Infecter par un virus

coolzen95 · Août 23, 2008, 12:30

c’est quoi le note pad?

guigui14100 · Août 23, 2008, 12:56

Cest le bloc note qui se trouve dans accesoire

coolzen95 · Août 23, 2008, 1:02

lol merci donc j’ecri C:\WINDOWS\system32\tdssserf.dll dans le bloc note que je renomme CFSscript puis je le deplace sur combofix et j’execute

guigui14100 · Août 23, 2008, 1:15

Normalement il va démarrer direct quand torai glisser le fichier dessus (une foi desus lache le clic )

coolzen95 · Août 23, 2008, 1:33

sa fait un scan normal comme pour le premiere fois

coolzen95 · Août 23, 2008, 5:59

cela ma fait sa

omboFix 08-08-21.02 - LAGDER 2008-08-23 17:46:38.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\LAGDER\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\LAGDER\Bureau\CFScript.txt

Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-22 23:20 . 2008-08-22 23:24 d-------- C:\Documents and Settings\InvitÚ
2008-08-22 22:32 . 2008-08-22 23:29 d-------- C:\Program Files\McAfee
2008-08-22 22:30 . 2008-08-22 23:29 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-22 20:02 . 2008-08-22 20:02 d–hs---- C:\Documents and Settings\LocalService\Application Data\sysproc64
2008-08-22 20:02 . 2008-08-22 20:02 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-20 13:24 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-20 13:24 . 2004-08-04 00:54 21,504 --a–c— C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-20 13:24 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-20 13:24 . 2004-08-04 00:45 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-15 12:52 . 2008-05-01 16:31 331,776 -----c— C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-03 19:34 . 2008-08-03 19:34 121 --a------ C:\WINDOWS\Winchat.ini
2008-07-26 17:22 . 2008-07-26 17:22 d-------- C:\TIVOLA
2008-07-26 17:22 . 2008-07-26 17:22 29 --a------ C:\WINDOWS\max2f.ini
2008-07-26 17:22 . 2008-07-26 17:22 17 --a------ C:\WINDOWS\max2.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 21:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-22 21:46 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 21:46 --------- d-----w C:\Program Files\LimeWire
2008-08-22 21:46 --------- d-----w C:\Program Files\DivX
2008-08-22 21:46 --------- d-----w C:\Program Files\Batiprix CD
2008-08-22 17:47 --------- d-----w C:\Documents and Settings\LAGDER\Application Data\Azureus
2008-08-19 17:16 --------- d-----w C:\Documents and Settings\LAGDER\Application Data\LimeWire
2008-08-16 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-18 14:10 --------- d-----w C:\Program Files\MediaCoder
2008-07-17 19:54 1,212 ----a-w C:\Documents and Settings\LAGDER\Application Data\filterclsid.dat
2008-07-17 19:51 --------- d-----w C:\Documents and Settings\LAGDER\Application Data\Samsung
2008-07-17 19:45 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-17 19:44 --------- d-----w C:\Program Files\Samsung
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 10:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-30 10:23 --------- d-----w C:\Program Files\Nokia
2008-06-30 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-30 10:21 --------- d-----w C:\Program Files\TomTom HOME
2008-06-26 23:19 --------- d-----w C:\Program Files\eMule
2008-06-26 17:19 --------- d-----w C:\Program Files\Azureus
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 671,232 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-12-07 13:06 734 ----a-w C:\Documents and Settings\LAGDER\Application Data\wklnhst.dat
2006-08-06 14:34 278,528 -c–a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-08-22_23.20.08.62 )))))))))))))))))))))))))))))))))))))))))
.

2008-08-22 21:13:46 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-08-23 15:34:49 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-08-22 21:13:46 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

2008-08-23 15:34:49 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

2008-08-22 21:13:46 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

2008-08-23 15:34:49 32,768 -c–a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-08-23 15:34:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat
2008-08-23 15:34:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2e0.dat
2008-08-23 15:34:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 14:00 15360]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE” [2005-01-19 15:18 405583]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-03-06 10:33 7557120]
“Apoint”=“C:\Program Files\Apoint\Apoint.exe” [2004-11-17 13:47 118784]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 14:34 64512]
“VAIOCameraUtility”=“C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe” [2005-12-27 14:58 69632]
“SonyPowerCfg”=“C:\Program Files\Sony\VAIO Power Management\SPMgr.exe” [2005-12-13 23:43 217088]
“ISBMgr.exe”=“C:\Program Files\Sony\ISB Utility\ISBMgr.exe” [2004-02-20 15:12 32768]
“Switcher.exe”=“C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe” [2006-02-14 13:11 176128]
“PDService.exe”=“C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe” [2004-07-06 15:15 40960]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2005-03-03 22:47 483328]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-08-06 16:41 98304]
“VAIO Update 3”=“C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe” [2007-01-25 21:41 546936]
“Autoconfigurateur WiFi Neuf”=“C:\Program Files\Neuf\Kit\WiFi\9wifi.exe” [2007-02-14 13:06 181752]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2006-10-23 01:48 40048]
“Mouse Suite 98 Daemon”=“ICO.EXE” [2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-10 14:00 15360]

C:\Documents and Settings\LAGDER\Menu D?marrer\Programmes\D?marrage
WkCalRem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 03:54:00 15360]

C:\Documents and Settings\All Users\Menu D?marrer\Programmes\D?marrage
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 15:01:32 1744896]
Lancement rapide d’Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Moniteur de ressources Extender.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.dvsd”= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
“MSACM.CEGSM”= mobilev.acm
“vidc.yv12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe”=
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Azureus\Azureus.exe”=
“C:\Hager\Taloha\Apps\rteng9.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“61323:TCP”= 61323:TCP:emule tcp
“63800:UDP”= 63800:UDP:emule UDP
“3776:UDP”= 3776:UDP:Service de Media Center Extender
“3390:TCP”= 3390:TCP:Services Media Center à distance

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 15:07]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:55]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 08:22]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-14 14:25]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 20:10]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\hmvmdm.sys [2007-09-04 21:39]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\Auto\command - I:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3817c533-2258-11dd-b937-0002c7e51f97}]
\Shell\AutoRun\command - H:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{407f152e-22a6-11dd-b938-0002c7e51f97}]
\Shell\AutoRun\command - H:\VFPcAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{407f152f-22a6-11dd-b938-0002c7e51f97}]
\Shell\AutoRun\command - H:\VFPcAssistant.exe
.

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-23 17:50:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0

.
Temps d’accomplissement: 2008-08-23 17:52:39
ComboFix-quarantined-files.txt 2008-08-23 15:52:32
ComboFix2.txt 2008-08-22 21:20:33

Pre-Run: 16,659,001,344 octets libres
Post-Run: 16,644,546,560 octets libres

174 — E O F — 2008-08-16 09:27:41

un scan normale et le fichier CFScript a disparue

guigui14100 · Août 23, 2008, 7:07

Désactive tes protections
Et ressaye avec ce fichier