Virus Search Daily
Forum Sécurité - Virus : Virus Search Daily
Allo, je suis présentement infecté par search daily et je suis incapable de l'enlever malgré avast, kasperky, spyware blaster et ad-aware, voila moi rapport de Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:32, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckac.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2D5015E6-76CF-4044-9A8A-2FD888C303FF} - c:\windows\system32\dpnhpastk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F34A8219-6DB5-491F-B659-21001433B930} - C:\WINDOWS\system32\dpvoiceo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: xhijyzad - C:\WINDOWS\SYSTEM32\dpnhpastk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
--
End of file - 9339 bytes
Bonjour,
Désactive tes protections résidentes (antivirus...) !
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
eh voila
ComboFix 07-12-21.4 - Suzanne 2007-12-21 18:06:18.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.378 [GMT -5:00]
Running from: C:\Documents and Settings\Suzanne\Local Settings\Temporary Internet Files\Content.IE5\CNGNK3M5\ComboFix[1].exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Suzanne\Application Data\macromedia\Flash Player\#SharedObjects\BHG2RN4E\www.broadcaster.com
C:\Documents and Settings\Suzanne\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Suzanne\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\~.exe . . . . Echec de suppression
C:\WINDOWS\system32\dpnhpastk.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:48 . 2008-01-02 10:39 113,152 --a------ C:\FICHEINSCRIPETUDIANT_STAGEGROUPE_JL FEV07.DOC
2007-12-31 13:48 . 2007-12-31 19:54 112,128 ---h----- C:\~WRL2351.tmp
2007-12-31 13:48 . 2007-12-31 20:18 111,616 ---h----- C:\~WRL3243.tmp
2007-12-31 13:48 . 2007-12-31 20:13 111,104 ---h----- C:\~WRL4045.tmp
2007-12-31 13:48 . 2007-12-31 19:57 111,104 ---h----- C:\~WRL0677.tmp
2007-12-21 14:53 . 2007-12-21 14:53 <REP> d-------- C:\Program Files\Trend Micro
2007-12-19 18:43 . 2007-12-19 18:44 <REP> d-------- C:\Program Files\CDDC-MahJongg
2007-12-19 16:34 . 2007-12-19 16:35 <REP> d-------- C:\Program Files\SpywareBlaster
2007-12-19 15:24 . 2007-12-19 15:24 <REP> d-------- C:\Program Files\Alwil Software
2007-12-19 15:24 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-19 15:24 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-19 15:24 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-19 15:24 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-19 15:24 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-19 15:24 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-19 15:24 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-19 15:24 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-19 14:14 . 2007-12-19 14:14 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-19 14:14 . 2007-12-19 14:14 741,632 --a------ C:\WINDOWS\system32\ulnwjsrl.dat
2007-12-19 14:14 . 2007-12-19 14:14 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-19 14:14 . 2007-12-19 14:14 42,240 --a------ C:\WINDOWS\system32\nqjikqnq.dat
2007-12-19 14:14 . 2007-12-19 14:14 36,096 --a------ C:\WINDOWS\system32\cdzwrrft.dat
2007-12-19 14:14 . 2007-12-19 14:14 35,072 --a------ C:\WINDOWS\system32\wpzcnfsy.dat
2007-12-19 11:29 . 2007-12-19 11:29 <REP> d-------- C:\Program Files\Lavasoft
2007-12-19 11:29 . 2007-12-19 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-18 14:08 . 2007-12-21 14:25 120,576 --a------ C:\WINDOWS\system32\fumksjin.dat
2007-12-18 13:59 . 2004-08-03 19:54 84,480 --a------ C:\WINDOWS\system32\dpnhpastk.dll
2007-12-18 13:59 . 19,584 C:\WINDOWS\system32\drivers\lqpvteif.dat
2007-12-18 13:58 . 2007-12-18 14:12 <REP> d-------- C:\WINDOWS\system32\AppCert
2007-12-18 13:58 . 2004-08-03 19:54 84,992 --a------ C:\WINDOWS\system32\dpvoiceo.dll
2007-12-18 13:57 . 2007-12-18 13:58 21,504 --a------ C:\WINDOWS\system32\~.exe
2007-11-23 19:13 . 2007-11-23 19:13 <REP> d-------- C:\Program Files\Audacity
2007-11-23 19:11 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-23 19:11 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-23 16:17 . 2007-12-18 13:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-23 16:17 . 2007-11-23 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 23:54 --------- d-----w C:\Documents and Settings\Suzanne\Application Data\HP
2008-01-10 20:21 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-10 20:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-10 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-10 20:09 --------- d-----w C:\Program Files\Symantec
2007-12-21 23:10 --------- d-----w C:\Program Files\Steam
2007-12-21 22:57 --------- d-----w C:\Documents and Settings\Suzanne\Application Data\OpenOffice.org2
2007-12-19 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 21:03 --------- d-----w C:\Program Files\MAIET
2007-12-19 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2003-08-17 05:59 5,882,880 ----a-w C:\Program Files\ff7.exe
1998-09-14 19:39 448,000 ----a-w C:\Program Files\FF7Config.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D5015E6-76CF-4044-9A8A-2FD888C303FF}]
2004-08-03 19:54 84480 --a------ c:\windows\system32\dpnhpastk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F34A8219-6DB5-491F-B659-21001433B930}]
2004-08-03 19:54 84992 --a------ C:\WINDOWS\system32\dpvoiceo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:54]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 13:48]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 11:00]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-29 19:52]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 02:00 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 20:43]
"AS00_Gear311T"="C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-11-11 18:29]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 09:19]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 19:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xhijyzad]
dpnhpastk.dll 2004-08-03 19:54 84480 C:\WINDOWS\system32\dpnhpastk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R0 gkyrterk;gkyrterk;C:\WINDOWS\system32\drivers\lqpvteif.dat []
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16:43]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-08-13 15:37]
S2 xhnffddy;USB to IEEE-1284.4 Translation HPZius12Controller;C:\WINDOWS\System32\svchost.exe -k netsvcs []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xhnffddy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3ec684-a0e6-11db-83c4-00095be80083}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 18:10:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\AppCert\prx93f.dll
.
Completion time: 2007-12-21 18:12:02 - machine was rebooted
.
2007-12-19 21:02:08 --- E O F ---
Tu peux relancer Combofix ?
Répondre à Angeldark
ComboFix 07-12-21.4 - Suzanne 2007-12-22 17:49:19.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.427 [GMT -5:00]
Running from: C:\Documents and Settings\Suzanne\Local Settings\Temporary Internet Files\Content.IE5\ODER4TUJ\ComboFix[1].exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:48 . 2008-01-02 10:39 113,152 --a------ C:\FICHEINSCRIPETUDIANT_STAGEGROUPE_JL FEV07.DOC
2007-12-31 13:48 . 2007-12-31 19:54 112,128 ---h----- C:\~WRL2351.tmp
2007-12-31 13:48 . 2007-12-31 20:18 111,616 ---h----- C:\~WRL3243.tmp
2007-12-31 13:48 . 2007-12-31 20:13 111,104 ---h----- C:\~WRL4045.tmp
2007-12-31 13:48 . 2007-12-31 19:57 111,104 ---h----- C:\~WRL0677.tmp
2007-12-21 14:53 . 2007-12-21 14:53 <REP> d-------- C:\Program Files\Trend Micro
2007-12-19 18:43 . 2007-12-19 18:44 <REP> d-------- C:\Program Files\CDDC-MahJongg
2007-12-19 16:34 . 2007-12-19 16:35 <REP> d-------- C:\Program Files\SpywareBlaster
2007-12-19 15:24 . 2007-12-19 15:24 <REP> d-------- C:\Program Files\Alwil Software
2007-12-19 15:24 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-19 15:24 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-19 15:24 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-19 15:24 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-19 15:24 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-19 15:24 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-19 15:24 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-19 15:24 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-19 14:14 . 2007-12-19 14:14 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-19 14:14 . 2007-12-19 14:14 741,632 --a------ C:\WINDOWS\system32\ulnwjsrl.dat
2007-12-19 14:14 . 2007-12-19 14:14 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-19 14:14 . 2007-12-19 14:14 42,240 --a------ C:\WINDOWS\system32\nqjikqnq.dat
2007-12-19 14:14 . 2007-12-19 14:14 36,096 --a------ C:\WINDOWS\system32\cdzwrrft.dat
2007-12-19 14:14 . 2007-12-19 14:14 35,072 --a------ C:\WINDOWS\system32\wpzcnfsy.dat
2007-12-19 11:29 . 2007-12-19 11:29 <REP> d-------- C:\Program Files\Lavasoft
2007-12-19 11:29 . 2007-12-19 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-18 14:08 . 2007-12-21 14:25 120,576 --a------ C:\WINDOWS\system32\fumksjin.dat
2007-12-18 13:59 . 2004-08-03 19:54 84,480 --a------ C:\WINDOWS\system32\dpnhpastk.dll
2007-12-18 13:59 . 19,584 C:\WINDOWS\system32\drivers\lqpvteif.dat
2007-12-18 13:58 . 2007-12-18 14:12 <REP> d-------- C:\WINDOWS\system32\AppCert
2007-12-18 13:58 . 2004-08-03 19:54 84,992 --a------ C:\WINDOWS\system32\dpvoiceo.dll
2007-12-18 13:57 . 2007-12-18 13:58 21,504 --a------ C:\WINDOWS\system32\~.exe
2007-11-23 19:13 . 2007-11-23 19:13 <REP> d-------- C:\Program Files\Audacity
2007-11-23 19:11 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-23 19:11 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-23 16:17 . 2007-12-18 13:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-23 16:17 . 2007-11-23 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 23:54 --------- d-----w C:\Documents and Settings\Suzanne\Application Data\HP
2008-01-10 20:21 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-10 20:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-10 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-10 20:09 --------- d-----w C:\Program Files\Symantec
2007-12-22 22:53 --------- d-----w C:\Program Files\Steam
2007-12-22 22:53 --------- d-----w C:\Documents and Settings\Suzanne\Application Data\OpenOffice.org2
2007-12-19 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 21:03 --------- d-----w C:\Program Files\MAIET
2007-12-19 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2005-05-12 03:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2003-08-17 05:59 5,882,880 ----a-w C:\Program Files\ff7.exe
1998-09-14 19:39 448,000 ----a-w C:\Program Files\FF7Config.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-21_18.11.26.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-22 22:52:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D5015E6-76CF-4044-9A8A-2FD888C303FF}]
2004-08-03 19:54 84480 --a------ c:\windows\system32\dpnhpastk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F34A8219-6DB5-491F-B659-21001433B930}]
2004-08-03 19:54 84992 --a------ C:\WINDOWS\system32\dpvoiceo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:54]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 13:48]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 11:00]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-29 19:52]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 02:00 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 20:43]
"AS00_Gear311T"="C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-11-11 18:29]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 09:19]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 19:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xhijyzad]
dpnhpastk.dll 2004-08-03 19:54 84480 C:\WINDOWS\system32\dpnhpastk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R0 gkyrterk;gkyrterk;C:\WINDOWS\system32\drivers\lqpvteif.dat []
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16:43]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-08-13 15:37]
S2 xhnffddy;USB to IEEE-1284.4 Translation HPZius12Controller;C:\WINDOWS\System32\svchost.exe -k netsvcs []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xhnffddy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3ec684-a0e6-11db-83c4-00095be80083}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:53:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\AppCert\prx93f.dll
.
Completion time: 2007-12-22 17:55:06 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-21 18:12
.
2007-12-22 02:04:49 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
voila combofix fait avec le fichier
ComboFix 07-12-21.4 - Suzanne 2007-12-23 8:57:30.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.385 [GMT -5:00]
Running from: C:\Documents and Settings\Suzanne\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Suzanne\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\cdzwrrft.dat
C:\WINDOWS\system32\dpnhpastk.dll
C:\WINDOWS\system32\dpvoiceo.dll
C:\WINDOWS\system32\drivers\lqpvteif.dat
C:\WINDOWS\system32\fumksjin.dat
C:\WINDOWS\system32\nqjikqnq.dat
C:\WINDOWS\system32\ulnwjsrl.dat
C:\WINDOWS\system32\wpzcnfsy.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\CDDC-MahJongg
C:\Program Files\CDDC-MahJongg\background.bmp
C:\Program Files\CDDC-MahJongg\check.exe
C:\Program Files\CDDC-MahJongg\languages\english.txt
C:\Program Files\CDDC-MahJongg\languages\french.txt
C:\Program Files\CDDC-MahJongg\layouts\Arena.lay
C:\Program Files\CDDC-MahJongg\layouts\Big Hole.lay
C:\Program Files\CDDC-MahJongg\layouts\Bizarre.lay
C:\Program Files\CDDC-MahJongg\layouts\Castle.lay
C:\Program Files\CDDC-MahJongg\layouts\Checkers.lay
C:\Program Files\CDDC-MahJongg\layouts\Crown.lay
C:\Program Files\CDDC-MahJongg\layouts\Deep Well.lay
C:\Program Files\CDDC-MahJongg\layouts\Eight Stacks.lay
C:\Program Files\CDDC-MahJongg\layouts\Full Vision.lay
C:\Program Files\CDDC-MahJongg\layouts\Gayle.lay
C:\Program Files\CDDC-MahJongg\layouts\H for Haga.lay
C:\Program Files\CDDC-MahJongg\layouts\Labyrinth.lay
C:\Program Files\CDDC-MahJongg\layouts\Pyramid.lay
C:\Program Files\CDDC-MahJongg\layouts\Screw Up.lay
C:\Program Files\CDDC-MahJongg\layouts\Seven Pyramids.lay
C:\Program Files\CDDC-MahJongg\layouts\Shanghai.lay
C:\Program Files\CDDC-MahJongg\layouts\Square.lay
C:\Program Files\CDDC-MahJongg\layouts\Step Pyramid.lay
C:\Program Files\CDDC-MahJongg\layouts\Stonehenge.lay
C:\Program Files\CDDC-MahJongg\layouts\The Great Wall.lay
C:\Program Files\CDDC-MahJongg\layouts\Theater.lay
C:\Program Files\CDDC-MahJongg\layouts\Tile Fighter.lay
C:\Program Files\CDDC-MahJongg\layouts\Tower and Walls.lay
C:\Program Files\CDDC-MahJongg\layouts\Twin Temples.lay
C:\Program Files\CDDC-MahJongg\layouts\Yummy.lay
C:\Program Files\CDDC-MahJongg\mahjongg.exe
C:\Program Files\CDDC-MahJongg\mahjongg.ini
C:\Program Files\CDDC-MahJongg\MahJongg.PDF
C:\Program Files\CDDC-MahJongg\sets\bois.zip
C:\Program Files\CDDC-MahJongg\sets\standard800.zip
C:\Program Files\CDDC-MahJongg\sounds\Bell2.wav
C:\Program Files\CDDC-MahJongg\sounds\DACTYLO.WAV
C:\Program Files\CDDC-MahJongg\sounds\GONG.WAV
C:\Program Files\CDDC-MahJongg\sounds\Notify3.wav
C:\Program Files\CDDC-MahJongg\Uninst.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\cdzwrrft.dat
C:\WINDOWS\system32\dpnhpastk.dll
C:\WINDOWS\system32\dpvoiceo.dll
C:\WINDOWS\system32\drivers\lqpvteif.dat
C:\WINDOWS\system32\fumksjin.dat
C:\WINDOWS\system32\nqjikqnq.dat
C:\WINDOWS\system32\ulnwjsrl.dat
C:\WINDOWS\system32\wpzcnfsy.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_GKYRTERK
-------\gkyrterk
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:48 . 2008-01-02 10:39 113,152 --a------ C:\FICHEINSCRIPETUDIANT_STAGEGROUPE_JL FEV07.DOC
2007-12-31 13:48 . 2007-12-31 19:54 112,128 ---h----- C:\~WRL2351.tmp
2007-12-31 13:48 . 2007-12-31 20:18 111,616 ---h----- C:\~WRL3243.tmp
2007-12-31 13:48 . 2007-12-31 20:13 111,104 ---h----- C:\~WRL4045.tmp
2007-12-31 13:48 . 2007-12-31 19:57 111,104 ---h----- C:\~WRL0677.tmp
2007-12-21 14:53 . 2007-12-21 14:53 <REP> d-------- C:\Program Files\Trend Micro
2007-12-19 16:34 . 2007-12-19 16:35 <REP> d-------- C:\Program Files\SpywareBlaster
2007-12-19 15:24 . 2007-12-19 15:24 <REP> d-------- C:\Program Files\Alwil Software
2007-12-19 14:14 . 2007-12-19 14:14 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-19 14:14 . 2007-12-19 14:14 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-19 11:29 . 2007-12-19 11:29 <REP> d-------- C:\Program Files\Lavasoft
2007-12-19 11:29 . 2007-12-19 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-18 13:58 . 2007-12-18 14:12 <REP> d-------- C:\WINDOWS\system32\AppCert
2007-11-23 19:13 . 2007-11-23 19:13 <REP> d-------- C:\Program Files\Audacity
2007-11-23 19:11 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-23 19:11 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-23 16:17 . 2007-12-18 13:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-23 16:17 . 2007-11-23 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 23:54 --------- d-----w C:\Documents and Settings\Suzanne\Application Data\HP
2008-01-10 20:21 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-10 20:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-10 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-10 20:09 --------- d-----w C:\Program Files\Symantec
2007-12-23 14:02 --------- d-----w C:\Program Files\Steam
2007-12-23 13:38 --------- d-----w C:\Documents and Settings\Suzanne\Application Data\OpenOffice.org2
2007-12-19 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 21:03 --------- d-----w C:\Program Files\MAIET
2007-12-19 16:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2003-08-17 05:59 5,882,880 ----a-w C:\Program Files\ff7.exe
1998-09-14 19:39 448,000 ----a-w C:\Program Files\FF7Config.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-21_18.11.26.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:54]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 13:48]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 11:00]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-29 19:52]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 02:00 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-03 20:43]
"AS00_Gear311T"="C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-11-11 18:29]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 09:19]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 19:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16:43]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-08-13 15:37]
S2 xhnffddy;USB to IEEE-1284.4 Translation HPZius12Controller;C:\WINDOWS\System32\svchost.exe -k netsvcs []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xhnffddy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f3ec684-a0e6-11db-83c4-00095be80083}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 09:02:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-23 9:03:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-22 17:55
C:\ComboFix3.txt ... 2007-12-21 18:12
.
2007-12-22 02:04:49 --- E O F ---
Plus Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:39, on 2007-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ckac.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
--
End of file - 7868 bytes
C'est mieux ?
Répondre à Angeldark
Il y a 561 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
