a-w- c:\documents and settings\SkyCoke\Application Data\PnkBstrK.sys
2009-06-26 16:36 . 2008-11-10 08:48 139152 ----a-w- c:\documents and settings\SkyCoke\Application Data\PnkBstrK.sys
2009-06-26 16:36 . 2008-11-10 08:48 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-25 19:21 . 2008-05-17 22:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 14:03 . 2008-09-05 18:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-25 07:50 . 2008-09-05 18:08 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 20:43 . 2009-02-28 10:00 334912 ----a-w- c:\documents and settings\SkyCoke\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-05-29 20:43 . 2009-02-28 10:00 171072 ----a-w- c:\documents and settings\SkyCoke\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-05-29 20:29 . 2009-02-28 10:00 874660 ----a-w- c:\documents and settings\SkyCoke\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-05-29 20:29 . 2009-02-28 10:00 57344 ----a-w- c:\documents and settings\SkyCoke\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-05-29 20:29 . 2009-02-28 10:00 479232 ----a-w- c:\documents and settings\SkyCoke\Application Data\id Software\quakelive\home\pb\pbsv.dll
2009-05-29 20:29 . 2009-02-28 10:00 2669632 ----a-w- c:\documents and settings\SkyCoke\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-05-29 19:34 . 2009-05-29 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-05-24 18:15 . 2008-06-17 18:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-14 22:18 . 2009-05-14 22:18 -------- d-----w- c:\program files\Ray Adams
2009-05-14 19:02 . 2009-05-14 13:19 -------- d-----w- c:\program files\ma-config.com
2009-05-14 19:02 . 2009-05-14 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-05-14 18:28 . 2009-05-14 18:28 -------- d-----w- c:\program files\OpenAL
2009-05-14 18:28 . 2008-06-07 10:26 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-14 18:28 . 2008-06-07 10:26 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-14 18:27 . 2009-05-14 18:27 -------- d-----w- c:\program files\Fichiers communs\Creative Labs Shared
2009-05-14 18:27 . 2008-06-07 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-05-14 18:20 . 2009-05-14 18:20 -------- d-----w- c:\program files\Razer
2009-05-14 18:08 . 2009-05-14 18:08 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver
2009-05-14 13:58 . 2009-05-14 13:58 258 ---ha-w- c:\windows\nse17A.tmp
2009-05-14 13:58 . 2009-05-14 13:58 -------- d-----w- c:\program files\Marvell
2009-05-14 13:34 . 2009-05-14 13:31 -------- d-----w- c:\program files\Intel
2009-05-14 12:56 . 2009-05-14 17:20 402800 ----a-w- c:\documents and settings\SkyCoke\Application Data\Mozilla\Firefox\Profiles\8xlsxpvz.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-14 08:45 . 2009-05-14 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-05-14 07:36 . 2008-09-18 09:28 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-13 05:04 . 2008-04-13 17:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 10:16 . 2008-05-18 00:34 -------- d-----w- c:\documents and settings\SkyCoke\Application Data\teamspeak2
2009-05-08 20:01 . 2009-05-02 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-08 15:05 . 2008-05-18 03:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-05-07 15:33 . 2008-04-13 17:33 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 08:51 . 2009-05-05 08:51 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 08:09 . 2009-04-21 08:09 282624 ----a-w- c:\windows\system32\yk51x86.dll
2009-04-21 08:09 . 2005-03-30 06:24 297344 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2009-04-19 19:50 . 2008-04-13 16:58 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-04-13 17:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-05-18 00:28 . 2008-05-18 00:27 24 --sh--w- c:\windows\S364C51E9.tmp
2008-09-23 08:31 . 2008-09-23 08:31 56 --sh--r- c:\windows\system32\75EF406A1A.sys
2008-10-12 15:43 . 2008-09-23 08:33 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2008-10-16 657408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 172544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"idsvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"LVCOMSer"=2 (0x2)
"GEARSecurity"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"=
"e:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"e:\\Program Files\\Quake III Arena\\quake3.exe"=
"e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"e:\\Program Files\\Electronic Arts\\L'Avènement du Roi-sorcier\\game.dat"=
"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [02/08/2004 17:04 138780]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [08/09/2008 19:32 18336]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 12:11 33800]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [02/08/2004 17:23 46779]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [12/06/2008 18:50 120320]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 12:08 472320]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [08/09/2004 16:43 99432]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [08/10/2008 01:21 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [08/10/2008 01:21 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [08/10/2008 01:21 72728]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [24/09/2008 17:40 33792]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [14/05/2009 18:08 11596]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [28/09/2001 14:00 3584]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [14/05/2009 20:27 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [08/10/2008 01:21 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [08/10/2008 01:21 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [08/10/2008 01:21 72728]
S3 Is_rhotm;Is_rhotm; [x]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [14/05/2009 20:08 332928]
S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [14/12/2005 13:09 176640]
S3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\drivers\SaiIFFB5.sys [14/12/2005 13:10 16768]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - DISKEEPER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://immo.ac3-distribution.com/catalog/admin/login.php?datetime=200805301140
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {3EEE6660-EA80-4D7A-B214-3D84F3ADAEDF} = 192.168.1.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\SkyCoke\Application Data\Mozilla\Firefox\Profiles\8xlsxpvz.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\SkyCoke\Application Data\Mozilla\Firefox\Profiles\8xlsxpvz.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\SkyCoke\Application Data\Mozilla\Firefox\Profiles\8xlsxpvz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 21:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1645522239-1770027372-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:77,0e,cd,25,cf,67,45,6e,d6,cf,36,42,ef,f1,c2,ce,1f,d9,f0,40,a6,
9b,ae,42,fa,e0,63,af,71,3e,6a,1d,74,0f,ae,f4,43,8c,a5,a0,ce,b5,50,b5,d8,2e,\
"rkeysecu"=hex:57,81,f1,06,0b,dc,b8,6a,f7,18,4e,0b,22,a8,a7,23

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-07-01 21:19
ComboFix-quarantined-files.txt 2009-07-01 19:19

Avant-CF: 8 138 047 488 octets libres
Après-CF: 8 453 304 320 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

250 --- E O F --- 2009-06-17 09:11
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS