mangaf

Bonjour ^^ Merci pour votre assistance et désolé pour ma réponse tardive. J'ai remarqué en fait, que vous insistiez beaucoup sur les supports amovibles? Je n'en possède pas un, mais je pense avoir chopé le malware via la clé usb d'un ami. Devrais-je lui prendre sa clé pour lancer les tests?

Bonjour tout le monde. Je me suis chopé hier un malware qui ne m'a pas l'air si dangereux, mais qui est quand même gênant. Voici les symptômes: 1-Au démarrage, le disque local contenant le windows (E:/ pour moi) s'ouvre tout seul 2-Tous les disques locaux se retrouvent avec le nom "Jacky" (pour C, E et F c'est ainsi, mais pour D c'est tout en majuscule "JACKY") 3-Quand on ouvre Internet Explorer, sur la barre bleue tout en haut il est écrit par exemple "Google - Hacked by Jackie", mais sur Firefox, navigateur par défaut, tout va bien. 4-Des fichiers "tmp" se créent par dizaine sur le bureau portant des noms assez similaire du type "Jackie rad18F7F.tmp" 5-Impossible d'ouvrir le gestionnaire des tâches, ça se referme automatiquement, pareil pour regedit. J'ai essayer des analyses antivirus (à jour), mais comme d'hab tout semble aller pour le mieux. En espérant que vous pourrez m'aider, voici le logfile de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:05:27, on 28/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Fingerprint Sensor\AtService.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Fichiers communs\ActivIdentity\ac.sharedstore.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Program Files\Analog Devices\Core\smax4pnp.exe E:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe E:\Program Files\ActivIdentity\ActivClient\acevents.exe E:\Program Files\ActivIdentity\ActivClient\accrdsub.exe E:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE E:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe E:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Java\jre6\bin\jusched.exe E:\Program Files\EdenWall Technologies\EdenWall Agent\bin\nuapplet2.exe E:\WINDOWS\System32\WScript.exe E:\WINDOWS\System32\WScript.exe E:\Program Files\Messenger\msmsgs.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe E:\Program Files\OpenOffice.org 3\program\soffice.exe E:\Program Files\OpenOffice.org 3\program\soffice.bin E:\Program Files\EdenWall Technologies\EdenWall Agent\bin\krbcc32s.exe E:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\EdenWall Technologies\EdenWall Agent\bin\NuSrv.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\ipfw.exe E:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe E:\WINDOWS\system32\wbem\wmiapsrv.exe E:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe E:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sn/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Jackie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.40.2:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - E:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [soundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] E:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [WirelessAssistant] E:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [acevents] "E:\Program Files\ActivIdentity\ActivClient\acevents.exe" O4 - HKLM\..\Run: [accrdsub] "E:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] E:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [iAAnotif] E:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl.exe] E:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nuapplet2] E:\Program Files\EdenWall Technologies\EdenWall Agent\bin\nuapplet2.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sbs_diasymreader] E:\WINDOWS\Microsoft.net\Framework\sbs_diasymreader.vbs O4 - HKLM\..\Run: [NETFXSBS10] E:\WINDOWS\Microsoft.net\Framework\NETFXSBS10.vbs O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ms2mit] E:\Program Files\EdenWall Technologies\EdenWall Agent\bin\ms2mit.exe O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1261579908281 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262826854671 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfi...fig_4_0_1_3.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ackpbsc - E:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll O20 - Winlogon Notify: acunlock - E:\Program Files\ActivIdentity\ActivClient\acunlock.dll O20 - Winlogon Notify: MIT_KFW - E:\WINDOWS\SYSTEM32\kfwlogon.dll O20 - Winlogon Notify: OneCard - E:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - E:\Program Files\Fichiers communs\ActivIdentity\ac.sharedstore.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - E:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - E:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - E:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - E:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ipfw_helper (ipfw) - Unknown owner - E:\WINDOWS\system32\\ipfw.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NuSrv - EdenWall Technologies - E:\Program Files\EdenWall Technologies\EdenWall Agent\bin\NuSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe -- End of file - 12750 bytes Cordialement, Mangaf