Sujet Précédent Sujet Suivant

Analse "HIJACK THIS"

Fermé
gygy10 - 12 mai 2008 à 12:43
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 12 mai 2008 à 13:55
Bonjour,
pouvez vous m aider j ai des gros soucis avec mon PC, je n ai plus de son "sauf sons wiindows" et il redemare toujours en analyse systéme. Merci pour le coup de main, je joins une analyse HIJACK THIS.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:14, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pascal\Mes documents\logiciels\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1210161043343
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
A voir également:

2 réponses

Réponse 1 / 2
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 mai 2008 à 12:47
slt

tu as F SECURE et AVAST???? si tu garde les deux l'ordi va planter!!!!

https://www.avast.com/fr-fr/uninstall-utility

_____________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

______________

mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

______________

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
gygy10
12 mai 2008 à 13:44
voila le rapport combo fix

ComboFix 08-05-11.1 - pascal 2008-05-12 13:16:18.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.615 [GMT 2:00]
Endroit: C:\Documents and Settings\pascal\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt.dat
C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt.exe
C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt_nav.dat
C:\Documents and Settings\pascal\Local Settings\Application Data\uvqacdipjt_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.

2008-05-12 13:06 . 2008-05-12 13:06 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-12 13:06 . 2008-05-12 13:06 759 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-12 13:02 . 2008-05-12 13:02 <REP> d-------- C:\WINDOWS\LastGood
2008-05-12 13:02 . 2008-05-12 13:04 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-11 09:19 . 2008-05-11 09:19 <REP> d--hs---- C:\FOUND.009
2008-05-10 19:30 . 2008-05-10 19:30 <REP> d--hs---- C:\FOUND.008
2008-05-10 07:26 . 2008-05-10 07:26 <REP> d--hs---- C:\FOUND.007
2008-05-08 13:08 . 2008-05-08 13:08 <REP> d-------- C:\4061787507d7d49e3b
2008-05-07 18:38 . 2008-05-07 18:38 <REP> d--hs---- C:\FOUND.006
2008-05-07 12:15 . 2008-05-07 12:15 <REP> d--hs---- C:\FOUND.005
2008-05-07 11:43 . 2008-05-07 11:43 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-07 11:43 . 2008-05-07 11:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 07:44 . 2008-05-07 07:44 <REP> d--hs---- C:\FOUND.004
2008-05-06 16:59 . 2008-05-06 16:59 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-06 15:25 . 2008-05-06 15:25 <REP> d--hs---- C:\FOUND.003
2008-05-06 14:23 . 2008-05-06 14:23 1,019 --a------ C:\WINDOWS\ATICIM.INI
2008-05-06 14:22 . 2008-05-06 14:22 <REP> d-------- C:\ATI
2008-05-06 14:12 . 2008-05-06 14:12 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-05-06 14:12 . 2008-05-06 14:12 <REP> d-------- C:\Program Files\SymplisIT
2008-05-06 14:12 . 2008-05-06 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-05-06 14:09 . 2008-05-06 14:09 <REP> d-------- C:\Program Files\Lavalys
2008-05-06 12:02 . 2008-05-06 12:02 <REP> d--hs---- C:\FOUND.002
2008-05-06 11:45 . 2008-05-06 11:45 <REP> d--hs---- C:\FOUND.001
2008-05-06 07:27 . 2008-05-06 07:27 <REP> d--hs---- C:\FOUND.000
2008-05-05 16:16 . 2008-05-05 16:16 <REP> d--hs---- C:\FOUND.106
2008-05-04 14:50 . 2008-05-04 14:50 244 --ah----- C:\sqmnoopt02.sqm
2008-05-04 14:50 . 2008-05-04 14:50 232 --ah----- C:\sqmdata02.sqm
2008-05-04 11:25 . 2008-05-04 11:25 <REP> d--hs---- C:\FOUND.105
2008-05-04 08:25 . 2008-05-04 08:25 <REP> d--hs---- C:\FOUND.104
2008-05-03 19:01 . 2008-05-03 19:01 244 --ah----- C:\sqmnoopt01.sqm
2008-05-03 19:01 . 2008-05-03 19:01 232 --ah----- C:\sqmdata01.sqm
2008-05-03 07:12 . 2008-05-03 07:12 <REP> d--hs---- C:\FOUND.103
2008-05-02 20:09 . 2008-05-02 20:09 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-02 17:23 . 2008-05-02 17:23 <REP> d--hs---- C:\FOUND.102
2008-05-02 16:56 . 2008-05-02 16:56 <REP> d--hs---- C:\FOUND.101
2008-05-02 13:28 . 2008-05-02 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 13:17 . 2008-05-02 13:17 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Uniblue
2008-05-02 12:43 . 2008-05-02 12:43 <REP> d--hs---- C:\FOUND.100
2008-05-02 11:05 . 2008-05-02 11:05 <REP> d--hs---- C:\FOUND.099
2008-05-02 11:00 . 2008-05-02 11:00 <REP> d-------- C:\Program Files\Alwil Software
2008-05-02 10:07 . 2008-05-02 10:07 <REP> d--hs---- C:\FOUND.098
2008-04-30 19:55 . 2008-04-30 19:55 <REP> d--hs---- C:\FOUND.097
2008-04-30 15:03 . 2008-04-30 15:03 <REP> d--hs---- C:\FOUND.096
2008-04-30 14:04 . 2008-04-30 14:04 <REP> d--hs---- C:\FOUND.095
2008-04-30 11:11 . 2008-04-30 11:11 <REP> d--hs---- C:\FOUND.094
2008-04-30 10:32 . 2008-04-30 10:32 <REP> d--hs---- C:\FOUND.093
2008-04-29 19:10 . 2008-04-29 19:10 <REP> d--hs---- C:\FOUND.092
2008-04-29 18:00 . 2008-04-29 18:00 <REP> d--hs---- C:\FOUND.091
2008-04-28 12:48 . 2008-04-28 12:48 <REP> d--hs---- C:\FOUND.090
2008-04-28 11:59 . 2008-04-28 11:59 <REP> d-------- C:\Program Files\Ubisoft
2008-04-27 20:19 . 2008-04-27 20:19 <REP> d--hs---- C:\FOUND.089
2008-04-27 19:42 . 2008-04-27 19:42 <REP> d--hs---- C:\FOUND.088
2008-04-27 19:14 . 2006-05-03 18:50 1,540,608 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-27 19:14 . 2006-05-03 18:50 1,540,608 --a------ C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-04-27 18:58 . 2008-04-27 18:58 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-04-27 07:52 . 2008-04-27 07:52 <REP> d--hs---- C:\FOUND.087
2008-04-26 05:57 . 2008-04-26 05:57 <REP> d--hs---- C:\FOUND.086
2008-04-25 18:17 . 2008-04-25 18:17 <REP> d--hs---- C:\FOUND.085
2008-04-25 14:35 . 2008-04-25 14:35 <REP> d--hs---- C:\FOUND.084
2008-04-25 14:20 . 2008-04-25 14:20 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2008-04-25 13:39 . 2008-04-25 13:39 <REP> d-------- C:\Documents and Settings\pascal\Application Data\AdobeUM
2008-04-24 20:54 . 2008-04-24 20:54 <REP> d--hs---- C:\FOUND.083
2008-04-24 08:31 . 2008-04-24 08:31 <REP> d--hs---- C:\FOUND.082
2008-04-23 20:28 . 2008-04-23 20:28 <REP> d--hs---- C:\FOUND.081
2008-04-23 14:11 . 2008-04-23 14:11 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-19 23:17 . 2008-04-19 23:17 <REP> d--hs---- C:\FOUND.080
2008-04-19 17:42 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-04-19 17:42 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-04-19 17:42 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-19 17:42 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-19 17:42 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-04-19 17:42 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-04-19 17:42 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-19 17:42 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-19 17:42 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-04-19 17:42 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-04-19 13:40 . 2008-04-19 13:40 <REP> d-------- C:\WINDOWS\system32\windows media
2008-04-19 13:37 . 2008-04-19 13:37 <REP> d-------- C:\Program Files\NRJ
2008-04-17 09:15 . 2008-04-17 09:15 <REP> d--hs---- C:\FOUND.079
2008-04-16 14:28 . 2008-04-16 14:28 <REP> d--hs---- C:\FOUND.078
2008-04-16 07:36 . 2008-04-16 07:36 <REP> d--hs---- C:\FOUND.077
2008-04-16 05:57 . 2008-04-16 05:57 <REP> d--hs---- C:\FOUND.076
2008-04-15 14:57 . 2008-04-15 14:57 <REP> d--hs---- C:\FOUND.075
2008-04-15 08:32 . 2008-04-15 08:32 <REP> d--hs---- C:\FOUND.074
2008-04-15 06:03 . 2008-04-15 06:03 <REP> d--hs---- C:\FOUND.073
2008-04-14 10:03 . 2008-04-14 10:03 <REP> d--hs---- C:\FOUND.072
2008-04-12 16:39 . 2008-04-12 16:39 <REP> d-------- C:\SEGA
2008-04-12 16:39 . 1996-12-11 04:00 32,768 --------- C:\WINDOWS\SKUNINST.EXE
2008-04-12 16:39 . 1996-12-26 04:00 31,744 --------- C:\WINDOWS\SonicKFR.DLL
2008-04-12 16:39 . 1996-12-11 04:00 23,552 --------- C:\WINDOWS\MsgV2FR.DLL
2008-04-12 16:39 . 2008-04-12 16:39 360 --a------ C:\WINDOWS\Sonic3K.INI
2008-04-12 13:25 . 2008-04-12 13:25 <REP> d-------- C:\Program Files\Mindscape
2008-04-12 12:46 . 2008-04-12 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-04-12 12:43 . 2008-04-12 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 12:23 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-25 12:23 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-05 15:00 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-05 15:00 221,184 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-05 14:53 --------- d-----w C:\Program Files\Eidos
2008-04-05 11:33 --------- d-----w C:\Program Files\Eidos Interactive
2008-04-03 06:23 --------- d-----w C:\Documents and Settings\pascal\Application Data\EoRezo
2008-03-24 17:59 --------- d-----w C:\Program Files\Anuman Interactive
2008-03-20 13:24 90,112 ----a-w C:\WINDOWS\DUMP2710.tmp
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-17 06:17 90,112 ----a-w C:\WINDOWS\DUMP225c.tmp
2008-03-15 11:05 --------- d-----w C:\Documents and Settings\pascal\Application Data\MSN6
2008-03-15 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-15 09:47 90,112 ----a-w C:\WINDOWS\DUMP1ef1.tmp
2008-03-06 15:07 90,112 ----a-w C:\WINDOWS\DUMP3d86.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:32 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2003-06-17 16:40 9,721,104 ----a-w C:\Program Files\trueinst.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 15:28 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 15:30 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"vidc.dvsd"= dvc.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-25 14:23]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 03:48]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2008-04-25 14:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 06:50]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S2 Ca536av;DigitalCam Pro Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2004-05-21 20:21]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 13:18:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-12 13:18:28
ComboFix-quarantined-files.txt 2008-05-12 11:18:28

Pre-Run: 44,553,043,968 octets libres
Post-Run: 52,009,369,600 octets libres

195 --- E O F --- 2008-04-08 19:09:09
0
Réponse 2 / 2
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 mai 2008 à 13:55
ok poursuis
0

Discussions similaires

TELECHARGER DES JEUX JAVA
undertaker3 -
neogenesis -

1 réponse
Iptv smarters pro
Jeje1385 -
MICH-Bunny -

2 réponses
Problème de 400 Bad Request
Superwoman26 -
DASILVAMENDONCA -

67 réponses
Virtual box ne lance pas la machine
GidasGael -
Yellox -

1 réponse
Impossible de lire les vidéos de certaines plateformes
John -
Mezda95 -

3 réponses