Se connecter / S'enregistrer
Votre question

Analyse combofix et hijackthis

Tags :
  • analyse
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Juillet 2008 09:32:21

Salut a tous
Apres vos derniers conseils j'ai effectuer D'abord l'analyse de combofix:

ComboFix 08-07-05.1 - SISSOU 2008-07-09 8:50:19.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.229 [GMT 2:00]
Endroit: C:\Documents and Settings\SISSOU\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\WINDOWS\BM2ff53c96.txt
C:\WINDOWS\SW5mby1tdXNpYw\
C:\WINDOWS\system32\brgcyuah.ini
C:\WINDOWS\system32\feNVEfhk.ini
C:\WINDOWS\system32\feNVEfhk.ini2
C:\WINDOWS\system32\g17.exe
C:\WINDOWS\system32\ijslbico.ini
C:\WINDOWS\system32\ileqwg.dll
C:\WINDOWS\system32\mvtckeoj.dll
C:\WINDOWS\system32\osccvmhb.ini
C:\WINDOWS\system32\uakxnnma.ini
C:\WINDOWS\system32\xbubjvrw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2013-12-16 20:17 . 2013-12-16 20:17 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-07-08 12:34 . 2008-07-09 09:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-08 12:34 . 2008-07-08 12:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 20:05 . 2008-07-08 20:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-04 18:20 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-04 18:20 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-04 18:20 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-04 18:20 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-02 12:04 . 2008-07-02 12:10 63,918 --a------ C:\WINDOWS\system32\{373e77ff-2d23-0469-cd2c-bbc58bb960dd}.dll-uninst.exe
2008-07-02 08:41 . 2008-07-03 19:46 110,448 --a------ C:\WINDOWS\BM2ff53c96.xml
2008-07-01 18:49 . 2008-07-01 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-01 16:49 . 2008-07-01 16:49 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-07-01 16:29 . 2008-07-05 22:36 <REP> d--hs---- C:\Documents and Settings\SISSOU\!
2008-07-01 16:27 . 2008-07-01 16:27 2,187,264 ---hs---- C:\Documents and Settings\SISSOU\svchost.exe
2008-07-01 16:26 . 2008-07-02 19:23 <REP> d-------- C:\WINDOWS\system32\yrt
2008-07-01 16:26 . 2008-07-01 16:26 <REP> d-------- C:\WINDOWS\system32\rov
2008-07-01 16:26 . 2008-07-01 16:26 <REP> d-------- C:\WINDOWS\system32\pRI
2008-07-01 16:25 . 2008-07-01 16:25 <REP> d-------- C:\WINDOWS\system32\modtrux05
2008-07-01 16:25 . 2008-07-01 16:26 <REP> d-------- C:\Temp\syschk3
2008-07-01 16:25 . 2008-07-06 16:26 <REP> d-------- C:\Temp
2008-06-30 19:45 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-30 19:45 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-30 19:44 . 2008-06-30 19:45 <REP> d-------- C:\Program Files\Picasa2
2008-06-30 13:52 . 2008-06-30 13:52 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-27 19:31 . 2008-06-30 13:42 <REP> d-------- C:\Documents and Settings\SISSOU\Application Data\Icone
2008-06-27 19:18 . 2008-06-27 19:18 <REP> d--h----- C:\WINDOWS\PIF
2008-06-26 19:27 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-06-26 19:27 . 2004-08-04 00:55 91,648 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-06-26 19:27 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-06-26 19:27 . 2004-08-04 00:55 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-06-26 19:27 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-26 19:27 . 2004-08-04 00:54 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-26 19:27 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-06-26 19:27 . 2004-08-04 00:55 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-06-26 19:22 . 2008-06-26 19:22 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-06-26 19:22 . 2008-06-26 19:22 <REP> d-------- C:\Documents and Settings\SISSOU\Application Data\FotoWire
2008-06-26 19:20 . 2004-05-21 21:16 471,232 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2008-06-26 19:20 . 2004-05-27 17:49 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-06-26 19:20 . 2004-05-27 17:44 208,896 --a------ C:\WINDOWS\system32\LVCodec2.dll
2008-06-26 19:20 . 2004-05-27 17:46 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-06-26 19:20 . 2004-05-21 21:11 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2008-06-26 19:20 . 2004-05-21 20:05 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-06-26 19:20 . 2004-05-27 17:47 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-06-26 19:20 . 2004-05-21 20:12 5,993 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-06-26 19:19 . 2008-06-26 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-06-26 19:19 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-06-26 19:19 . 2008-06-26 19:19 264 --a------ C:\WINDOWS\_delis32.ini
2008-06-26 19:18 . 2008-06-26 19:22 <REP> d-------- C:\Program Files\Logitech
2008-06-26 19:18 . 2008-06-26 19:18 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-06-26 19:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-26 19:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-25 11:01 . 2008-06-25 11:01 <REP> d-------- C:\Program Files\LETMIN
2008-06-25 11:01 . 2008-06-25 11:01 <REP> d-------- C:\Program Files\Icone
2008-06-25 10:48 . 2008-06-25 10:48 <REP> d-------- C:\WINDOWS\Sun
2008-06-24 17:45 . 2008-06-24 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-24 11:29 . 2008-06-24 11:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-16 15:10 . 2008-07-02 09:58 <REP> d-------- C:\Documents and Settings\SISSOU\Application Data\LimeWire
2008-06-16 15:09 . 2008-06-17 06:51 <REP> d-------- C:\Program Files\Google
2008-06-16 15:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 15:07 . 2008-06-16 15:09 <REP> d-------- C:\Program Files\Java
2008-06-16 15:06 . 2008-06-16 15:06 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-06-16 15:02 . 2008-07-02 10:11 <REP> d-------- C:\Program Files\LimeWire
2008-06-15 18:16 . 2008-06-15 18:16 <REP> d-------- C:\Documents and Settings\SISSOU\Application Data\AdobeUM
2008-06-15 18:14 . 2008-06-15 18:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-11 20:18 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:16 . 2008-06-10 20:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-06-10 19:12 . 2008-06-10 19:12 <REP> d-------- C:\Documents and Settings\SISSOU\Saved Games
2008-06-09 21:52 . 2008-06-09 21:52 <REP> d-------- C:\Documents and Settings\SISSOU\Application Data\Valusoft
2008-06-09 21:52 . 2008-06-09 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-06-09 21:52 . 2008-06-10 21:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 21:51 . 2008-06-09 21:51 <REP> d-------- C:\Program Files\GamesBar
2008-06-09 21:51 . 2008-06-10 21:22 <REP> d-------- C:\Program Files\Gamenext
2008-06-09 21:51 . 2008-06-09 21:51 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-26 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 16:05 --------- d-----w C:\Documents and Settings\SISSOU\Application Data\Apple Computer
2008-06-16 12:57 --------- d-----w C:\Program Files\eMule
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-06-04 12:31 --------- d-----w C:\Program Files\Windows Live
2008-06-01 13:19 --------- d-----w C:\Program Files\iTunes
2008-06-01 13:19 --------- d-----w C:\Program Files\iPod
2008-06-01 13:18 --------- d-----w C:\Program Files\QuickTime
2008-06-01 13:18 --------- d-----w C:\Program Files\Bonjour
2008-06-01 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-01 13:16 --------- d-----w C:\Program Files\Apple Software Update
2008-06-01 13:15 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-06-01 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-01 12:59 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-01 12:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-01 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-01 11:58 --------- d-----w C:\Program Files\VirtualDJ
2008-06-01 11:57 --------- d-----w C:\Program Files\Steinberg
2008-06-01 11:39 --------- d-----w C:\Program Files\AtomixMP3
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-16 15:12 171448]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 03:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 ATMEL WinXP PCMCIAFVNETR (2ARE)(R);ATMEL WinXP PCMCIAFVNETR (2ARE)(R) Service for ATMEL PCMCIA FastVNET (502A-E);C:\WINDOWS\system32\DRIVERS\fvnete51.sys [2003-01-14 12:44]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-02 08:50:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0efe45c0-0839-4790-80b9-5e08cde3e366} - C:\WINDOWS\system32\ruocod.dll
BHO-{1d8eece0-099d-dac4-8476-804b1594b31d} - C:\WINDOWS\system32\{373e77ff-2d23-0469-cd2c-bbc58bb960dd}.dll
BHO-{68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\iifdddBR.dll
BHO-{7FF0AEA7-C12B-4117-B188-3C007C013DE6} - C:\WINDOWS\system32\khfEVNef.dll
HKLM-Run-{847f4519-39b2-b403-5fc8-faf84e15c418} - C:\WINDOWS\system32\{373e77ff-2d23-0469-cd2c-bbc58bb960dd}.dll
HKLM-Run-BM2ff53c96 - C:\WINDOWS\system32\emxndtnr.dll
ShellExecuteHooks-{68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\iifdddBR.dll
Notify-iifdddBR - iifdddBR.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 09:00:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-09 9:10:23 - machine was rebooted [SISSOU]
ComboFix-quarantined-files.txt 2008-07-09 07:10:19

Pre-Run: 14,361,915,392 octets libres
Post-Run: 14,365,396,992 octets libres

211 --- E O F --- 2008-07-08 19:39:07


Puis, j'ai effectuer une analyse Hijackthis ci dessous :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:31:36, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\SISSOU\Mes documents\Programme\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skyblog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64r.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6154 bytes


j'espere que vous comprendrez quelques choses (Rire)
Merci beaucoup de votre aide

Autres pages sur : analyse combofix hijackthis

9 Juillet 2008 11:21:20

Bonjour,

Après vos derniers conseils ? Tu as déjà un sujet en cours ?
Si oui, reste dessus.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS