Infecter par un virus

c’est quoi le note pad?

Cest le bloc note qui se trouve dans accesoire :wink:

lol merci donc j’ecri C:\WINDOWS\system32\tdssserf.dll dans le bloc note que je renomme CFSscript puis je le deplace sur combofix et j’execute

Normalement il va démarrer direct quand torai glisser le fichier dessus (une foi desus lache le clic )

sa fait un scan normal comme pour le premiere fois

cela ma fait sa

omboFix 08-08-21.02 - LAGDER 2008-08-23 17:46:38.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\LAGDER\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\LAGDER\Bureau\CFScript.txt

  • Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-22 23:20 . 2008-08-22 23:24 d-------- C:\Documents and Settings\InvitÚ
2008-08-22 22:32 . 2008-08-22 23:29 d-------- C:\Program Files\McAfee
2008-08-22 22:30 . 2008-08-22 23:29 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-22 20:02 . 2008-08-22 20:02 d–hs---- C:\Documents and Settings\LocalService\Application Data\sysproc64
2008-08-22 20:02 . 2008-08-22 20:02 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-20 13:24 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-20 13:24 . 2004-08-04 00:54 21,504 --a–c— C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-20 13:24 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-20 13:24 . 2004-08-04 00:45 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-15 12:52 . 2008-05-01 16:31 331,776 -----c— C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-03 19:34 . 2008-08-03 19:34 121 --a------ C:\WINDOWS\Winchat.ini
2008-07-26 17:22 . 2008-07-26 17:22 d-------- C:\TIVOLA
2008-07-26 17:22 . 2008-07-26 17:22 29 --a------ C:\WINDOWS\max2f.ini
2008-07-26 17:22 . 2008-07-26 17:22 17 --a------ C:\WINDOWS\max2.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 21:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-22 21:46 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 21:46 --------- d-----w C:\Program Files\LimeWire
2008-08-22 21:46 --------- d-----w C:\Program Files\DivX
2008-08-22 21:46 --------- d-----w C:\Program Files\Batiprix CD
2008-08-22 17:47 --------- d-----w C:\Documents and Settings\LAGDER\Application Data\Azureus
2008-08-19 17:16 --------- d-----w C:\Documents and Settings\LAGDER\Application Data\LimeWire
2008-08-16 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-18 14:10 --------- d-----w C:\Program Files\MediaCoder
2008-07-17 19:54 1,212 ----a-w C:\Documents and Settings\LAGDER\Application Data\filterclsid.dat
2008-07-17 19:51 --------- d-----w C:\Documents and Settings\LAGDER\Application Data\Samsung
2008-07-17 19:45 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-17 19:44 --------- d-----w C:\Program Files\Samsung
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 10:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-30 10:23 --------- d-----w C:\Program Files\Nokia
2008-06-30 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-30 10:21 --------- d-----w C:\Program Files\TomTom HOME
2008-06-26 23:19 --------- d-----w C:\Program Files\eMule
2008-06-26 17:19 --------- d-----w C:\Program Files\Azureus
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 671,232 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-12-07 13:06 734 ----a-w C:\Documents and Settings\LAGDER\Application Data\wklnhst.dat
2006-08-06 14:34 278,528 -c–a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-08-22_23.20.08.62 )))))))))))))))))))))))))))))))))))))))))
.

  • 2008-08-22 21:13:46 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
  • 2008-08-23 15:34:49 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
  • 2008-08-22 21:13:46 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
  • 2008-08-23 15:34:49 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
  • 2008-08-22 21:13:46 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • 2008-08-23 15:34:49 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • 2008-08-23 15:34:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat
  • 2008-08-23 15:34:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2e0.dat
  • 2008-08-23 15:34:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 14:00 15360]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE” [2005-01-19 15:18 405583]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-03-06 10:33 7557120]
“Apoint”=“C:\Program Files\Apoint\Apoint.exe” [2004-11-17 13:47 118784]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 14:34 64512]
“VAIOCameraUtility”=“C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe” [2005-12-27 14:58 69632]
“SonyPowerCfg”=“C:\Program Files\Sony\VAIO Power Management\SPMgr.exe” [2005-12-13 23:43 217088]
“ISBMgr.exe”=“C:\Program Files\Sony\ISB Utility\ISBMgr.exe” [2004-02-20 15:12 32768]
“Switcher.exe”=“C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe” [2006-02-14 13:11 176128]
“PDService.exe”=“C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe” [2004-07-06 15:15 40960]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2005-03-03 22:47 483328]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-08-06 16:41 98304]
“VAIO Update 3”=“C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe” [2007-01-25 21:41 546936]
“Autoconfigurateur WiFi Neuf”=“C:\Program Files\Neuf\Kit\WiFi\9wifi.exe” [2007-02-14 13:06 181752]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2006-10-23 01:48 40048]
“Mouse Suite 98 Daemon”=“ICO.EXE” [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-10 14:00 15360]

C:\Documents and Settings\LAGDER\Menu D?marrer\Programmes\D?marrage
WkCalRem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 03:54:00 15360]

C:\Documents and Settings\All Users\Menu D?marrer\Programmes\D?marrage
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 15:01:32 1744896]
Lancement rapide d’Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Moniteur de ressources Extender.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.dvsd”= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
“MSACM.CEGSM”= mobilev.acm
“vidc.yv12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe”=
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Azureus\Azureus.exe”=
“C:\Hager\Taloha\Apps\rteng9.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“61323:TCP”= 61323:TCP:emule tcp
“63800:UDP”= 63800:UDP:emule UDP
“3776:UDP”= 3776:UDP:Service de Media Center Extender
“3390:TCP”= 3390:TCP:Services Media Center à distance

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 15:07]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:55]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 08:22]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-14 14:25]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 20:10]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\hmvmdm.sys [2007-09-04 21:39]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\Auto\command - I:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3817c533-2258-11dd-b937-0002c7e51f97}]
\Shell\AutoRun\command - H:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{407f152e-22a6-11dd-b938-0002c7e51f97}]
\Shell\AutoRun\command - H:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{407f152f-22a6-11dd-b938-0002c7e51f97}]
\Shell\AutoRun\command - H:\VFPcAssistant.exe
.


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-23 17:50:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0


.
Temps d’accomplissement: 2008-08-23 17:52:39
ComboFix-quarantined-files.txt 2008-08-23 15:52:32
ComboFix2.txt 2008-08-22 21:20:33

Pre-Run: 16,659,001,344 octets libres
Post-Run: 16,644,546,560 octets libres

174 — E O F — 2008-08-16 09:27:41

un scan normale et le fichier CFScript a disparue

Désactive tes protections
Et ressaye avec ce fichier