Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

rapport hijackthis

Invité patrice

Par Invité patrice
dans Analyses et éradication malwares

 Partager

Messages recommandés

Invité patrice

Invité patrice

Posté(e)
Posté(e)

bonjour a tous,

quelqu'un pourrai t'il m'aider, mon pc est infecté, voici le rapport hisjack

D"avance merci

 

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:01:08, on 22/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\WINDOWS\vphc600.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\chkdsker.exe

C:\WINDOWS\system32\rolsbh.exe

C:\WINDOWS\system32\Rundll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

C:\PROGRA~1\MICROS~4\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe

O4 - HKLM\..\Run: [MyApp] C:\PROGRA~1\PASTOU~1\PASTOU~1.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WMUAgent.exe] C:\Program Files\WakeMeUp\WMUAgent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CHK Disker] chkdsker.exe

O4 - HKLM\..\Run: [rolsbh] C:\WINDOWS\system32\rolsbh.exe \u

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bMeff99df3] Rundll32.exe "C:\WINDOWS\system32\kcduhjgm.dll",s

O4 - HKLM\..\Run: [eccaae6f] rundll32.exe "C:\WINDOWS\system32\cttcgvhc.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"

O4 - HKCU\..\Run: [WMUTray.exe] C:\Program Files\WakeMeUp\WMUTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/...rg/ESTPTest.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_10.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Downloads/gdm/GDM6/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D4F16B8-7D9E-4390-891F-01CF309C7E6D}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2D4F16B8-7D9E-4390-891F-01CF309C7E6D}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{2D4F16B8-7D9E-4390-891F-01CF309C7E6D}: NameServer = 192.168.1.1

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 14204 bytes

Invité patrice

Invité patrice

Posté(e)
Posté(e)

rebonjour, voici le rapport combofix effectué juste avant hijackthis

 

ComboFix 08-04-20.5 - pat 2008-04-22 8:29:52.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1463 [GMT 2:00]

Endroit: C:\Documents and Settings\pat\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000033_.tmp.dll

C:\WINDOWS\system32\_000045_.tmp.dll

C:\WINDOWS\system32\_000057_.tmp.dll

C:\WINDOWS\system32\_000060_.tmp.dll

C:\WINDOWS\system32\_000067_.tmp.dll

C:\WINDOWS\system32\_000070_.tmp.dll

C:\WINDOWS\system32\_000081_.tmp.dll

C:\WINDOWS\system32\_003548_.tmp.dll

C:\WINDOWS\system32\_003551_.tmp.dll

C:\WINDOWS\system32\_003554_.tmp.dll

C:\WINDOWS\system32\_003556_.tmp.dll

C:\WINDOWS\system32\_003640_.tmp.dll

C:\WINDOWS\system32\_003651_.tmp.dll

C:\WINDOWS\system32\_003661_.tmp.dll

C:\WINDOWS\system32\_003664_.tmp.dll

C:\WINDOWS\system32\_003674_.tmp.dll

C:\WINDOWS\system32\_003714_.tmp.dll

C:\WINDOWS\system32\_003715_.tmp.dll

C:\WINDOWS\system32\_003716_.tmp.dll

C:\WINDOWS\system32\_003717_.tmp.dll

C:\WINDOWS\system32\_003724_.tmp.dll

C:\WINDOWS\system32\_003725_.tmp.dll

C:\WINDOWS\system32\_003726_.tmp.dll

C:\WINDOWS\system32\_003727_.tmp.dll

C:\WINDOWS\system32\_003729_.tmp.dll

C:\WINDOWS\system32\_003730_.tmp.dll

C:\WINDOWS\system32\_003733_.tmp.dll

C:\WINDOWS\system32\_003734_.tmp.dll

C:\WINDOWS\system32\_003736_.tmp.dll

C:\WINDOWS\system32\_003737_.tmp.dll

C:\WINDOWS\system32\_003738_.tmp.dll

C:\WINDOWS\system32\_003740_.tmp.dll

C:\WINDOWS\system32\_003741_.tmp.dll

C:\WINDOWS\system32\_003743_.tmp.dll

C:\WINDOWS\system32\_003747_.tmp.dll

C:\WINDOWS\system32\_003748_.tmp.dll

C:\WINDOWS\system32\_003750_.tmp.dll

C:\WINDOWS\system32\_003751_.tmp.dll

C:\WINDOWS\system32\_003753_.tmp.dll

C:\WINDOWS\system32\_003755_.tmp.dll

C:\WINDOWS\system32\_003756_.tmp.dll

C:\WINDOWS\system32\_003757_.tmp.dll

C:\WINDOWS\system32\_003758_.tmp.dll

C:\WINDOWS\system32\_003759_.tmp.dll

C:\WINDOWS\system32\_003762_.tmp.dll

C:\WINDOWS\system32\_003764_.tmp.dll

C:\WINDOWS\system32\_003765_.tmp.dll

C:\WINDOWS\system32\_003766_.tmp.dll

C:\WINDOWS\system32\_003770_.tmp.dll

C:\WINDOWS\system32\mlJCTJDw.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pmnkIXnL.dll

C:\WINDOWS\system32\TwHknUtv.ini

C:\WINDOWS\system32\TwHknUtv.ini2

C:\WINDOWS\system32\wanpacket.dll

C:\WINDOWS\system32\wDJTCJlm.ini

C:\WINDOWS\system32\wDJTCJlm.ini2

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\xxyxwvSi.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-21 23:21 . 2008-04-21 23:21 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-04-21 22:36 . 2008-04-21 22:36 93 --a------ C:\WINDOWS\wininit.ini

2008-04-21 22:29 . 2008-04-21 22:27 34,743,021 --a------ C:\WINDOWS\LPT$VPN.229

2008-04-21 22:27 . 2008-04-21 22:27 34,743,021 --a------ C:\WINDOWS\VPTNFILE.229

2008-04-21 22:25 . 2008-04-21 22:28 <REP> d-------- C:\WINDOWS\AU_Temp

2008-04-21 21:29 . 2008-04-21 19:27 122,368 -r-hs---- C:\WINDOWS\system32\chkdsker.exe

2008-04-21 21:29 . 2008-04-21 21:29 58,368 --a------ C:\WINDOWS\system32\rolsbh.exe

2008-04-21 21:29 . 2008-04-21 21:29 58,368 ---h----- C:\Documents and Settings\pat\wgnd.exe

2008-04-15 20:04 . 2008-04-16 07:42 <REP> d-------- C:\Program Files\FrostWire

2008-04-15 20:03 . 2007-03-19 20:13 6,422,611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe

2008-04-02 22:27 . 2008-02-12 22:06 31,232 --a------ C:\WINDOWS\system\vdremote.dll

2008-04-02 22:27 . 2008-02-12 22:05 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll

2008-04-02 13:25 . 2008-04-02 13:25 <REP> d-------- C:\Program Files\AviSynth 2.5

2008-04-02 13:16 . 2008-04-02 13:16 <REP> d-------- C:\Program Files\ffdshow

2008-04-02 13:16 . 2008-04-02 19:02 <REP> d-------- C:\Documents and Settings\pat\NeoDivX Suite

2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-29 14:53 . 2008-03-29 14:53 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-03-24 16:56 . 2008-03-24 16:56 <REP> d-------- C:\Documents and Settings\pat\Application Data\Bitdefender

2008-03-24 16:49 . 2008-04-22 08:44 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-03-24 16:47 . 2008-03-24 16:47 <REP> d-------- C:\Program Files\Softwin

2008-03-24 16:47 . 2008-03-24 16:47 <REP> d-------- C:\Program Files\Fichiers communs\Softwin

2008-03-24 16:47 . 2008-03-24 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

2008-03-24 16:27 . 2008-03-24 16:27 <REP> d-------- C:\Program Files\Alwil Software

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 06:46 --------- d-----w C:\Program Files\Wanadoo

2008-04-22 05:47 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin

2008-04-21 20:27 91,744 ----a-w C:\WINDOWS\BPMNT.dll

2008-04-21 20:27 71,749 ----a-w C:\WINDOWS\hcextoutput.dll

2008-04-21 20:27 333,576 ----a-w C:\WINDOWS\tsc.exe

2008-04-21 20:27 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll

2008-04-21 20:21 --------- d-----w C:\Program Files\a-squared Free

2008-04-20 16:46 --------- d-----w C:\Program Files\eMule

2008-04-20 09:32 --------- d-----w C:\Documents and Settings\pat\Application Data\uTorrent

2008-04-18 11:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-17 20:22 --------- d-----w C:\Program Files\DkZ Studio

2008-04-15 18:04 457 ----a-w C:\Program Files\INSTALL.LOG

2008-04-13 15:19 --------- d-----w C:\Program Files\DivX

2008-04-11 18:44 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-04-08 11:43 --------- d-----w C:\Documents and Settings\pat\Application Data\OpenOffice.org2

2008-04-05 12:38 --------- d-----w C:\Program Files\Steam

2008-04-02 20:22 --------- d-----w C:\Program Files\MediaCoder

2008-04-02 11:25 --------- d-----w C:\Program Files\WinASPI

2008-04-02 11:22 --------- d-----w C:\Program Files\neodivx2006

2008-03-29 12:53 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-29 12:52 --------- d-----w C:\Program Files\Google

2008-03-27 11:15 --------- d-----w C:\Program Files\TTracker

2008-03-24 14:43 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-03-24 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-24 14:41 --------- d-----w C:\Program Files\Symantec

2008-03-13 11:22 --------- d-----w C:\Program Files\Eltima Software

2008-03-07 14:41 --------- d-----w C:\Program Files\iTunes

2008-03-07 14:41 --------- d-----w C:\Program Files\iPod

2008-03-02 23:38 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-03-02 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-28 20:42 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-02-28 20:38 --------- d-----w C:\Program Files\Windows Live

2008-02-07 11:08 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-12 17:46 21,368 ----a-w C:\Documents and Settings\pat\Application Data\GDIPFONTCACHEV1.DAT

2007-12-14 16:31 11,540 ----a-w C:\Program Files\log.txt

2007-10-10 08:26 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe

2007-10-17 20:49 168 --sh--r C:\WINDOWS\system32\356A9779DD.sys

2007-10-17 20:49 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AB45098-D4E5-4BD1-9A78-E7DF4B28D785}]

C:\WINDOWS\system32\vtUnkHwT.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-09-13 18:11 1122304]

"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2006-06-26 22:45 1211176]

"WMUTray.exe"="C:\Program Files\WakeMeUp\WMUTray.exe" [ ]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 09:36 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]

"36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 18:23 1953792]

"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]

"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-11-17 10:52 208896]

"phc600"="C:\WINDOWS\vphc600.exe" [2006-10-16 10:14 344064]

"MyApp"="C:\PROGRA~1\PASTOU~1\PASTOU~1.EXE" [ ]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 19:37 69216]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

"WMUAgent.exe"="C:\Program Files\WakeMeUp\WMUAgent.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 17:48 290816]

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 16:49 69632]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-29 14:53 185896]

"CHK Disker"="chkdsker.exe" [2008-04-21 19:27 122368 C:\WINDOWS\system32\chkdsker.exe]

"rolsbh"="C:\WINDOWS\system32\rolsbh.exe" [2008-04-21 21:29 58368]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

"msacm.scg726"= scg726.acm

"msacm.alf2cd"= alf2cd.acm

"msacm.ac3acm"= AC3ACM.acm

"vidc.dvsd"= mcdvd_32.dll

"msacm.lameacm"= LameACM.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Documents and Settings\\pat\\wgnd.exe"=

"C:\\WINDOWS\\system32\\rolsbh.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:Port DCOM (135)

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-28 11:20]

R3 systormflb;REVOLTEC FightBoard;C:\WINDOWS\system32\DRIVERS\systormflb.sys [2006-08-30 23:28]

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]

S3 phc600;USB PC Camera (SPC600NC);C:\WINDOWS\system32\DRIVERS\phc600.sys [2006-10-16 10:44]

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 08:45:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 1056

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\searchindexer.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-22 8:52:20 - machine was rebooted [pat]

ComboFix-quarantined-files.txt 2008-04-22 06:52:16

 

Pre-Run: 106,488,193,024 octets libres

Post-Run: 108,855,140,352 octets libres

 

271 --- E O F --- 2008-04-09 10:16:22

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...