Pb avec W32.Myzor.FK@yf
Olivier94
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai un pb avec le virus cit"é en titre.
J'ai appliqué les recommandations du forum, en particulier le scan par HiJackThis, dont voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:33, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-515967899-823518204-725345543-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Pauline')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Gestionnaire des tâches.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://skifunshop.no-ip.com/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'ai un pb avec le virus cit"é en titre.
J'ai appliqué les recommandations du forum, en particulier le scan par HiJackThis, dont voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:33, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-515967899-823518204-725345543-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Pauline')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Gestionnaire des tâches.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://skifunshop.no-ip.com/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
4 réponses
slt
desisntalle via ton panneau de configuration:
Secured_eMule toolbar
Megaupload Toolbar
__________________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dlll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)
__________________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)
3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
________________________
vire le fichier Online Add-on si present en allant dans poste de travail puis C puis programmes files:
C:\Program Files\Online Add-on
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
________________________
recolle hiajckthis et dis tes soucis actuels
a plus
desisntalle via ton panneau de configuration:
Secured_eMule toolbar
Megaupload Toolbar
__________________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Online Add-on\isfmdl.dlll
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Online Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)
__________________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)
3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
________________________
vire le fichier Online Add-on si present en allant dans poste de travail puis C puis programmes files:
C:\Program Files\Online Add-on
________________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
________________________
recolle hiajckthis et dis tes soucis actuels
a plus
Merci de tous ces conseils.
J'ai relancé HijackThis en cochant les ccases. Ca marche déjà mieux, ma page d'accueil de IE (GOOGLE) n'est plus overridée par un site de téléchargement d'antivirus.
Ci dessous le rapport de smitfraudfix :
SmitFraudFix v2.278
Rapport fait à 16:33:53,32, 02/02/2008
Executé à partir de C:\Documents and Settings\Olivier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olivier
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olivier\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Olivier\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Online Add-on\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: PDFCreator_Toolbar.dll
BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837}
TypeLib Not Found.
[!] Suspicious: PDFCreator_Toolbar.dll
Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
TypeLib Not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Je continue d'appliquer les consignes, et je te tiens au courant.
J'ai relancé HijackThis en cochant les ccases. Ca marche déjà mieux, ma page d'accueil de IE (GOOGLE) n'est plus overridée par un site de téléchargement d'antivirus.
Ci dessous le rapport de smitfraudfix :
SmitFraudFix v2.278
Rapport fait à 16:33:53,32, 02/02/2008
Executé à partir de C:\Documents and Settings\Olivier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olivier
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olivier\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Olivier\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Online Add-on\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: PDFCreator_Toolbar.dll
BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837}
TypeLib Not Found.
[!] Suspicious: PDFCreator_Toolbar.dll
Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
TypeLib Not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E3ED0946-4CE7-4760-A143-1642CD93657A}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Je continue d'appliquer les consignes, et je te tiens au courant.
La suite :
Le rapport ce Combofix :
ComboFix 08-02.02.5 - Olivier 2008-02-02 16:59:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1547 [GMT 1:00]
Endroit: C:\Documents and Settings\Olivier\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Benoît\Application Data\ShoppingReport
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))))))
.
2008-02-02 16:33 . 2008-02-02 16:33 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-01 19:24 . 2008-02-01 19:24 <REP> d-------- C:\Program Files\Trend Micro
2008-02-01 19:18 . 2008-02-01 19:18 <REP> d-------- C:\Program Files\CCleaner
2008-01-27 19:26 . 2008-01-27 19:26 <REP> d-------- C:\QUARANTINE
2008-01-21 19:30 . 2008-01-21 19:30 <REP> d-------- C:\Documents and Settings\Olivier\Application Data\dvdcss
2008-01-20 12:35 . 2008-01-20 12:35 <REP> d-------- C:\Program Files\Azureus
2008-01-13 16:06 . 2008-01-13 16:15 <REP> d-------- C:\Documents and Settings\Benoît\Application Data\U3
2008-01-13 15:52 . 2008-01-13 15:52 <REP> d-------- C:\Program Files\SuperCopier2
2008-01-07 22:15 . 2008-01-07 22:15 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-05 21:56 . 2008-01-12 22:37 <REP> d-------- C:\Program Files\mp3DirectCut
2008-01-02 22:05 . 2008-01-02 22:10 <REP> d-------- C:\TEMP\FR_Windows_XP_Pro_with_SP1a
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 15:15 --------- d-----w C:\Program Files\Secured_eMule
2008-02-02 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-02 12:03 --------- d-----w C:\Program Files\Zoom Player
2008-01-30 22:16 2,044,416 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-01-30 22:16 1,762,304 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-01-28 18:06 2,035,200 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-01-28 18:06 1,248,256 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-01-27 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 19:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-27 19:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-27 19:05 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 18:34 --------- d-----w C:\Program Files\Adverts
2008-01-27 18:34 --------- d-----w C:\Program Files\3wPlayer
2008-01-27 15:48 3,036,160 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-01-27 15:48 2,021,376 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-01-27 13:18 --------- d-----w C:\Documents and Settings\Benoît\Application Data\Azureus
2008-01-20 18:50 --------- d-----w C:\Documents and Settings\Sylvie\Application Data\Azureus
2008-01-19 22:00 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-01-19 22:00 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-01-18 17:31 2,765,824 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-01-18 17:31 1,995,264 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-01-15 21:20 3,073,536 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-01-15 21:20 1,992,704 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-01-15 17:56 --------- d-----w C:\Program Files\Java
2008-01-14 07:52 116,297 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_13_19_50_34_small.dmp.zip
2008-01-12 17:26 --------- d-----w C:\Program Files\eMule
2008-01-11 06:41 16,632,042 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_10_22_24_59_full.dmp.zip
2008-01-11 06:40 5,239,024 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-11 06:40 113,665 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_10_22_24_29_small.dmp.zip
2008-01-07 16:51 --------- d-----w C:\Program Files\MSN Messenger
2008-01-07 16:51 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 21:07 97,792 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-01-04 21:07 1,959,936 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-01-01 02:47 2,912,256 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-01 02:47 1,951,744 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-12-30 23:18 45,568 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-12-30 23:18 1,946,624 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-12-29 22:37 109,056 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-12-29 22:37 1,945,600 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-12-29 19:15 53,063 ----a-w C:\WINDOWS\system32\ClubboxUninstall.exe
2007-12-29 16:54 77,824 ----a-w C:\WINDOWS\system32\nod.dll
2007-12-26 22:26 3,047,936 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-12-26 22:26 1,934,336 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-12-24 14:47 1,933,312 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-12-20 21:55 3,045,376 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-12-20 21:55 1,929,728 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-12-11 19:52 --------- d-----w C:\Documents and Settings\Sylvie\Application Data\Creative
2007-12-08 23:31 3,174,912 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2007-12-08 23:31 1,905,152 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2007-12-07 07:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Panasonic
2007-12-06 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-12-06 12:24 --------- d-----w C:\Program Files\Creative
2007-12-06 12:23 --------- d-----w C:\Program Files\Audible
2007-12-06 12:21 --------- d--h--w C:\Program Files\Creative Installation Information
2007-12-06 12:19 --------- d-----w C:\Program Files\Fichiers communs\Creative
2007-12-04 16:44 3,040,256 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-12-04 16:44 1,867,264 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-12-02 21:52 2,959,872 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-12-02 21:52 1,865,728 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-11-30 19:13 3,067,392 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-11-15 17:54 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-11-15 17:54 1,816,064 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-11-13 17:53 273,408 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-11-13 17:53 1,814,016 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-11-08 16:11 1,797,632 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-11-07 20:15 1,794,048 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 21:51 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-11-06 21:51 1,789,952 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-11-03 21:57 299,008 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-11-02 21:28 1,778,688 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-10-31 21:28 35,544 ----a-w C:\Documents and Settings\Sylvie\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 17:06 287,744 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-10-22 17:06 1,764,864 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-10-21 17:49 35,544 ----a-w C:\Documents and Settings\Olivier\Application Data\GDIPFONTCACHEV1.DAT
2007-10-14 12:42 115,712 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-10-14 12:42 1,735,168 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-10-11 10:28 268,288 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-10-11 10:28 1,731,072 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-10-03 07:48 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-10-03 07:48 1,717,760 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-10-01 20:52 1,716,224 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-10-01 20:52 1,088,512 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-09-30 15:21 1,714,176 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-09-28 15:49 16,570,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_28_14_51_54_full.dmp.zip
2007-09-28 15:46 118,347 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_28_14_46_28_small.dmp.zip
2007-09-27 19:48 1,688,576 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-09-27 10:46 1,687,040 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-09-24 17:33 177,664 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-09-24 17:33 1,684,480 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-09-19 14:14 2,718,208 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-09-19 14:14 1,676,800 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-09-18 18:25 1,672,192 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-09-18 17:15 1,671,680 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-09-13 19:12 1,639,936 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-09-13 16:29 1,639,424 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-08-29 12:56 3,067,904 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-08-29 12:56 1,528,320 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-06-22 19:09 21,032 ----a-w C:\Documents and Settings\Benoît\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 22:11 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-11 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-04 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 02:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 06:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-06-09 02:12 135224]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
C:\Documents and Settings\Olivier\Menu D‚marrer\Programmes\D‚marrage\
Gestionnaire des tƒches.lnk - C:\WINDOWS\system32\taskmgr.exe [2006-03-02 13:00:00 143360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-04 22:10:59 124912]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5792733a-1764-11dc-a3e6-001a9270cd04}]
\Shell\AutoRun\command - J:\start.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 17:01:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-02 17:02:26
ComboFix-quarantined-files.txt 2008-02-02 16:02:18
.
2008-01-09 18:46:38 --- E O F ---
Le rapport final de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:07, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Gestionnaire des tâches.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://skifunshop.no-ip.com/activex/AxisCamControl.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Le rapport ce Combofix :
ComboFix 08-02.02.5 - Olivier 2008-02-02 16:59:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1547 [GMT 1:00]
Endroit: C:\Documents and Settings\Olivier\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Benoît\Application Data\ShoppingReport
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Benoît\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Sylvie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))))))
.
2008-02-02 16:33 . 2008-02-02 16:33 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-01 19:24 . 2008-02-01 19:24 <REP> d-------- C:\Program Files\Trend Micro
2008-02-01 19:18 . 2008-02-01 19:18 <REP> d-------- C:\Program Files\CCleaner
2008-01-27 19:26 . 2008-01-27 19:26 <REP> d-------- C:\QUARANTINE
2008-01-21 19:30 . 2008-01-21 19:30 <REP> d-------- C:\Documents and Settings\Olivier\Application Data\dvdcss
2008-01-20 12:35 . 2008-01-20 12:35 <REP> d-------- C:\Program Files\Azureus
2008-01-13 16:06 . 2008-01-13 16:15 <REP> d-------- C:\Documents and Settings\Benoît\Application Data\U3
2008-01-13 15:52 . 2008-01-13 15:52 <REP> d-------- C:\Program Files\SuperCopier2
2008-01-07 22:15 . 2008-01-07 22:15 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-05 21:56 . 2008-01-12 22:37 <REP> d-------- C:\Program Files\mp3DirectCut
2008-01-02 22:05 . 2008-01-02 22:10 <REP> d-------- C:\TEMP\FR_Windows_XP_Pro_with_SP1a
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 15:15 --------- d-----w C:\Program Files\Secured_eMule
2008-02-02 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-02 12:03 --------- d-----w C:\Program Files\Zoom Player
2008-01-30 22:16 2,044,416 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-01-30 22:16 1,762,304 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-01-28 18:06 2,035,200 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-01-28 18:06 1,248,256 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-01-27 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 19:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-27 19:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-27 19:05 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 18:34 --------- d-----w C:\Program Files\Adverts
2008-01-27 18:34 --------- d-----w C:\Program Files\3wPlayer
2008-01-27 15:48 3,036,160 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-01-27 15:48 2,021,376 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-01-27 13:18 --------- d-----w C:\Documents and Settings\Benoît\Application Data\Azureus
2008-01-20 18:50 --------- d-----w C:\Documents and Settings\Sylvie\Application Data\Azureus
2008-01-19 22:00 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-01-19 22:00 1,997,824 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-01-18 17:31 2,765,824 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-01-18 17:31 1,995,264 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-01-15 21:20 3,073,536 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-01-15 21:20 1,992,704 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-01-15 17:56 --------- d-----w C:\Program Files\Java
2008-01-14 07:52 116,297 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_13_19_50_34_small.dmp.zip
2008-01-12 17:26 --------- d-----w C:\Program Files\eMule
2008-01-11 06:41 16,632,042 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_10_22_24_59_full.dmp.zip
2008-01-11 06:40 5,239,024 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-11 06:40 113,665 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_10_22_24_29_small.dmp.zip
2008-01-07 16:51 --------- d-----w C:\Program Files\MSN Messenger
2008-01-07 16:51 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 21:07 97,792 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-01-04 21:07 1,959,936 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-01-01 02:47 2,912,256 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-01 02:47 1,951,744 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-12-30 23:18 45,568 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-12-30 23:18 1,946,624 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-12-29 22:37 109,056 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-12-29 22:37 1,945,600 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-12-29 19:15 53,063 ----a-w C:\WINDOWS\system32\ClubboxUninstall.exe
2007-12-29 16:54 77,824 ----a-w C:\WINDOWS\system32\nod.dll
2007-12-26 22:26 3,047,936 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-12-26 22:26 1,934,336 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-12-24 14:47 1,933,312 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-12-20 21:55 3,045,376 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-12-20 21:55 1,929,728 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-12-11 19:52 --------- d-----w C:\Documents and Settings\Sylvie\Application Data\Creative
2007-12-08 23:31 3,174,912 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2007-12-08 23:31 1,905,152 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2007-12-07 07:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Panasonic
2007-12-06 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-12-06 12:24 --------- d-----w C:\Program Files\Creative
2007-12-06 12:23 --------- d-----w C:\Program Files\Audible
2007-12-06 12:21 --------- d--h--w C:\Program Files\Creative Installation Information
2007-12-06 12:19 --------- d-----w C:\Program Files\Fichiers communs\Creative
2007-12-04 16:44 3,040,256 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-12-04 16:44 1,867,264 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-12-02 21:52 2,959,872 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-12-02 21:52 1,865,728 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-11-30 19:13 3,067,392 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-11-15 17:54 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-11-15 17:54 1,816,064 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-11-13 17:53 273,408 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-11-13 17:53 1,814,016 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-11-08 16:11 1,797,632 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-11-07 20:15 1,794,048 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 21:51 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-11-06 21:51 1,789,952 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-11-03 21:57 299,008 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-11-02 21:28 1,778,688 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-10-31 21:28 35,544 ----a-w C:\Documents and Settings\Sylvie\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 17:06 287,744 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-10-22 17:06 1,764,864 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-10-21 17:49 35,544 ----a-w C:\Documents and Settings\Olivier\Application Data\GDIPFONTCACHEV1.DAT
2007-10-14 12:42 115,712 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-10-14 12:42 1,735,168 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-10-11 10:28 268,288 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-10-11 10:28 1,731,072 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-10-03 07:48 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-10-03 07:48 1,717,760 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-10-01 20:52 1,716,224 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-10-01 20:52 1,088,512 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-09-30 15:21 1,714,176 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-09-28 15:49 16,570,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_28_14_51_54_full.dmp.zip
2007-09-28 15:46 118,347 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_28_14_46_28_small.dmp.zip
2007-09-27 19:48 1,688,576 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-09-27 10:46 1,687,040 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-09-24 17:33 177,664 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-09-24 17:33 1,684,480 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-09-19 14:14 2,718,208 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-09-19 14:14 1,676,800 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-09-18 18:25 1,672,192 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-09-18 17:15 1,671,680 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-09-13 19:12 1,639,936 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-09-13 16:29 1,639,424 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-08-29 12:56 3,067,904 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-08-29 12:56 1,528,320 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-06-22 19:09 21,032 ----a-w C:\Documents and Settings\Benoît\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 22:11 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-11 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-04 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 02:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 06:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-06-09 02:12 135224]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
C:\Documents and Settings\Olivier\Menu D‚marrer\Programmes\D‚marrage\
Gestionnaire des tƒches.lnk - C:\WINDOWS\system32\taskmgr.exe [2006-03-02 13:00:00 143360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-04 22:10:59 124912]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5792733a-1764-11dc-a3e6-001a9270cd04}]
\Shell\AutoRun\command - J:\start.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 17:01:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-02 17:02:26
ComboFix-quarantined-files.txt 2008-02-02 16:02:18
.
2008-01-09 18:46:38 --- E O F ---
Le rapport final de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:07, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Gestionnaire des tâches.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://skifunshop.no-ip.com/activex/AxisCamControl.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
