Tema: spywaresecure
Ver Mensaje Individual
  post #3 (permalink)  
Antiguo 27/02/08, 09:55:51
velllzevu velllzevu está offline
Usuario
  
Registrado: feb 2008
Ubicación: FRANCIA
Mensajes: 2
Re: spywaresecure
parece ser que todo esta bien ,te dejo los informes de el combofix y el de el antimalware. espero que se haya solucionado y muchas gracias por la ayuda.

Malwarebytes' Anti-Malware 1.05
Versión de la Base de Datos: 390

Tipo de examen : Examen Rápido
Objetos examinados: 26155
Tiempo transcurrido: 14 minute(s), 17 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 2
Ficheros Infectados: 6

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.

Ficheros Infectados:
C:\WINDOWS\system32\aaldvkyfi_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\hedzzlch_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\huzsfia_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\wovjnelqn_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\aaldvkyfi_nav.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\hedzzlch_nav.dat (Adware.EGDAccess) -> No action taken.





ComboFix 08-02-25.3 - aude jagu 2008-02-27 12:50:34.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.767 [GMT 1:00]
Endroit: C:\Documents and Settings\aude jagu\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\aude jagu\Application Data\MessengerSkinner
C:\Documents and Settings\aude jagu\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\aude jagu\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\aude jagu\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\aude jagu\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\aaldvkyfi.dat
C:\WINDOWS\system32\aaldvkyfi_nav.dat
C:\WINDOWS\system32\aaldvkyfi_navps.dat
C:\WINDOWS\system32\hedzzlch.dat
C:\WINDOWS\system32\hedzzlch.exe
c:\WINDOWS\system32\hedzzlch_nav.dat
C:\WINDOWS\system32\hedzzlch_navps.dat
C:\WINDOWS\system32\huzsfia.dat
C:\WINDOWS\system32\huzsfia_navps.dat
C:\WINDOWS\system32\wovjnelqn.dat
C:\WINDOWS\system32\wovjnelqn_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.

2008-02-27 12:06 . 2008-02-27 12:06 <REP> d-------- C:\Documents and Settings\aude jagu\Application Data\Malwarebytes
2008-02-26 15:50 . 2008-02-26 15:50 <REP> d-------- C:\Program Files\Trend Micro
2008-02-26 14:34 . 2008-02-26 16:50 <REP> d-------- C:\Documents and Settings\aude jagu\Application Data\SUPERAntiSpyware.com
2008-02-26 14:34 . 2008-02-26 14:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 23:56 . 2008-02-25 23:56 4,734 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-25 21:36 . 2008-02-25 21:36 <REP> d-------- C:\Program Files\Ares
2008-02-14 11:30 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-12 18:21 . 2008-02-12 18:21 191,859 --a------ C:\WINDOWS\system32\DD
2008-02-03 12:49 . 2008-02-03 12:49 184,114 --a------ C:\WINDOWS\system32\dsqulrcqd.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-26 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-26 11:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-15 11:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 11:10 --------- d-----w C:\Program Files\Micro Application
2008-02-15 11:08 40,960 ----a-w C:\HTGD0003.exe
2008-02-14 22:03 --------- d-----w C:\Program Files\Services en ligne
2008-02-11 15:58 --------- d-----w C:\Program Files\Google
2008-02-04 11:25 --------- d-----w C:\Program Files\Fichiers communs\ErreurChasseur
2008-02-03 15:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-29 21:54 --------- d-----w C:\Documents and Settings\aude jagu\Application Data\Winamp
2008-01-06 20:02 --------- d-----w C:\Program Files\Sonic
2007-12-29 18:47 --------- d-----w C:\Program Files\Windows Live
2007-12-29 18:40 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-29 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-20 23:31 284,160 ----a-w C:\WINDOWS\system32\fyitvtral.exe
2007-12-19 22:19 311,808 ----a-w C:\WINDOWS\system32\eqjzksa.exe
2007-12-19 02:04 309,248 ----a-w C:\WINDOWS\system32\exivmnnw.exe
2007-12-18 17:50 313,856 ----a-w C:\WINDOWS\system32\fhrzqb.exe
2007-12-18 14:15 295,424 ----a-w C:\WINDOWS\system32\ipfxqmq.exe
2007-12-18 12:36 289,792 ----a-w C:\WINDOWS\system32\qoqjbhunno.exe
2007-12-11 22:24 260,632 ----a-w C:\Documents and Settings\aude jagu\Application Data\setup_fr[1].exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-04-06 15:07 67128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-12-19 01:20 68856]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120]
"nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dl l" [2006-05-01 21:04 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"CFSServ.exe"="CFSServ.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-29 11:44 249896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-18 18:44 6731312]
"DLADiag"="C:\WINDOWS\DLADiag.EXE" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-04-06 15:07:46 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-11-02 14:15:46 438272]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-19 01:20:42 124400]
VPro500.lnk - C:\WINDOWS\VPro500.exe [2007-04-14 17:48:11 470016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe"=

R1 DLADiagN;DLADiagN;C:\WINDOWS\system32\Drivers\DLAD iagN.SYS [2005-08-25 11:16]
R1 DLAPMonN;DLAPMonN;C:\WINDOWS\system32\Drivers\DLAP MonN.SYS [2005-08-25 11:16]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 SPC610NC;Philips SPC500NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-10-13 15:41]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7397a140-8adf-11db-b248-00a0d155d413}]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-13 19:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2019-01-05 1327 C:\WINDOWS\Tasks\User_Feed_Synchronization-{10D61F48-7758-45E0-98A6-59ADD1F69573}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:52:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

************************************************** ************************
.
Temps d'accomplissement: 2008-02-27 12:53:30
ComboFix-quarantined-files.txt 2008-02-27 11:53:22
.
2008-02-14 09:14:50 --- E O F ---
Responder Con Cita