|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour.Pouvez-vous m'aider à supprimer définitivement ce rootkit asc3550p.sys mis en quarantaine c:\qoobox\quarantaine\ sous forme d'un fichier .vir.
Je vous en remercie vivement par avnace.
Ci-après rapport COMBOFIX ET HIJACKTHIS
1 COMBOFIX
ComboFix 08-05-08.1 - Administrateur 2008-05-11 0:19:11.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.618 [GMT 2:00]
Endroit: C:\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\dd\Local Settings\Temporary Internet Files\
C:\Documents and Settings\Invité\Local Settings\Temporary Internet Files\
C:\WINDOWS\system32\drivers\asc3550p.sys
.
---- Previous Run -------
.
C:\Program Files\autorun.inf
C:\WINDOWS\system32\Config.ini
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
.
2008-05-11 00:11 . 2008-05-09 22:14 1,856,057 --a------ C:\ComboFix.exe
2008-05-10 20:27 . 2008-05-10 21:13 <REP> d-------- C:\hijackthis
2008-05-10 19:08 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-09 22:36 . 2005-12-09 20:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-09 22:36 . 2005-12-09 20:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-09 22:36 . 2005-12-09 20:22 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-09 22:36 . 2005-12-09 20:22 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-09 22:36 . 2005-12-09 20:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-09 22:36 . 2005-12-09 20:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-09 22:36 . 2005-12-09 20:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-09 22:36 . 2008-05-09 22:36 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-09 22:36 . 2008-05-11 00:23 1,024 --ah----- C:\Documents and Settings\Administrateur\NtUser.dat.LOG
2008-05-09 21:58 . 2008-05-09 21:58 <REP> d--h----- C:\WINDOWS\PIF
2008-05-09 13:54 . 2008-05-09 13:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-09 10:04 . 2008-05-09 10:04 103,595,322 --a------ C:\Sauv.reg
2008-05-09 02:53 . 2008-05-09 02:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-09 02:53 . 2008-05-09 02:53 2,539 --a------ C:\WINDOWS\unins000.dat
2008-05-06 23:21 . 2008-05-06 23:23 <REP> d-------- C:\Program Files\CDex_170b2
2008-05-05 21:23 . 2002-04-22 15:06 155,088 --a------ C:\WINDOWS\system32\drivers\Minav.sys
2008-05-05 21:23 . 2000-09-19 11:27 10,075 --a------ C:\WINDOWS\system32\drivers\2NFMin.sys
2008-05-05 21:12 . 2002-07-19 17:05 492,619 --a------ C:\WINDOWS\system32\drivers\ca500av.SYS
2008-05-05 21:12 . 2001-05-03 10:57 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
2008-05-05 21:12 . 2001-09-10 20:41 32,256 --a------ C:\WINDOWS\system32\ca500ds.ax
2008-05-05 21:12 . 2002-07-22 15:48 11,117 --a------ C:\WINDOWS\system32\drivers\BULK2NM.sys
2008-04-23 22:00 . 2008-04-23 22:00 <REP> d-------- C:\Program Files\Babylon
2008-04-23 22:00 . 2008-04-23 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-04-23 21:58 . 2008-04-23 22:15 <REP> d-------- C:\Documents and Settings\dd\Application Data\Babylon
2008-04-22 21:37 . 2008-04-22 21:43 <REP> d-------- C:\Documents and Settings\dd\Application Data\Desktop Sidebar
2008-04-22 13:57 . 2008-04-22 13:57 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-22 13:57 . 2008-04-22 13:57 <REP> d--h----- C:\Program Files\CanonBJ
2008-04-22 13:57 . 2008-04-22 13:57 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-22 13:57 . 2007-04-16 07:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8V.DLL
2008-04-21 22:45 . 2008-04-21 22:57 <REP> d-------- C:\Program Files\ClickTray Calendar
2008-04-21 22:37 . 2008-04-21 22:37 <REP> d-------- C:\Documents and Settings\dd\Application Data\EssentialPIM
2008-04-17 14:20 . 2003-09-22 14:00 57,344 --------- C:\WINDOWS\system32\HKLock.dll
2008-04-17 14:20 . 2003-09-22 14:00 57,344 --------- C:\WINDOWS\HKLock.dll
2008-04-17 14:20 . 2003-03-27 13:55 11,776 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-04-17 14:20 . 2003-01-23 14:29 9,548 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2008-04-16 23:38 . 2008-04-16 23:39 <REP> d-------- C:\Documents and Settings\dd\Application Data\DeepBurner Pro
2008-04-16 23:30 . 2008-04-16 23:33 <REP> d-------- C:\Program Files\graveur burner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 22:08 --------- d-----w C:\Program Files\Wanadoo
2008-05-10 21:56 --------- d-----w C:\Documents and Settings\dd\Application Data\MailWasherPro
2008-05-09 21:39 --------- d-----w C:\Program Files\Google
2008-05-09 20:49 --------- d-----w C:\Program Files\Yahoo!
2008-05-09 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 23:59 --------- d-----w C:\Program Files\eMule
2008-05-06 20:24 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-05-05 19:24 --------- d-----w C:\Program Files\mdscmin
2008-04-22 12:29 --------- d-----w C:\Program Files\Canon
2008-04-17 17:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 21:37 --------- d-----w C:\Program Files\Astonsoft
2008-04-08 18:58 --------- d-----w C:\Documents and Settings\dd\Application Data\OpenOffice.org2
2008-04-02 18:27 --------- d-----w C:\Documents and Settings\dd\Application Data\Lavasoft
2008-04-02 10:55 --------- d-----w C:\Program Files\Calendrier
2008-03-27 10:12 --------- d-----w C:\Documents and Settings\dd\Application Data\Acronis
2008-03-22 20:46 --------- d-----w C:\Program Files\Almanach
2008-03-22 20:45 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-22 20:45 253,952 ------w C:\WINDOWS\Setup1.exe
2008-03-22 18:05 --------- d-----w C:\Program Files\calendrier mural
2008-03-22 17:30 --------- d-----w C:\Program Files\metagenia
2008-03-20 15:14 1,246,752 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 17:52 --------- d-----w C:\Documents and Settings\dd\Application Data\dvdcss
2008-03-12 16:51 --------- d-----w C:\Program Files\Firetrust
2008-02-21 18:21 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-05-25 22:11 92,832 ----a-w C:\Documents and Settings\dd\Application Data\GDIPFONTCACHEV1.DAT
2003-04-22 18:24 2,736,128 ----a-w C:\Program Files\aiodrv.msi
2003-04-22 18:20 2,605,056 ----a-w C:\Program Files\aiosw.msi
2003-04-22 18:01 241 ----a-w C:\Program Files\readme.html
2003-04-22 18:01 16,606 ----a-w C:\Program Files\hpomdl01.dat
2003-04-09 17:19 2,848 ----a-w C:\Program Files\hpound08.inf
2003-04-09 17:19 14,157 ----a-w C:\Program Files\hpousc08.inf
2003-04-09 17:00 4,715 ----a-w C:\Program Files\hpoglu08.inf
2003-04-09 17:00 2,889 ----a-w C:\Program Files\hpousb08.inf
2003-04-09 12:13 577,536 ----a-w C:\Program Files\Setup.exe
2003-03-20 15:20 24,728 ----a-w C:\Program Files\HPZipr12.cat
2003-03-20 15:20 24,285 ----a-w C:\Program Files\hposcu08.cat
2003-03-20 15:20 22,523 ----a-w C:\Program Files\HPZius12.cat
2003-03-20 15:20 22,082 ----a-w C:\Program Files\hpzist12.cat
2003-03-20 15:20 22,082 ----a-w C:\Program Files\HPZid412.cat
2003-03-20 15:20 21,641 ----a-w C:\Program Files\HPOunp08.cat
2003-03-20 15:20 205,503 ----a-w C:\Program Files\hpoprn08.cat
2003-03-09 20:30 63,562 ----a-w C:\Program Files\hposcu08.inf
2003-03-09 20:30 51,266 ----a-w C:\Program Files\hpoprn08.inf
2003-03-09 20:30 33,952 ----a-w C:\Program Files\hpzid412.inf
2003-03-09 20:30 3,898 ----a-w C:\Program Files\hpounp08.inf
2003-03-09 20:30 3,667 ----a-w C:\Program Files\hpzist12.inf
2003-03-09 20:30 274,432 ----a-w C:\Program Files\hpzglu07.exe
2003-03-09 20:30 237,568 ----a-w C:\Program Files\hpzc3212.dll
2003-03-09 20:30 23,186 ----a-w C:\Program Files\hpzcin06.ex_
2003-03-09 20:30 184,320 ----a-w C:\Program Files\hpzscr07.dll
2003-03-09 20:30 16,352 ----a-w C:\Program Files\HPZUCI12.DLL
2003-03-09 20:30 14,285 ----a-w C:\Program Files\hpzius12.inf
2003-03-09 20:30 10,325 ----a-w C:\Program Files\hpzipr12.inf
2002-09-09 17:48 458,752 ----a-w C:\Program Files\tls704d.dll
2002-09-09 17:48 22,608 ----a-w C:\Program Files\usbprint.sys
2002-09-09 17:48 12,288 ----a-w C:\Program Files\usbmon.dll
2002-09-09 17:47 70,656 ----a-w C:\Program Files\msvcirt.dll
2002-09-09 17:47 55,155 ----a-w C:\Program Files\hpzusb00.sy_
2002-09-09 17:47 5,705 ----a-w C:\Program Files\hpzuci02.dl_
2002-09-09 17:47 254,005 ----a-w C:\Program Files\msvcrt.dll
2002-09-09 17:47 25,639 ----a-w C:\Program Files\hpzpom04.dl_
2002-09-09 17:47 212,992 ----a-w C:\Program Files\hpzpnp07.dll
2002-09-09 17:46 52,552 ----a-w C:\Program Files\hpziou01.dl_
2002-09-09 17:46 49,212 ----a-w C:\Program Files\hpzjvp01.dll
2002-09-09 17:46 46,017 ----a-w C:\Program Files\hpzion00.sy_
2002-09-09 17:46 417,849 ----a-w C:\Program Files\hpzjpp01.dll
2002-09-09 17:46 28,722 ----a-w C:\Program Files\hpzjlog.dll
2002-09-09 17:46 249,913 ----a-w C:\Program Files\hpzjut01.dll
2002-09-06 09:54 995,383 ----a-w C:\Program Files\MFC42.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 21:35 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-16 22:40 98304]
"combofix"="C:\WINDOWS\system32\CF9583.exe" [2004-08-05 13:00 400896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.CDVC"= cdvccodc.dll
"vidc.yv12"= yv12vfw.dll
"vidc.X264"= x264vfw.dll
"vidc.dvsd"= dvc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lotus Organizer EasyClip.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lotus Organizer EasyClip.lnk
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lotus SmartCenter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lotus SmartCenter.lnk
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lotus SuiteStart.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lotus SuiteStart.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Petit Larousse 2001.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Petit Larousse 2001.lnk
backup=C:\WINDOWS\pss\Petit Larousse 2001.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^dd^Menu Démarrer^Programmes^Démarrage^Barre d'Outils Olitec.lnk]
path=C:\Documents and Settings\dd\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk
backup=C:\WINDOWS\pss\Barre d'Outils Olitec.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^dd^Menu Démarrer^Programmes^Démarrage^Intégrateur PROjectMT 98.lnk]
path=C:\Documents and Settings\dd\Menu Démarrer\Programmes\Démarrage\Intégrateur PROjectMT 98.lnk
backup=C:\WINDOWS\pss\Intégrateur PROjectMT 98.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^dd^Menu Démarrer^Programmes^Démarrage^MailWasherPro.lnk]
path=C:\Documents and Settings\dd\Menu Démarrer\Programmes\Démarrage\MailWasherPro.lnk
backup=C:\WINDOWS\pss\MailWasherPro.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^dd^Menu Démarrer^Programmes^Démarrage^Moniteur Fax-Voix.lnk]
path=C:\Documents and Settings\dd\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk
backup=C:\WINDOWS\pss\Moniteur Fax-Voix.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 19:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-02-17 18:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
F:\programmesplus\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2005-06-27 16:36 2433086 C:\Program Files\Babylon\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-04 03:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-15 03:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 22:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
--a------ 2006-10-12 16:57 102400 C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-11-20 12:51 356352 C:\Program Files\Trust\350 CW Mouse Cardreader Wireless\1.1\MOUSE32A.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
-ra------ 2003-07-07 11:30 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 13:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMT Integrator]
C:\Program Files\PROMT5\INTEGRAL\PinStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-16 22:40 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-05 21:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-02-17 18:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrustInstaller]
D:\Setup.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 16:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\WANADOO\GestMaj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\WANADOO\GestMaj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 15:49 20480 C:\PROGRA~1\WANADOO\Watch.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\mmc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:50]
S0 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys []
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 20:25]
S3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 13:46]
S3 CA500AI;GSmart Mini Still Image Capture;C:\WINDOWS\system32\Drivers\BULK2NM.sys [2002-07-22 15:48]
S3 CA500AV;GSmart Mini WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [2002-07-19 17:05]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys [2004-08-30 17:16]
S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 21:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{254e98a0-2f12-11dc-b03c-4d6564696130}]
\Shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f3cf171-5d8b-11dc-b0c9-4d6564696130}]
\Shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{750e7481-217f-11dc-b014-4d6564696130}]
\Shell\AutoRun\command - F:\FUSION\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{780c9ac0-ffb1-11db-b789-4d6564696130}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{813246a0-1d1b-11dc-affe-4d6564696130}]
\Shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997ed953-202c-11dc-b00e-4d6564696130}]
\Shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b04b81-21c3-11dc-b019-4d6564696130}]
\Shell\AutoRun\command - G:\AUTORUN.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 00:26:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\EPSON\ESM2\eEBSvc.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-11 0:29:36 - machine was rebooted [dd]
ComboFix-quarantined-files.txt 2008-05-10 22:29:19
Pre-Run: 121,549,230,080 octets libres
Post-Run: 121,463,582,720 octets libres
320 --- E O F --- 2008-04-08 20:36:10
2 RAPPORT HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 22:58, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\EPSON\ESM2\Stms.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-->Message édité par torul le 17/05/2008 00:21:07<--
|
|
Imagine ...
|
|
|
 torul
Supprime ce qui est en gras  !
c:\qoobox
Puis, vide la Corbeille.
|
|
|
|
|
de TOrul : Merci KMISOL, j'hésitais à supprimer ce dossier généré par COMBOFIX par crainte de corrompre la base de régistre.
Mille mercis pour ta réponse rapide
|
|
Imagine ...
|
|
|
torul
Si tu estimes que ton problème est réglé,
replaces-toi sur ton 1er message et clique sur  .
Une fois dans le message, inscris (copies-colles) en titre …
Rootkit asc3550p.sys [résolu]
… et clique sur > Poster ce message.
******
Quelques conseils ...
http://www.malekal.com/securiser_ordinateur.html
et aussi ...
http://www.malekal.com/securiser_internet_explorer.html
|
|
|
1
|
|
|
|
