Ynot

Bonjour, Après avoir fait un tour sur ce forum, j'ai lancé HijackThis et ComboFix sur mon portable qui est trop durement infecté pour qu'Avast! réussisse à le guérir. Voilà les deux rapports que j'aie obtenus. Que me conseillez vous de faire pour me débarrasser des malwares qui, entre autres, affichent des images de toon's sur mon bureau ? Rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:55:21, on 16/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\1036\msoffice.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\virginie\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [e85d0def] rundll32.exe "C:\WINDOWS\system32\ofoootin.dll",b O4 - HKLM\..\Run: [bMeb6e3e73] Rundll32.exe "C:\WINDOWS\system32\jmiqktam.dll",s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24a107a726f8dd...RdxIE601_fr.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2088426E-A968-46BB-9452-FD176D6C5BDF}: NameServer = 195.220.226.225,193.50.115.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{2088426E-A968-46BB-9452-FD176D6C5BDF}: NameServer = 195.220.226.225,193.50.115.200 O17 - HKLM\System\CS2\Services\Tcpip\..\{2088426E-A968-46BB-9452-FD176D6C5BDF}: NameServer = 195.220.226.225,193.50.115.200 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MrobeService - Unknown owner - C:\WINDOWS\system32\MRobeService.exe (file missing) O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 9838 bytes Rapport ComboFix : ComboFix 08-05-15.3 - virginie 2008-05-16 23:33:31.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.207 [GMT 2:00] Endroit: C:\Documents and Settings\virginie\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\virginie\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AntiSpywareMaster C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bkwmkkhh.exe C:\WINDOWS\system32\DfMSCcdd.ini C:\WINDOWS\system32\DfMSCcdd.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nitooofo.ini C:\WINDOWS\system32\ottccemk.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\petvawwv.exe C:\WINDOWS\system32\pjmrvonr.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))))))) . 2008-05-16 21:43 . 2008-05-16 22:06 3,956 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-16 21:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-16 21:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-16 21:42 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-16 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-16 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-16 21:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-16 21:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-16 21:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-16 21:37 . 2008-05-16 23:05 13,030 --a------ C:\PDOXUSRS.NET 2008-05-16 21:36 . 2008-05-16 21:36 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-05-16 21:36 . 2008-05-16 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared 2008-05-16 21:36 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-05-16 21:36 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-05-16 20:52 . 2008-05-16 20:52 135,232 --a------ C:\WINDOWS\system32\esoaebep.dll 2008-05-16 20:49 . 2008-05-16 20:49 124,480 --a------ C:\WINDOWS\system32\jmiqktam.dll 2008-05-13 22:09 . 2008-05-13 22:09 115,776 --a------ C:\WINDOWS\system32\ofoootin.dll 2008-05-13 21:57 . 2008-05-13 21:57 135,232 --a------ C:\WINDOWS\system32\fgreogbt.dll 2008-05-13 21:52 . 2008-05-13 21:52 124,480 --a------ C:\WINDOWS\system32\ooanhtab.dll 2008-05-12 22:57 . 2008-05-12 22:58 699,740 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate 2008-05-12 22:48 . 2008-05-12 22:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-12 22:46 . 2008-05-12 22:46 132,672 --a------ C:\WINDOWS\system32\iivqufuc.dll 2008-05-12 22:41 . 2008-05-12 22:41 124,480 --a------ C:\WINDOWS\system32\yuftscxo.dll 2008-05-12 22:41 . 2008-05-16 23:44 109,807 --a------ C:\WINDOWS\BMeb6e3e73.xml 2008-05-12 22:40 . 2008-05-12 22:40 370,176 --a------ C:\WINDOWS\system32\ddcCSMfD.dll 2008-05-12 22:37 . 2008-05-12 22:37 52,736 --a------ C:\WINDOWS\system32\efcDWQig.dll 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\remL 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\dFrnx01 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\brnd 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\arDA 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\1046a 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\Temp\tmpvc14 2008-05-12 22:35 . 2008-05-16 23:34 <REP> d-------- C:\Temp 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\Program Files\winvi 2008-05-12 22:35 . 2008-05-12 22:35 371,266 --a------ C:\Temp\hEmm0012.exe 2008-05-12 22:35 . 2008-05-12 22:35 52,736 --a------ C:\WINDOWS\system32\iifecdcC.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 19:03 --------- d-----w C:\Program Files\Alwil Software 2008-05-12 20:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-05-12 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-03 19:12 --------- d-----w C:\Documents and Settings\virginie\Application Data\dvdcss 2008-03-25 20:50 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67470C74-196F-4E22-81F4-1E4F678FB9D5}] 2008-05-12 22:40 370176 --a------ C:\WINDOWS\system32\ddcCSMfD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed077489-1787-44c1-ad56-aa518c7af5f9}] 2008-05-16 20:52 135232 --a------ C:\WINDOWS\system32\esoaebep.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}] 2008-05-12 22:35 52736 --a------ C:\WINDOWS\system32\iifecdcC.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 14:20 68856] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "WinUpdater"="C:\Program Files\winvi\update.exe" [ ] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 21:00 335872] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-04-01 21:24 98304] "SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [2004-03-10 16:26 172032] "VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2004-01-17 03:36 135168] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-01-19 10:49 290816] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768] "Drag'n Drop CD+DVD"="C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2004-02-02 19:59 1183744] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 19:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 18:40 188416] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-07 15:20 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-03 21:02 98304] "e85d0def"="C:\WINDOWS\system32\ofoootin.dll" [2008-05-13 22:09 115776] "BMeb6e3e73"="C:\WINDOWS\system32\jmiqktam.dll" [2008-05-16 20:49 124480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"= C:\WINDOWS\system32\iifecdcC.dll [2008-05-12 22:35 52736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecdcC] iifecdcC.dll 2008-05-12 22:35 52736 C:\WINDOWS\system32\iifecdcC.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 oibtvcom;Bluetooth Virtual COM Port;C:\WINDOWS\system32\Drivers\oivmvcom.sys [2003-03-14 10:12] R3 oivmctrl;VCOMM Device Controller;C:\WINDOWS\system32\Drivers\oivmctrl.sys [2003-01-06 17:20] R3 SPI;Périphérique de contrôle d'E/S programmable Sony;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 21:51] S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 23:45:40 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll -> C:\WINDOWS\system32\iifecdcC.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\ofoootin.dll -> C:\WINDOWS\system32\jmiqktam.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\1036\MSOFFICE.EXE C:\Program Files\sony\HotKey Utility\HKWnd.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-16 23:53:50 - machine was rebooted [virginie] ComboFix-quarantined-files.txt 2008-05-16 21:53:33 Pre-Run: 1,306,636,288 octets libres Post-Run: 6,219,739,136 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 192 --- E O F --- 2008-04-08 22:05:46 Merci d'avance pour votre aide.