Analse "HIJACK THIS"

gygy10 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
pouvez vous m aider j ai des gros soucis avec mon PC, je n ai plus de son "sauf sons wiindows" et il redemare toujours en analyse systéme. Merci pour le coup de main, je joins une analyse HIJACK THIS.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:14, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pascal\Mes documents\logiciels\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1210161043343
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 7660 bytes
Configuration: Windows XP
Internet Explorer 6.0

2 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    tu as F SECURE et AVAST???? si tu garde les deux l'ordi va planter!!!!

    https://www.avast.com/fr-fr/uninstall-utility

    _____________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ______________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ______________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
    1. gygy10
       
      voila le rapport combo fix

      ComboFix 08-05-11.1 - pascal 2008-05-12 13:16:18.1 - [color=red][b]FAT32[/b][/color]x86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.615 [GMT 2:00]
      Endroit: C:\Documents and Settings\pascal\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt.dat
      C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt.exe
      C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt_nav.dat
      C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt_navps.dat

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-12 13:06 . 2008-05-12 13:06 <REP> d-------- C:\WINDOWS\system32\fr-fr
      2008-05-12 13:06 . 2008-05-12 13:06 759 --a------ C:\WINDOWS\system32\spupdsvc.inf
      2008-05-12 13:02 . 2008-05-12 13:02 <REP> d-------- C:\WINDOWS\LastGood
      2008-05-12 13:02 . 2008-05-12 13:04 1,374 --a------ C:\WINDOWS\imsins.BAK
      2008-05-11 09:19 . 2008-05-11 09:19 <REP> d--hs---- C:\FOUND.009
      2008-05-10 19:30 . 2008-05-10 19:30 <REP> d--hs---- C:\FOUND.008
      2008-05-10 07:26 . 2008-05-10 07:26 <REP> d--hs---- C:\FOUND.007
      2008-05-08 13:08 . 2008-05-08 13:08 <REP> d-------- C:\4061787507d7d49e3b
      2008-05-07 18:38 . 2008-05-07 18:38 <REP> d--hs---- C:\FOUND.006
      2008-05-07 12:15 . 2008-05-07 12:15 <REP> d--hs---- C:\FOUND.005
      2008-05-07 11:43 . 2008-05-07 11:43 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-05-07 11:43 . 2008-05-07 11:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-07 07:44 . 2008-05-07 07:44 <REP> d--hs---- C:\FOUND.004
      2008-05-06 16:59 . 2008-05-06 16:59 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
      2008-05-06 15:25 . 2008-05-06 15:25 <REP> d--hs---- C:\FOUND.003
      2008-05-06 14:23 . 2008-05-06 14:23 1,019 --a------ C:\WINDOWS\ATICIM.INI
      2008-05-06 14:22 . 2008-05-06 14:22 <REP> d-------- C:\ATI
      2008-05-06 14:12 . 2008-05-06 14:12 <REP> d-------- C:\WINDOWS\Downloaded Installations
      2008-05-06 14:12 . 2008-05-06 14:12 <REP> d-------- C:\Program Files\SymplisIT
      2008-05-06 14:12 . 2008-05-06 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SymplisIT
      2008-05-06 14:09 . 2008-05-06 14:09 <REP> d-------- C:\Program Files\Lavalys
      2008-05-06 12:02 . 2008-05-06 12:02 <REP> d--hs---- C:\FOUND.002
      2008-05-06 11:45 . 2008-05-06 11:45 <REP> d--hs---- C:\FOUND.001
      2008-05-06 07:27 . 2008-05-06 07:27 <REP> d--hs---- C:\FOUND.000
      2008-05-05 16:16 . 2008-05-05 16:16 <REP> d--hs---- C:\FOUND.106
      2008-05-04 14:50 . 2008-05-04 14:50 244 --ah----- C:\sqmnoopt02.sqm
      2008-05-04 14:50 . 2008-05-04 14:50 232 --ah----- C:\sqmdata02.sqm
      2008-05-04 11:25 . 2008-05-04 11:25 <REP> d--hs---- C:\FOUND.105
      2008-05-04 08:25 . 2008-05-04 08:25 <REP> d--hs---- C:\FOUND.104
      2008-05-03 19:01 . 2008-05-03 19:01 244 --ah----- C:\sqmnoopt01.sqm
      2008-05-03 19:01 . 2008-05-03 19:01 232 --ah----- C:\sqmdata01.sqm
      2008-05-03 07:12 . 2008-05-03 07:12 <REP> d--hs---- C:\FOUND.103
      2008-05-02 20:09 . 2008-05-02 20:09 <REP> d-------- C:\WINDOWS\system32\LogFiles
      2008-05-02 17:23 . 2008-05-02 17:23 <REP> d--hs---- C:\FOUND.102
      2008-05-02 16:56 . 2008-05-02 16:56 <REP> d--hs---- C:\FOUND.101
      2008-05-02 13:28 . 2008-05-02 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
      2008-05-02 13:17 . 2008-05-02 13:17 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Uniblue
      2008-05-02 12:43 . 2008-05-02 12:43 <REP> d--hs---- C:\FOUND.100
      2008-05-02 11:05 . 2008-05-02 11:05 <REP> d--hs---- C:\FOUND.099
      2008-05-02 11:00 . 2008-05-02 11:00 <REP> d-------- C:\Program Files\Alwil Software
      2008-05-02 10:07 . 2008-05-02 10:07 <REP> d--hs---- C:\FOUND.098
      2008-04-30 19:55 . 2008-04-30 19:55 <REP> d--hs---- C:\FOUND.097
      2008-04-30 15:03 . 2008-04-30 15:03 <REP> d--hs---- C:\FOUND.096
      2008-04-30 14:04 . 2008-04-30 14:04 <REP> d--hs---- C:\FOUND.095
      2008-04-30 11:11 . 2008-04-30 11:11 <REP> d--hs---- C:\FOUND.094
      2008-04-30 10:32 . 2008-04-30 10:32 <REP> d--hs---- C:\FOUND.093
      2008-04-29 19:10 . 2008-04-29 19:10 <REP> d--hs---- C:\FOUND.092
      2008-04-29 18:00 . 2008-04-29 18:00 <REP> d--hs---- C:\FOUND.091
      2008-04-28 12:48 . 2008-04-28 12:48 <REP> d--hs---- C:\FOUND.090
      2008-04-28 11:59 . 2008-04-28 11:59 <REP> d-------- C:\Program Files\Ubisoft
      2008-04-27 20:19 . 2008-04-27 20:19 <REP> d--hs---- C:\FOUND.089
      2008-04-27 19:42 . 2008-04-27 19:42 <REP> d--hs---- C:\FOUND.088
      2008-04-27 19:14 . 2006-05-03 18:50 1,540,608 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
      2008-04-27 19:14 . 2006-05-03 18:50 1,540,608 --a------ C:\WINDOWS\system32\dllcache\ati2mtag.sys
      2008-04-27 18:58 . 2008-04-27 18:58 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
      2008-04-27 07:52 . 2008-04-27 07:52 <REP> d--hs---- C:\FOUND.087
      2008-04-26 05:57 . 2008-04-26 05:57 <REP> d--hs---- C:\FOUND.086
      2008-04-25 18:17 . 2008-04-25 18:17 <REP> d--hs---- C:\FOUND.085
      2008-04-25 14:35 . 2008-04-25 14:35 <REP> d--hs---- C:\FOUND.084
      2008-04-25 14:20 . 2008-04-25 14:20 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
      2008-04-25 13:39 . 2008-04-25 13:39 <REP> d-------- C:\Documents and Settings\pascal\Application Data\AdobeUM
      2008-04-24 20:54 . 2008-04-24 20:54 <REP> d--hs---- C:\FOUND.083
      2008-04-24 08:31 . 2008-04-24 08:31 <REP> d--hs---- C:\FOUND.082
      2008-04-23 20:28 . 2008-04-23 20:28 <REP> d--hs---- C:\FOUND.081
      2008-04-23 14:11 . 2008-04-23 14:11 <REP> d-------- C:\WINDOWS\system32\Adobe
      2008-04-19 23:17 . 2008-04-19 23:17 <REP> d--hs---- C:\FOUND.080
      2008-04-19 17:42 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
      2008-04-19 17:42 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
      2008-04-19 17:42 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      2008-04-19 17:42 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
      2008-04-19 17:42 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
      2008-04-19 17:42 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
      2008-04-19 17:42 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
      2008-04-19 17:42 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
      2008-04-19 17:42 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
      2008-04-19 17:42 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
      2008-04-19 13:40 . 2008-04-19 13:40 <REP> d-------- C:\WINDOWS\system32\windows media
      2008-04-19 13:37 . 2008-04-19 13:37 <REP> d-------- C:\Program Files\NRJ
      2008-04-17 09:15 . 2008-04-17 09:15 <REP> d--hs---- C:\FOUND.079
      2008-04-16 14:28 . 2008-04-16 14:28 <REP> d--hs---- C:\FOUND.078
      2008-04-16 07:36 . 2008-04-16 07:36 <REP> d--hs---- C:\FOUND.077
      2008-04-16 05:57 . 2008-04-16 05:57 <REP> d--hs---- C:\FOUND.076
      2008-04-15 14:57 . 2008-04-15 14:57 <REP> d--hs---- C:\FOUND.075
      2008-04-15 08:32 . 2008-04-15 08:32 <REP> d--hs---- C:\FOUND.074
      2008-04-15 06:03 . 2008-04-15 06:03 <REP> d--hs---- C:\FOUND.073
      2008-04-14 10:03 . 2008-04-14 10:03 <REP> d--hs---- C:\FOUND.072
      2008-04-12 16:39 . 2008-04-12 16:39 <REP> d-------- C:\SEGA
      2008-04-12 16:39 . 1996-12-11 04:00 32,768 --------- C:\WINDOWS\SKUNINST.EXE
      2008-04-12 16:39 . 1996-12-26 04:00 31,744 --------- C:\WINDOWS\SonicKFR.DLL
      2008-04-12 16:39 . 1996-12-11 04:00 23,552 --------- C:\WINDOWS\MsgV2FR.DLL
      2008-04-12 16:39 . 2008-04-12 16:39 360 --a------ C:\WINDOWS\Sonic3K.INI
      2008-04-12 13:25 . 2008-04-12 13:25 <REP> d-------- C:\Program Files\Mindscape
      2008-04-12 12:46 . 2008-04-12 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
      2008-04-12 12:43 . 2008-04-12 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-25 12:23 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
      2008-04-25 12:23 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
      2008-04-05 15:00 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
      2008-04-05 15:00 221,184 ----a-w C:\WINDOWS\system32\wrap_oal.dll
      2008-04-05 14:53 --------- d-----w C:\Program Files\Eidos
      2008-04-05 11:33 --------- d-----w C:\Program Files\Eidos Interactive
      2008-04-03 06:23 --------- d-----w C:\Documents and Settings\pascal\Application Data\EoRezo
      2008-03-24 17:59 --------- d-----w C:\Program Files\Anuman Interactive
      2008-03-20 13:24 90,112 ----a-w C:\WINDOWS\DUMP2710.tmp
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-17 06:17 90,112 ----a-w C:\WINDOWS\DUMP225c.tmp
      2008-03-15 11:05 --------- d-----w C:\Documents and Settings\pascal\Application Data\MSN6
      2008-03-15 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
      2008-03-15 09:47 90,112 ----a-w C:\WINDOWS\DUMP1ef1.tmp
      2008-03-06 15:07 90,112 ----a-w C:\WINDOWS\DUMP3d86.tmp
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-16 22:32 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
      2003-06-17 16:40 9,721,104 ----a-w C:\Program Files\trueinst.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 15:28 68856]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 15:30 335872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.enc"= ITIG726.acm
      "vidc.dvsd"= dvc.dll
      "VIDC.SP54"= SP5X_32.DLL
      "VIDC.SP55"= SP5X_32.DLL
      "VIDC.SP56"= SP5X_32.DLL
      "VIDC.SP57"= SP5X_32.DLL
      "VIDC.SP58"= SP5X_32.DLL

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-25 14:23]
      R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 03:48]
      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2008-04-25 14:21]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 06:50]
      R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
      S2 Ca536av;DigitalCam Pro Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2004-05-21 20:21]
      S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
      S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
      S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
      S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
      S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

      *Newly Created Service* - CATCHME
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-12 13:18:06
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-12 13:18:28
      ComboFix-quarantined-files.txt 2008-05-12 11:18:28

      Pre-Run: 44,553,043,968 octets libres
      Post-Run: 52,009,369,600 octets libres

      195 --- E O F --- 2008-04-08 19:09:09
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok poursuis
    0