Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Demande Analyse Rapport ComboFix et HijackThis

alfrai

Par alfrai
dans Analyses et éradication malwares

 Partager

Messages recommandés

alfrai Junior Member

alfrai

Posté(e)
Posté(e)

Bonjour.

 

Pourriez-vous me dire si mon pc est encore infecté ou pas. J'ai utilisé le programme ComboFix pour tenter de virer des trojan, virus, vers... qui ralentissaient ma machine, notamment qu'on je traitais mes mails sur YahooMail. J'ai suivi un guide . Ce dernier préconise l'avis d'un assistant expérimenté pour poursuivre la desinfection de mon pc. Voici une copie des fichiers log de ComboFix ainsi qu'un log HijackThis. Merci d'avance pour vos conseils et votre aide.

 

 

 

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 

ComboFix 08-06-05.3 - darrty 2008-06-07 14:25:46.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.188 [GMT 2:00]

Endroit: C:\Documents and Settings\darrty\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000006_.tmp.dll

C:\WINDOWS\system32\_000007_.tmp.dll

C:\WINDOWS\system32\_000010_.tmp.dll

C:\WINDOWS\system32\_000011_.tmp.dll

C:\WINDOWS\system32\_000012_.tmp.dll

C:\WINDOWS\system32\kmd.exe

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-07 14:01 . 2008-06-07 14:01 <REP> d-------- C:\WINDOWS\LastGood

2008-06-05 17:10 . 2008-06-05 17:10 <REP> d-------- C:\WINDOWS\Internet Logs

2008-06-05 17:10 . 2008-06-05 17:10 <REP> d-------- C:\Program Files\Zone Labs

2008-06-05 16:25 . 2008-06-05 16:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-06-05 15:57 . 2008-06-05 16:16 691,545 --a------ C:\WINDOWS\unins000.exe

2008-06-05 15:57 . 2008-06-05 16:17 4,646 --a------ C:\WINDOWS\unins000.dat

2008-06-05 11:51 . 2008-06-05 11:51 <REP> d-------- C:\Program Files\Avira

2008-06-05 10:46 . 2008-06-05 10:46 <REP> d-------- C:\Program Files\CCleaner

2008-06-04 18:58 . 2008-06-04 18:58 <REP> d-------- C:\ComboFix(2)

2008-06-03 17:24 . 2008-06-03 17:31 <REP> d-------- C:\Program Files\RegCleaner

2008-05-27 11:02 . 2008-05-27 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-27 11:02 . 2008-05-27 11:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-25 13:14 . 2008-05-25 13:14 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-05-25 13:14 . 2008-05-25 13:14 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-05-25 03:33 . 2008-05-25 14:03 <REP> d-------- C:\Games

2008-05-24 15:56 . 2008-05-24 16:02 <REP> d-------- C:\Documents and Settings\darrty\Application Data\MozillaControl

2008-05-24 15:53 . 2008-06-03 01:57 <REP> d-------- C:\Program Files\Salted Services

2008-05-23 13:29 . 2008-05-23 14:19 <REP> d-------- C:\Documents and Settings\darrty\iWizz

2008-05-23 13:26 . 2008-06-03 16:00 <REP> d-------- C:\Documents and Settings\darrty\.bitrock

2008-05-22 14:05 . 2008-06-05 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-16 13:52 . 2008-05-16 13:52 <REP> d-------- C:\Documents and Settings\darrty\Application Data\FireShot

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-07 12:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-07 11:33 --------- d-----w C:\Program Files\RamBoost XP

2008-06-07 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-06 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-06 08:54 --------- d-----w C:\Program Files\Spyware Doctor

2008-06-05 20:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-06-05 15:51 --------- d-----w C:\Program Files\a-squared Free

2008-06-05 14:31 --------- d-----w C:\Program Files\Lavasoft

2008-06-05 13:28 --------- d-----w C:\Program Files\Fichiers communs\Macromedia

2008-06-05 13:27 --------- d-----w C:\Program Files\Macromedia

2008-06-05 13:24 --------- d-----w C:\Program Files\DivX

2008-06-05 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira

2008-06-03 16:45 --------- d-----w C:\Program Files\Copernic Agent

2008-05-29 10:31 --------- d-----w C:\Program Files\Google

2008-05-25 13:47 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-05-25 13:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-05-25 12:23 --------- d-----w C:\Documents and Settings\darrty\Application Data\Grisbi

2008-05-25 12:02 --------- d-----w C:\Program Files\GameTop.com

2008-05-25 00:20 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-05-22 12:06 --------- d-----w C:\Documents and Settings\darrty\Application Data\Lavasoft

2008-05-16 11:54 --------- d-----w C:\Program Files\Savescreen

2008-05-15 15:55 --------- d-----w C:\Documents and Settings\darrty\Application Data\FileZilla

2008-05-12 11:06 --------- d-----w C:\Program Files\adslTV

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-24 11:22 --------- d-----w C:\Documents and Settings\darrty\Application Data\vlc

2008-04-14 09:36 --------- d-----w C:\Documents and Settings\darrty\Application Data\gtk-2.0

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-23 12:53 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6562.exe

2008-03-23 12:53 15,397 ----a-w C:\Program Files\settings.dat

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2007-10-24 01:30 716 ----a-w C:\Documents and Settings\darrty\Application Data\wklnhst.dat

2007-04-07 18:23 488 ----a-w C:\Documents and Settings\darrty\jdraw.v1.1.5.dat

2007-03-26 16:12 906,240 ----a-w C:\Program Files\mozilla firefox\plugins\BICplayer.dll

2007-03-26 16:02 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll

2007-03-26 16:14 929,280 ----a-w C:\Program Files\mozilla firefox\plugins\vb2splayer.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADDEE521-F1CC-4B89-8C88-B2CF625B9163}]

2007-10-10 19:25 1441792 --a------ C:\Program Files\Core Services\Companion.JS\CompanionJS.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F286500C-177A-4316-9E88-9814FBB1DC3D}]

2008-05-29 12:29 156144 --a----t- C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 15:20 68856]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 22:48 1542144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2006-03-09 14:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

"VIDC.NTN1"= nuvision.ax

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur d’état.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur d’état.lnk

backup=C:\WINDOWS\pss\Contrôleur d’état.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

 

[HKLM\~\startupfolder\C:^Documents and Settings^darrty^Menu Démarrer^Programmes^Démarrage^CSV AdStats 4.0.appref-ms]

path=C:\Documents and Settings\darrty\Menu Démarrer\Programmes\Démarrage\CSV AdStats 4.0.appref-ms

backup=C:\WINDOWS\pss\CSV AdStats 4.0.appref-msStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^darrty^Menu Démarrer^Programmes^Démarrage^WampServer.lnk]

path=C:\Documents and Settings\darrty\Menu Démarrer\Programmes\Démarrage\WampServer.lnk

backup=C:\WINDOWS\pss\WampServer.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-16 12:45 63712 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a------ 2004-11-17 13:47 118784 C:\Program Files\Apoint\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--a------ 2006-01-25 11:45 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

--a------ 2008-04-23 18:19 1189104 C:\Program Files\CCleaner\ccleaner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]

C:\Program Files\ChristmasTree\ChristmasTree.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

--------- 2005-05-17 18:42 933888 C:\Program Files\Brother\ControlCenter2\brctrcen.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]

--a------ 2006-02-28 14:29 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2006-03-23 06:13 77824 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2006-03-23 06:17 118784 C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2006-03-23 06:17 94208 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

--a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a------ 2006-02-28 14:25 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]

--a------ 2006-02-28 14:25 667718 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]

--a------ 2004-02-20 14:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

--a------ 2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OBSWATCH]

C:\PROGRA~1\OrangeBs\Watch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICE One Startup v1]

C:\Program Files\Mindscape\OFFICE One\OFFICE One Startup v1\oostartupv1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

--a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]

-ra------ 2004-07-06 14:15 40960 C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBoostXp]

--a------ 2004-03-09 22:48 1542144 C:\Program Files\RamBoost XP\rambxpfr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\road draw]

:C:\DOCUME~1\darrty\APPLIC~1\FORDER~1\DVD OPTION START.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

C:\Program Files\Spyware Doctor\SDTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Send Mp3 Audio Ante]

C:\Documents and Settings\All Users\Application Data\LOGEXITSENDMP3\Support Grim.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

--------- 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2006-04-24 08:20 1448960 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]

--a------ 2006-03-09 20:58 217088 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

--a------ 2006-01-07 02:36 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

-ra------ 2003-10-14 11:22 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-04-04 15:20 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]

--a------ 2006-02-14 12:11 176128 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]

--a------ 2005-10-11 21:36 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Zattoo\\Zattoo2.exe"=

"C:\\Program Files\\Zattoo\\zattood.exe"=

"C:\\Program Files\\Zattoo\\Zattoo.exe"=

"C:\\Program Files\\adslTV\\adsltv.exe"=

"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

 

R0 shpf;Sony HDD Protection Filter Driver;C:\WINDOWS\system32\DRIVERS\shpf.sys [2005-11-21 07:06]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2007-08-21 04:25]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 04:59]

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 11:32]

S2 gupdate;Google Update Service;"C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe" /svc /lang en []

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]

S3 d8e417ef-5130-4801-8251-7f5db7bd8f9e;d8e417ef-5130-4801-8251-7f5db7bd8f9e;G:\Player\cds300.dll []

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-25 01:20]

S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 19:54]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-09-01 19:54]

S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 17:45]

S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\Drivers\hcw95bda.sys [2007-04-04 20:45]

S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2007-04-04 20:48]

S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 04:19]

S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]

S3 NuVision;Hauppauge WinTV USB Pro (PAL/SECAM FM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2003-04-30 21:59]

S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-01-27 10:56]

S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

 

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-06-07 11:33:35 C:\WINDOWS\Tasks\GoogleUpdateTask.job"

- C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-07 14:42:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

Temps d'accomplissement: 2008-06-07 15:06:10

ComboFix-quarantined-files.txt 2008-06-07 13:05:04

 

Pre-Run: 3,599,810,560 octets libres

Post-Run: 3,590,205,440 octets libres

 

253 --- E O F --- 2008-06-07 12:03:04

 

 

 

 

 

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:14, on 07/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\RamBoost XP\rambxpfr.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Schmap Local - {AC89BF9C-4296-476C-86BC-6CAA3B398AB5} - C:\Program Files\Schmap\SchmapLocal\SchmapLocalIE.dll

O2 - BHO: JSDebuggerBHOIEInstance - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll

O2 - BHO: Google Update Class - {F286500C-177A-4316-9E88-9814FBB1DC3D} - C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Schmap Local - {f53a1294-34c5-4e48-afbd-5f5d5f081d2a} - C:\Program Files\Schmap\SchmapLocal\SchmapLocalIE.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: http://www.secuser.com

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apache - Avira GmbH - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Avlib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Avlib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Avlib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Avlib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 12885 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...