Ynot

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 17 mai 2008
Dernière visite
le 19 mai 2008

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Ynot

Rapports HijackThis et ComboFix

Ynot a posté un sujet dans Analyses et éradication malwares

Bonjour, Après avoir fait un tour sur ce forum, j'ai lancé HijackThis et ComboFix sur mon portable qui est trop durement infecté pour qu'Avast! réussisse à le guérir. Voilà les deux rapports que j'aie obtenus. Que me conseillez vous de faire pour me débarrasser des malwares qui, entre autres, affichent des images de toon's sur mon bureau ? Rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:55:21, on 16/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\1036\msoffice.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\virginie\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [e85d0def] rundll32.exe "C:\WINDOWS\system32\ofoootin.dll",b O4 - HKLM\..\Run: [bMeb6e3e73] Rundll32.exe "C:\WINDOWS\system32\jmiqktam.dll",s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.0.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24a107a726f8dd...RdxIE601_fr.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2088426E-A968-46BB-9452-FD176D6C5BDF}: NameServer = 195.220.226.225,193.50.115.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{2088426E-A968-46BB-9452-FD176D6C5BDF}: NameServer = 195.220.226.225,193.50.115.200 O17 - HKLM\System\CS2\Services\Tcpip\..\{2088426E-A968-46BB-9452-FD176D6C5BDF}: NameServer = 195.220.226.225,193.50.115.200 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MrobeService - Unknown owner - C:\WINDOWS\system32\MRobeService.exe (file missing) O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 9838 bytes Rapport ComboFix : ComboFix 08-05-15.3 - virginie 2008-05-16 23:33:31.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.207 [GMT 2:00] Endroit: C:\Documents and Settings\virginie\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\virginie\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AntiSpywareMaster C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bkwmkkhh.exe C:\WINDOWS\system32\DfMSCcdd.ini C:\WINDOWS\system32\DfMSCcdd.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nitooofo.ini C:\WINDOWS\system32\ottccemk.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\petvawwv.exe C:\WINDOWS\system32\pjmrvonr.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))))))) . 2008-05-16 21:43 . 2008-05-16 22:06 3,956 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-16 21:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-16 21:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-16 21:42 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-16 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-16 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-16 21:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-16 21:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-16 21:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-16 21:37 . 2008-05-16 23:05 13,030 --a------ C:\PDOXUSRS.NET 2008-05-16 21:36 . 2008-05-16 21:36 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-05-16 21:36 . 2008-05-16 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared 2008-05-16 21:36 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2008-05-16 21:36 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2008-05-16 20:52 . 2008-05-16 20:52 135,232 --a------ C:\WINDOWS\system32\esoaebep.dll 2008-05-16 20:49 . 2008-05-16 20:49 124,480 --a------ C:\WINDOWS\system32\jmiqktam.dll 2008-05-13 22:09 . 2008-05-13 22:09 115,776 --a------ C:\WINDOWS\system32\ofoootin.dll 2008-05-13 21:57 . 2008-05-13 21:57 135,232 --a------ C:\WINDOWS\system32\fgreogbt.dll 2008-05-13 21:52 . 2008-05-13 21:52 124,480 --a------ C:\WINDOWS\system32\ooanhtab.dll 2008-05-12 22:57 . 2008-05-12 22:58 699,740 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate 2008-05-12 22:48 . 2008-05-12 22:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-12 22:46 . 2008-05-12 22:46 132,672 --a------ C:\WINDOWS\system32\iivqufuc.dll 2008-05-12 22:41 . 2008-05-12 22:41 124,480 --a------ C:\WINDOWS\system32\yuftscxo.dll 2008-05-12 22:41 . 2008-05-16 23:44 109,807 --a------ C:\WINDOWS\BMeb6e3e73.xml 2008-05-12 22:40 . 2008-05-12 22:40 370,176 --a------ C:\WINDOWS\system32\ddcCSMfD.dll 2008-05-12 22:37 . 2008-05-12 22:37 52,736 --a------ C:\WINDOWS\system32\efcDWQig.dll 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\remL 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\dFrnx01 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\brnd 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\arDA 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\WINDOWS\system32\1046a 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\Temp\tmpvc14 2008-05-12 22:35 . 2008-05-16 23:34 <REP> d-------- C:\Temp 2008-05-12 22:35 . 2008-05-12 22:35 <REP> d-------- C:\Program Files\winvi 2008-05-12 22:35 . 2008-05-12 22:35 371,266 --a------ C:\Temp\hEmm0012.exe 2008-05-12 22:35 . 2008-05-12 22:35 52,736 --a------ C:\WINDOWS\system32\iifecdcC.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 19:03 --------- d-----w C:\Program Files\Alwil Software 2008-05-12 20:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-05-12 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-03 19:12 --------- d-----w C:\Documents and Settings\virginie\Application Data\dvdcss 2008-03-25 20:50 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67470C74-196F-4E22-81F4-1E4F678FB9D5}] 2008-05-12 22:40 370176 --a------ C:\WINDOWS\system32\ddcCSMfD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed077489-1787-44c1-ad56-aa518c7af5f9}] 2008-05-16 20:52 135232 --a------ C:\WINDOWS\system32\esoaebep.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}] 2008-05-12 22:35 52736 --a------ C:\WINDOWS\system32\iifecdcC.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 14:20 68856] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "WinUpdater"="C:\Program Files\winvi\update.exe" [ ] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-25 21:00 335872] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-04-01 21:24 98304] "SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [2004-03-10 16:26 172032] "VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2004-01-17 03:36 135168] "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-01-19 10:49 290816] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768] "Drag'n Drop CD+DVD"="C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2004-02-02 19:59 1183744] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 19:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 18:40 188416] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-07 15:20 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-03 21:02 98304] "e85d0def"="C:\WINDOWS\system32\ofoootin.dll" [2008-05-13 22:09 115776] "BMeb6e3e73"="C:\WINDOWS\system32\jmiqktam.dll" [2008-05-16 20:49 124480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"= C:\WINDOWS\system32\iifecdcC.dll [2008-05-12 22:35 52736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecdcC] iifecdcC.dll 2008-05-12 22:35 52736 C:\WINDOWS\system32\iifecdcC.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 oibtvcom;Bluetooth Virtual COM Port;C:\WINDOWS\system32\Drivers\oivmvcom.sys [2003-03-14 10:12] R3 oivmctrl;VCOMM Device Controller;C:\WINDOWS\system32\Drivers\oivmctrl.sys [2003-01-06 17:20] R3 SPI;Périphérique de contrôle d'E/S programmable Sony;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 21:51] S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 23:45:40 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll -> C:\WINDOWS\system32\iifecdcC.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\ofoootin.dll -> C:\WINDOWS\system32\jmiqktam.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office\1036\MSOFFICE.EXE C:\Program Files\sony\HotKey Utility\HKWnd.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-16 23:53:50 - machine was rebooted [virginie] ComboFix-quarantined-files.txt 2008-05-16 21:53:33 Pre-Run: 1,306,636,288 octets libres Post-Run: 6,219,739,136 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 192 --- E O F --- 2008-04-08 22:05:46 Merci d'avance pour votre aide.
- le 18 mai 2008
- 1 réponse

Connexion

Ynot

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Ynot

Rapports HijackThis et ComboFix

Zebulon

Outils en ligne

Naviguer