no save
Identification
Assistance
Achat
News

Forum | virus/sécurité
plusieurs processus "iexplore.exe"
alex390, le mar. 14 août 2007 à 20:47:59
Bonsoir

Donc j'ai fait ceci :

JV16, le nettoyage est fait, la valeur {00000222-1111-1234-4321-0A1B2C3D4E99} n'a pas été trouvée

ComboFix, voici le rapport :


ComboFix 07-08-14.4 - "ALEX" 2007-08-14 20:35:46.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.111 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-14 20:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 20:22 <REP> d-------- C:\Program Files\jv16 PowerTools
2007-08-13 16:14 <REP> d-------- C:\Program Files\StuffPlug3
2007-08-13 00:31 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-13 00:30 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-08-13 00:30 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-08-13 00:30 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-08-13 00:30 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-08-13 00:30 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-08-13 00:30 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-08-13 00:29 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-13 00:29 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-08-13 00:29 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-13 00:27 <REP> d-------- C:\Program Files\SpywareBlaster
2007-08-12 23:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-12 18:19 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-12 18:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-12 18:19 267,845 --a------ C:\WINDOWS\tsc.exe
2007-08-12 18:19 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-08-12 18:19 <REP> d-------- C:\WINDOWS\AU_Backup
2007-08-12 18:18 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-08-12 18:18 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-08-12 18:18 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-08-12 18:18 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-12 18:18 <REP> d-------- C:\WINDOWS\AU_Log
2007-08-12 17:53 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-11 16:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-11 16:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-08-11 15:58 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-08-11 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-08-11 15:55 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\Sunbelt Software
2007-08-11 15:44 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-08-10 23:08 106 --a------ C:\delete.bat
2007-08-10 23:07 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-10 23:07 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\WholeSecurity
2007-08-10 22:34 <REP> d-------- C:\VundoFix Backups
2007-08-10 22:28 <REP> d-------- C:\Program Files\XoftSpySE
2007-08-09 13:41 4,096 --a------ C:\WINDOWS\spload.dll
2007-08-09 13:41 31 --a------ C:\WINDOWS\system32\~.exe.bat
2007-08-09 13:41 3,328 --a------ C:\WINDOWS\system32\s744642.sys
2007-08-09 13:41 3,072 --a------ C:\WINDOWS\s1864w32.dll
2007-08-05 16:46 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\U3
2007-08-02 23:00 <REP> d-------- C:\Program Files\CCleaner
2007-07-31 18:41 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-07-31 18:41 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-31 18:41 236,032 --a--c--- C:\WINDOWS\system32\dllcache\camext20.dll
2007-07-31 18:41 236,032 --a------ C:\WINDOWS\system\camext20.dll
2007-07-31 18:41 223,232 --a--c--- C:\WINDOWS\system32\dllcache\camdrv21.sys
2007-07-31 18:41 223,232 --a------ C:\WINDOWS\system32\drivers\camdrv21.sys
2007-07-23 16:25 <REP> d-------- C:\Program Files\BitTorrent Fastest Tool
2007-07-21 19:10 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-07-19 16:10 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\Azureus
2007-07-19 16:06 <REP> d-------- C:\Program Files\Azureus
2007-07-19 14:06 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2007-07-19 14:06 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2007-07-19 14:06 2,210,048 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2007-07-17 15:06 <REP> d-------- C:\Program Files\Neuf
2007-07-15 17:06 <REP> d-------- C:\Program Files\MyPhoneExplorer
2007-07-15 17:06 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\MyPhoneExplorer
2007-07-14 18:48 <REP> d-------- C:\Program Files\Disc2Phone
2007-07-14 17:39 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-07-14 17:39 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-14 17:39 18,704 -ra------ C:\WINDOWS\system32\drivers\se57nd5.sys
2007-07-14 17:38 97,088 -ra------ C:\WINDOWS\system32\drivers\se57mdm.sys
2007-07-14 17:38 90,800 -ra------ C:\WINDOWS\system32\drivers\se57unic.sys
2007-07-14 17:38 9,360 -ra------ C:\WINDOWS\system32\drivers\se57mdfl.sys
2007-07-14 17:38 88,624 -ra------ C:\WINDOWS\system32\drivers\se57mgmt.sys
2007-07-14 17:38 86,432 -ra------ C:\WINDOWS\system32\drivers\se57obex.sys
2007-07-14 17:38 61,536 -ra------ C:\WINDOWS\system32\drivers\se57bus.sys
2007-07-14 17:38 6,240 -ra------ C:\WINDOWS\system32\drivers\se57cmnt.sys
2007-07-14 17:38 6,240 -ra------ C:\WINDOWS\system32\drivers\se57cm.sys
2007-07-14 17:38 5,872 -ra------ C:\WINDOWS\system32\drivers\se57whnt.sys
2007-07-14 17:38 5,872 -ra------ C:\WINDOWS\system32\drivers\se57wh.sys
2007-07-14 17:38 4,128 -ra------ C:\WINDOWS\system32\drivers\se57cr.sys
2007-07-14 17:34 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\Teleca
2007-07-14 17:33 <REP> d-------- C:\DOCUME~1\ALEX\APPLIC~1\Sony Ericsson
2007-07-14 17:29 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-07-14 17:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-07-14 17:28 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
2007-07-14 17:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 10:11 --------- d-------- C:\Program Files\WorldCommunityGrid
2007-08-13 17:59 --------- d-------- C:\Program Files\eMule
2007-08-13 16:14 --------- d-------- C:\Program Files\MSN Messenger
2007-08-13 14:48 --------- d-------- C:\Program Files\PokerStars
2007-08-11 15:53 --------- d-------- C:\Program Files\Sunbelt Software
2007-08-10 22:33 --------- d-------- C:\Program Files\Launch Manager
2007-08-09 14:14 --------- d-------- C:\DOCUME~1\ALEX\APPLIC~1\Help
2007-08-09 13:41 31 --a------ C:\WINDOWS\system32\~.exe.bat
2007-08-05 15:28 --------- d-------- C:\DOCUME~1\ALEX\APPLIC~1\Skype
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-19 23:13 --------- d-------- C:\Program Files\Services en ligne
2007-07-19 14:05 --------- d-------- C:\Program Files\Intel
2007-07-16 20:25 --------- d-------- C:\Program Files\DivX
2007-07-15 16:50 --------- d-------- C:\Program Files\Sony Ericsson
2007-07-05 12:16 --------- d-------- C:\Program Files\WinMPG Video Convert
2007-06-26 23:20 --------- d-------- C:\Program Files\NDAS
2007-06-18 00:02 --------- d-------- C:\Program Files\Google
2007-06-15 14:37 27376 --a------ C:\WINDOWS\system32\SBBD.exe
2007-05-16 17:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-08-20 20:02:11 56 --sh--r C:\WINDOWS\system32\9E40D60C7A.sys
2005-01-20 20:55:24 8 --sh--r C:\WINDOWS\system32\BCFCF81A7E.sys
2007-04-05 17:39:56 13,302 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 22:05]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 16:54 C:\WINDOWS\SOUNDMAN.EXE]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2004-08-06 15:04]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2004-11-11 16:13]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2004-07-26 15:52]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2004-11-23 17:01]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 17:25]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 17:24]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 14:38 C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-11-26 19:49]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-01-11 19:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 19:23]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 16:38]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 22:13]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

C:\Documents and Settings\ALEX\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers PDW2_16.lnk - C:\Documents and Settings\ALEX\Bureau\PDW\PDW2_16.exe [2007-08-09 13:36:33]
World Community Grid Agent.lnk - C:\Program Files\WorldCommunityGrid\UD.EXE [2005-04-29 14:12:42]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-11-29 20:55:44]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe [2006-03-20 16:40:20]
POC32.lnk - C:\Program Files\BayCom\POC32\poc32.exe [2003-08-04 10:46:22]

R0 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R2 s744642.sys;s744642.sys;\??\C:\WINDOWS\system32\s744642.sys
R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
R3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a55431-4350-11dc-ad2e-000e35c8aaf1}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f2ef472-3e7e-11dc-ad25-000e35c8aaf1}]
AutoRun\command- G:\.\Recycled\Driveinfo.exe
Open\Command- G:\.\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4448561-321f-11dc-ad00-000e35c8aaf1}]
AutoRun\command- G:\.\Recycled\Driveinfo.exe
Open\Command- G:\.\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4448562-321f-11dc-ad00-000e35c8aaf1}]
AutoRun\command- H:\.\Recycled\Driveinfo.exe
Open\Command- H:\.\Recycled\Driveinfo.exe


Contents of the 'Scheduled Tasks' folder
2006-03-09 20:02:19 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-08-10 20:28:59 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-10 20:28:59 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 20:41:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 20:44:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 20:43

--- E O F ---




Et le contenu de system.ini :

; for 16-bit app support

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON



Merci.
Précédentafideg
août 07
afideg
août 07
Suivant
REPONSES
jalobservateur
août 07
Alex390
août 07
jalobservateur
août 07
afideg
août 07
Alex390
août 07
afideg
août 07
alex390
août 07
afideg
août 07
alex390
août 07
afideg
août 07
Version Web
Mentions légales (c)2009
Réalisé par RedShift
no save