PC infecté - Log HiJackThis

PC infecté - Log HiJackThis - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !

Se connecter | Inscription

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : PC infecté - Log HiJackThis

sergio_171 2

Profil : IDNaute

Plus d'informations

13-11-2007 à 11:51:08

Bonjour,

Ci-joint le log HiJackThis pour vérifier ce qui ne va pas.
Merci d'avance à ceux qui prendont un moment pour le regarder.
@+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:56, on 13/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\AtlogMtm\Atlback3.exe
C:\Program Files\ChaosSoft\TransText\TransText.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Serge\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {60e6cf9b-28e3-48f8-b3ed-44524658833a} - C:\WINNT\system32\dmad100.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Atlog multimédia V3.lnk = C:\Program Files\AtlogMtm\Atlback3.exe
O4 - Global Startup: TransText.lnk = C:\Program Files\ChaosSoft\TransText\TransText.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B413BCD6-40D8-4B14-A408-CF0DAA6ED791}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dmad100 - C:\WINNT\SYSTEM32\dmad100.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6944 bytes

Liens spon sorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark

Profil : Helper

Plus d'informations

13-11-2007 à 12:06:55

Masquer

Bonjour,

Analyse le fichier chez VirusTotal puis poste le rapport :
C:\WINNT\system32\dmad100.dll

Quels sont tes problèmes ?

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

sergio_171 2

Profil : IDNaute

Plus d'informations

13-11-2007 à 14:55:21

Masquer

Bonjour,

Je possède BitDefender et en effet, le fichier dmad100.dll est infecté.
J'ai aussi des fichiers tmp80.tmp.exe, tmp81.tmp.exe etc... qui se créent dans C:\Documents and Settings\Serge\Application Data et qui sont infectés par Trojan.Juan.AD et Trojan.Clicker.MND.

Je peux les supprimer en Mode sans echec mais ils reviennent.

Que dois-je donc faire STP?

Merci

sergio_171 2

Profil : IDNaute

Plus d'informations

13-11-2007 à 14:57:16

Masquer

Re,

Un oubli dans le post précédent :

dmad100.dll est infecté par Trojan.Virtumod.JT

@+

Angeldark

Profil : Helper

Plus d'informations

13-11-2007 à 16:24:01

Masquer

Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

sergio_171 2

Profil : IDNaute

Plus d'informations

13-11-2007 à 16:57:27

Masquer

Voici le rapport ComBofix.

ComboFix 07-11-08.1 - Serge 2007-11-13 16:46:12.1 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.606 [GMT 1:00]
Running from: C:\Documents and Settings\Serge\Bureau\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Bureau\internet.lnk
C:\Documents and Settings\Serge\Application Data\tmp80.tmp.exe
C:\Documents and Settings\Serge\Application Data\tmp81.tmp.exe
C:\Documents and Settings\Serge\Application Data\tmp84.tmp.exe
C:\Documents and Settings\Serge\Application Data\tmp85.tmp.exe
C:\WINNT\cookies.ini
C:\WINNT\system32\dn1870210d.dat
C:\WINNT\system32\tmp1A8.tmp.dll
C:\WINNT\system32\tmp30B.tmp.dll
C:\WINNT\system32\tmp32.tmp.dll
C:\WINNT\system32\tmp9.tmp.dll
C:\WINNT\system32\tmpCC.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 16:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_478.dat
2007-11-13 16:42 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-13 15:26 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-11-13 15:26 301,712 --a--c--- C:\WINNT\system32\dllcache\drmclien.dll
2007-11-13 15:26 192,512 --a--c--- C:\WINNT\system32\dllcache\unregmp2.exe
2007-11-13 15:26 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-11-13 15:26 82,432 --a--c--- C:\WINNT\system32\dllcache\drmstor.dll
2007-11-13 15:26 9,728 --a--c--- C:\WINNT\system32\dllcache\npwmsdrm.dll
2007-11-13 14:50 84,809 --a------ C:\WINNT\qommmj.dll
2007-11-13 10:35 84,809 --a------ C:\WINNT\ssrpol.dll
2007-11-09 16:04 26 --a------ C:\WINNT\system32\ipconf.bat
2007-10-29 11:12 <DIR> d-------- C:\Program Files\Volo View Express
2007-10-29 08:10 84,808 --a------ C:\WINNT\ddbawu.dll
2007-10-26 16:28 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-22 09:04 85,060 --a------ C:\WINNT\hgfghh.dll
2007-10-22 07:04 85,060 --a------ C:\WINNT\geedef.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 15:45 --------- d-----w C:\Documents and Settings\Serge\Application Data\Skype
2007-11-13 14:26 --------- d-----w C:\Program Files\Fichiers communs\Adaptec Shared
2007-11-13 10:40 --------- d-----w C:\Program Files\BeClean
2007-11-13 10:30 --------- d-----w C:\Documents and Settings\Serge\Application Data\EoRezo
2007-10-29 10:12 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2007-10-23 06:06 --------- d-----w C:\Program Files\XoftSpySE
2007-10-15 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-11 06:12 --------- d-----w C:\Program Files\SereneScreen
2007-10-05 08:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 14:13 846 ----a-w C:\Sauve_Serge.bat
2007-09-20 07:12 --------- d-----w C:\Program Files\Seagrand
2007-09-18 14:42 --------- d-----w C:\Program Files\PopTray
2007-09-17 13:26 --------- d-----w C:\Program Files\ChaosSoft
2006-08-03 14:18 457 ----a-w C:\Program Files\INSTALL.LOG
2006-02-23 15:56 271 ---h--w C:\Program Files\desktop.ini
2006-02-23 15:56 22,115 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e6cf9b-28e3-48f8-b3ed-44524658833a}]
07-07-30 16:06 92554 --a------ C:\WINNT\system32\dmad100.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 13:00 C:\WINNT\system32\mobsync.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 03:00 ]
"BDNewsAgent"="c:\progra~1\softwin\bitdef~1\bdnagent.exe" [05-06-09 11:28 ]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [05-03-11 18:53 ]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [06-06-22 15:26 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [05-11-15 20:21 ]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07-07-02 16:10 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
WcesWlgn.dll 05-11-15 19:44 7168 C:\WINNT\system32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmad100]
dmad100.dll 07-07-30 16:06 92554 C:\WINNT\system32\dmad100.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\WINNT\system32\DRIVERS\usbhub20.sys
S2 KeyP;KeyP;\??\C:\WINNT\system32\Drivers\KeyP.sys
S3 DTVFW;LITE-ON DVB-T USB adapter firmware;C:\WINNT\system32\DRIVERS\dtvfw.sys
S3 FTLUND;Lundinova Filter Driver;C:\WINNT\system32\drivers\ftlund.sys
S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys
S3 usbdtv;LITE-ON DVB-T (PID=F001) receiver;C:\WINNT\system32\Drivers\usbdtv.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-13 11:46:06 C:\WINNT\Tasks\Sauve_Serge.job"
- C:\Sauve_Serge.bat
"2007-11-13 07:09:39 C:\WINNT\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 16:52:10
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_8c.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-13 16:54:19 - machine was rebooted
.
--- E O F ---

Angeldark

Profil : Helper

Plus d'informations

13-11-2007 à 17:04:23

Masquer

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINNT\qommmj.dll
C:\WINNT\ssrpol.dll
C:\WINNT\ddbawu.dll
C:\WINNT\hgfghh.dll
C:\WINNT\geedef.dll
C:\WINNT\system32\dmad100.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e6cf9b-28e3-48f8-b3ed-44524658833a}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmad100]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

sergio_171 2

Profil : IDNaute

Plus d'informations

13-11-2007 à 18:23:57

Masquer

Re,

Voici les 2 rapports

ComboFix 07-11-08.1 - Serge 2007-11-13 16:46:12.1 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.606 [GMT 1:00]
Running from: C:\Documents and Settings\Serge\Bureau\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Bureau\internet.lnk
C:\Documents and Settings\Serge\Application Data\tmp80.tmp.exe
C:\Documents and Settings\Serge\Application Data\tmp81.tmp.exe
C:\Documents and Settings\Serge\Application Data\tmp84.tmp.exe
C:\Documents and Settings\Serge\Application Data\tmp85.tmp.exe
C:\WINNT\cookies.ini
C:\WINNT\system32\dn1870210d.dat
C:\WINNT\system32\tmp1A8.tmp.dll
C:\WINNT\system32\tmp30B.tmp.dll
C:\WINNT\system32\tmp32.tmp.dll
C:\WINNT\system32\tmp9.tmp.dll
C:\WINNT\system32\tmpCC.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 16:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_478.dat
2007-11-13 16:42 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-13 15:26 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-11-13 15:26 301,712 --a--c--- C:\WINNT\system32\dllcache\drmclien.dll
2007-11-13 15:26 192,512 --a--c--- C:\WINNT\system32\dllcache\unregmp2.exe
2007-11-13 15:26 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-11-13 15:26 82,432 --a--c--- C:\WINNT\system32\dllcache\drmstor.dll
2007-11-13 15:26 9,728 --a--c--- C:\WINNT\system32\dllcache\npwmsdrm.dll
2007-11-13 14:50 84,809 --a------ C:\WINNT\qommmj.dll
2007-11-13 10:35 84,809 --a------ C:\WINNT\ssrpol.dll
2007-11-09 16:04 26 --a------ C:\WINNT\system32\ipconf.bat
2007-10-29 11:12 <DIR> d-------- C:\Program Files\Volo View Express
2007-10-29 08:10 84,808 --a------ C:\WINNT\ddbawu.dll
2007-10-26 16:28 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-22 09:04 85,060 --a------ C:\WINNT\hgfghh.dll
2007-10-22 07:04 85,060 --a------ C:\WINNT\geedef.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 15:45 --------- d-----w C:\Documents and Settings\Serge\Application Data\Skype
2007-11-13 14:26 --------- d-----w C:\Program Files\Fichiers communs\Adaptec Shared
2007-11-13 10:40 --------- d-----w C:\Program Files\BeClean
2007-11-13 10:30 --------- d-----w C:\Documents and Settings\Serge\Application Data\EoRezo
2007-10-29 10:12 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2007-10-23 06:06 --------- d-----w C:\Program Files\XoftSpySE
2007-10-15 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-11 06:12 --------- d-----w C:\Program Files\SereneScreen
2007-10-05 08:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 14:13 846 ----a-w C:\Sauve_Serge.bat
2007-09-20 07:12 --------- d-----w C:\Program Files\Seagrand
2007-09-18 14:42 --------- d-----w C:\Program Files\PopTray
2007-09-17 13:26 --------- d-----w C:\Program Files\ChaosSoft
2006-08-03 14:18 457 ----a-w C:\Program Files\INSTALL.LOG
2006-02-23 15:56 271 ---h--w C:\Program Files\desktop.ini
2006-02-23 15:56 22,115 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e6cf9b-28e3-48f8-b3ed-44524658833a}]
07-07-30 16:06 92554 --a------ C:\WINNT\system32\dmad100.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 13:00 C:\WINNT\system32\mobsync.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 03:00 ]
"BDNewsAgent"="c:\progra~1\softwin\bitdef~1\bdnagent.exe" [05-06-09 11:28 ]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [05-03-11 18:53 ]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [06-06-22 15:26 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [05-11-15 20:21 ]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07-07-02 16:10 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
WcesWlgn.dll 05-11-15 19:44 7168 C:\WINNT\system32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmad100]
dmad100.dll 07-07-30 16:06 92554 C:\WINNT\system32\dmad100.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\WINNT\system32\DRIVERS\usbhub20.sys
S2 KeyP;KeyP;\??\C:\WINNT\system32\Drivers\KeyP.sys
S3 DTVFW;LITE-ON DVB-T USB adapter firmware;C:\WINNT\system32\DRIVERS\dtvfw.sys
S3 FTLUND;Lundinova Filter Driver;C:\WINNT\system32\drivers\ftlund.sys
S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys
S3 usbdtv;LITE-ON DVB-T (PID=F001) receiver;C:\WINNT\system32\Drivers\usbdtv.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-13 11:46:06 C:\WINNT\Tasks\Sauve_Serge.job"
- C:\Sauve_Serge.bat
"2007-11-13 07:09:39 C:\WINNT\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 16:52:10
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_8c.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-13 16:54:19 - machine was rebooted
.
--- E O F ---

---------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:25, on 13/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ChaosSoft\TransText\TransText.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Serge\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Atlog multimédia V3.lnk = C:\Program Files\AtlogMtm\Atlback3.exe
O4 - Global Startup: TransText.lnk = C:\Program Files\ChaosSoft\TransText\TransText.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B413BCD6-40D8-4B14-A408-CF0DAA6ED791}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6541 bytes

Angeldark

Profil : Helper

Plus d'informations

13-11-2007 à 18:29:05

Masquer

Pas le bon rapport Combofix, j'ai demandé celui avec l'utilisation de CFScript.

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

sergio_171 2

Profil : IDNaute

Plus d'informations

14-11-2007 à 08:14:52

Masquer

Bonjour,

Excuses :pt1cable: - le voici :

ComboFix 07-11-08.1 - Serge 13/11/2007 18:12:58.2 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.728 [GMT 1:00]
Running from: C:\Documents and Settings\Serge\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Serge\Bureau\CFScript.txt

FILE
C:\WINNT\ddbawu.dll
C:\WINNT\geedef.dll
C:\WINNT\hgfghh.dll
C:\WINNT\qommmj.dll
C:\WINNT\ssrpol.dll
C:\WINNT\system32\dmad100.dll
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\ddbawu.dll
C:\WINNT\geedef.dll
C:\WINNT\hgfghh.dll
C:\WINNT\qommmj.dll
C:\WINNT\ssrpol.dll
C:\WINNT\system32\dmad100.dll
C:\WINNT\system32\dn1870210d.dat

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 16:42 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-13 15:26 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-11-13 15:26 301,712 --a--c--- C:\WINNT\system32\dllcache\drmclien.dll
2007-11-13 15:26 192,512 --a--c--- C:\WINNT\system32\dllcache\unregmp2.exe
2007-11-13 15:26 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-11-13 15:26 82,432 --a--c--- C:\WINNT\system32\dllcache\drmstor.dll
2007-11-13 15:26 9,728 --a--c--- C:\WINNT\system32\dllcache\npwmsdrm.dll
2007-11-09 16:04 26 --a------ C:\WINNT\system32\ipconf.bat
2007-10-29 11:12 <DIR> d-------- C:\Program Files\Volo View Express
2007-10-26 16:28 <DIR> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 17:16 81,984 ----a-w C:\WINNT\system32\bdod.bin
2007-11-13 17:08 --------- d-----w C:\Documents and Settings\Serge\Application Data\Skype
2007-11-13 14:26 --------- d-----w C:\Program Files\Fichiers communs\Adaptec Shared
2007-11-13 10:40 --------- d-----w C:\Program Files\BeClean
2007-11-13 10:30 --------- d-----w C:\Documents and Settings\Serge\Application Data\EoRezo
2007-10-29 10:12 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2007-10-23 06:06 --------- d-----w C:\Program Files\XoftSpySE
2007-10-15 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-11 06:12 --------- d-----w C:\Program Files\SereneScreen
2007-10-05 08:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 14:13 846 ----a-w C:\Sauve_Serge.bat
2007-09-20 07:12 --------- d-----w C:\Program Files\Seagrand
2007-09-18 14:42 --------- d-----w C:\Program Files\PopTray
2007-09-17 13:26 --------- d-----w C:\Program Files\ChaosSoft
2007-08-20 11:39 50,688 ----a-w C:\WINNT\system32\INETRES.DLL
2007-08-20 11:39 44,032 ----a-w C:\WINNT\system32\MSIDENT.DLL
2007-08-20 11:39 229,376 ----a-w C:\WINNT\system32\MSOEACCT.DLL
2007-08-19 15:55 91,136 ----a-w C:\WINNT\system32\MSOERT2.DLL
2007-08-19 15:55 596,992 ----a-w C:\WINNT\system32\INETCOMM.DLL
2007-08-17 06:48 448,272 ----a-w C:\WINNT\system32\oieng400.dll
2007-08-17 06:48 39,184 ----a-w C:\WINNT\system32\jpeg2x32.dll
2007-08-17 06:48 33,552 ----a-w C:\WINNT\system32\tifflt.dll
2006-08-03 14:18 457 ----a-w C:\Program Files\INSTALL.LOG
2006-02-23 15:56 271 ---h--w C:\Program Files\desktop.ini
2006-02-23 15:56 22,115 ---h--w C:\Program Files\folder.htt
2003-06-23 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 13:00 C:\WINNT\system32\mobsync.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 03:00 ]
"BDNewsAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe" [05-06-09 11:28 ]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [05-03-11 18:53 ]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [06-06-22 15:26 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [05-11-15 20:21 ]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07-07-02 16:10 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
WcesWlgn.dll 05-11-15 19:44 7168 C:\WINNT\system32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\WINNT\system32\DRIVERS\usbhub20.sys
S2 KeyP;KeyP;\??\C:\WINNT\system32\Drivers\KeyP.sys
S3 DTVFW;LITE-ON DVB-T USB adapter firmware;C:\WINNT\system32\DRIVERS\dtvfw.sys
S3 FTLUND;Lundinova Filter Driver;C:\WINNT\system32\drivers\ftlund.sys
S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys
S3 usbdtv;LITE-ON DVB-T (PID=F001) receiver;C:\WINNT\system32\Drivers\usbdtv.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-13 11:46:06 C:\WINNT\Tasks\Sauve_Serge.job"
- C:\Sauve_Serge.bat
"2007-11-13 07:09:39 C:\WINNT\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 18:19:06
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_2fc.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-13 18:20:29 - machine was rebooted
C:\ComboFix2.txt ... 07-11-13 16:54
.
--- E O F ---