Virus - Warning Dangerous Spyware Aide
Fermé
H2OoO
-
29 déc. 2008 à 12:09
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 29 déc. 2008 à 14:32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 29 déc. 2008 à 14:32
A voir également:
- Virus - Warning Dangerous Spyware Aide
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Temu spyware - Accueil - Applications & Logiciels
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Faux message virus ordinateur - Accueil - Arnaque
4 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
29 déc. 2008 à 12:16
29 déc. 2008 à 12:16
slt
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Voila Le rapport :
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P49 "\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newlock.exe" saskda
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\Access Manager\newlock.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P49 "\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newlock.exe" saskda
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\Access Manager\newlock.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Rapport Info.txt
info.txt logfile of random's system information tool 1.05 2008-12-29 12:20:32
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Manager-->"C:\Program Files\Access Manager\newadmin.exe" uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AP Tuner 3.06-->"C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Avast\aswRunDll.exe "C:\Program Files\Avast\Setup\setiface.dll",RunSetup
AVS Video Converter 4.3.1.371-->"C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.2.4.82-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Easy Video Capture 1.30-->"C:\Program Files\Easy Video Capture\unins000.exe"
Free Easy Burner V 3.8-->"C:\Program Files\Free Easy Burner\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - FRA\setup.exe
Microsoft Visual Basic 2008 Express Edition - FRA-->MsiExec.exe /X{ACC61C04-48C5-3F6F-977B-AD33E94E5F40}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}
PinnacleHollywood FX 5-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
Studio Content DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x40c
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak\unins000.exe"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
TOSHIBA Bluetooth Stack for Apache by CSR-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
VLC media player 0.9.2-->C:\Program Files\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081228-0]
System event log
Computer Name: XPSP2-858AC4F24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.
Record Number: 1503
Source Name: Service Control Manager
Time Written: 20081111103402.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-858AC4F24
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 1502
Source Name: EventLog
Time Written: 20081111103344.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 1501
Source Name: EventLog
Time Written: 20081111103344.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 1500
Source Name: EventLog
Time Written: 20081110211145.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 25
Message: Les fichiers E_FICM9CE.ICM associés à l'imprimante \\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series ont été ajoutés ou mis à jour.
Record Number: 1499
Source Name: Print
Time Written: 20081110204100.000000+060
Event Type: Avertissement
User: XPSP2-858AC4F24\Admin
Application event log
Computer Name: XPSP2-858AC4F24
Event Code: 102
Message: MsnMsgr (856) \\.\C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\luigilionel@msn.com\SharingMetadata\Working\database_3C2C_B2F8_2CB2_ABF0\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 1037
Source Name: ESENT
Time Written: 20081117200953.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 100
Message: MsnMsgr (856) Le moteur de base de données 5.01.2600.2780 est démarré.
Record Number: 1036
Source Name: ESENT
Time Written: 20081117200952.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1035
Source Name: usnjsvc
Time Written: 20081117200952.000000+060
Event Type:
User:
Computer Name: XPSP2-858AC4F24
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1034
Source Name: SecurityCenter
Time Written: 20081117200857.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur XPSP2-858AC4F24\Admin alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.
Record Number: 1033
Source Name: Userenv
Time Written: 20081116233902.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Et Pour le Log.txt :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Admin at 2008-12-29 12:20:24
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 33 GB (22%) free of 153 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:30, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P49 "\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newlock.exe" saskda
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\Access Manager\newlock.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
info.txt logfile of random's system information tool 1.05 2008-12-29 12:20:32
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Manager-->"C:\Program Files\Access Manager\newadmin.exe" uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AP Tuner 3.06-->"C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Avast\aswRunDll.exe "C:\Program Files\Avast\Setup\setiface.dll",RunSetup
AVS Video Converter 4.3.1.371-->"C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.2.4.82-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Easy Video Capture 1.30-->"C:\Program Files\Easy Video Capture\unins000.exe"
Free Easy Burner V 3.8-->"C:\Program Files\Free Easy Burner\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - FRA\setup.exe
Microsoft Visual Basic 2008 Express Edition - FRA-->MsiExec.exe /X{ACC61C04-48C5-3F6F-977B-AD33E94E5F40}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}
PinnacleHollywood FX 5-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
Studio Content DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x40c
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak\unins000.exe"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
TOSHIBA Bluetooth Stack for Apache by CSR-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
VLC media player 0.9.2-->C:\Program Files\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081228-0]
System event log
Computer Name: XPSP2-858AC4F24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.
Record Number: 1503
Source Name: Service Control Manager
Time Written: 20081111103402.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-858AC4F24
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 1502
Source Name: EventLog
Time Written: 20081111103344.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 1501
Source Name: EventLog
Time Written: 20081111103344.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 1500
Source Name: EventLog
Time Written: 20081110211145.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 25
Message: Les fichiers E_FICM9CE.ICM associés à l'imprimante \\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series ont été ajoutés ou mis à jour.
Record Number: 1499
Source Name: Print
Time Written: 20081110204100.000000+060
Event Type: Avertissement
User: XPSP2-858AC4F24\Admin
Application event log
Computer Name: XPSP2-858AC4F24
Event Code: 102
Message: MsnMsgr (856) \\.\C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\luigilionel@msn.com\SharingMetadata\Working\database_3C2C_B2F8_2CB2_ABF0\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 1037
Source Name: ESENT
Time Written: 20081117200953.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 100
Message: MsnMsgr (856) Le moteur de base de données 5.01.2600.2780 est démarré.
Record Number: 1036
Source Name: ESENT
Time Written: 20081117200952.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1035
Source Name: usnjsvc
Time Written: 20081117200952.000000+060
Event Type:
User:
Computer Name: XPSP2-858AC4F24
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1034
Source Name: SecurityCenter
Time Written: 20081117200857.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-858AC4F24
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur XPSP2-858AC4F24\Admin alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.
Record Number: 1033
Source Name: Userenv
Time Written: 20081116233902.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Et Pour le Log.txt :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Admin at 2008-12-29 12:20:24
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 33 GB (22%) free of 153 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:30, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Access Manager\newlock.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P49 "\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newlock.exe" saskda
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\Access Manager\newlock.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
29 déc. 2008 à 13:34
29 déc. 2008 à 13:34
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ComboFix 08-12-28.03 - Admin 2008-12-29 13:40:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.504 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\inst.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\frmwrk32.exe
c:\windows\system32\mpg4c32.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\test.ttt
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\qoobox\Quarantine\C\\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 12:20 . 2008-12-29 12:20 <REP> d-------- C:\rsit
2008-12-29 11:50 . 2008-12-29 11:50 <REP> d-------- c:\program files\CCleaner
2008-12-29 11:24 . 2008-12-29 11:24 <REP> d-------- c:\program files\vghd
2008-12-29 11:24 . 2008-12-29 11:27 <REP> d-------- c:\documents and settings\Admin\Application Data\vghd
2008-12-29 11:24 . 2008-12-29 11:24 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-26 12:40 . 2008-12-29 11:23 <REP> d-------- c:\program files\eMule
2008-12-25 15:39 . 2008-12-25 15:39 <REP> d-------- c:\program files\DownloadToolz
2008-12-24 14:16 . 2008-12-24 14:16 <REP> d-------- c:\program files\Access Manager
2008-12-24 14:16 . 2008-12-24 14:16 <REP> d-------- c:\documents and settings\Admin\Access Manager
2008-12-24 14:16 . 2008-12-24 14:16 <REP> d--h----- C:\Access Manager
2008-12-20 13:18 . 2008-12-20 13:18 <REP> d-------- c:\documents and settings\Admin\Application Data\WNR
2008-12-19 14:27 . 2008-12-19 14:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-19 14:27 . 2008-12-19 19:37 <REP> d-------- c:\documents and settings\Admin\Application Data\Azureus
2008-12-18 14:53 . 2008-12-18 14:53 146 --a------ c:\windows\DelMR.bat
2008-12-18 14:25 . 2008-12-29 13:43 <REP> d-------- c:\program files\DNA
2008-12-18 14:25 . 2008-12-18 14:25 <REP> d-------- c:\program files\BitTorrent
2008-12-18 14:25 . 2008-12-29 13:43 <REP> d-------- c:\documents and settings\Admin\Application Data\DNA
2008-12-18 14:25 . 2008-12-26 13:14 <REP> d-------- c:\documents and settings\Admin\Application Data\BitTorrent
2008-12-17 13:56 . 2008-12-17 13:56 98 ---hs---- c:\windows\Tnghprn4.drv
2008-12-17 13:56 . 2008-12-17 16:01 0 --a------ c:\windows\WD.INI
2008-12-17 13:55 . 2008-12-18 14:47 <REP> d-------- c:\program files\Anag'In 3
2008-12-17 13:55 . 1998-02-06 22:39 304,128 --a------ c:\windows\unin040c.exe
2008-12-15 20:52 . 2008-12-20 14:23 <REP> d-------- c:\program files\ElcomSoft
2008-12-15 20:52 . 2008-12-15 20:55 1,105 --a------ c:\windows\AZPR3.INI
2008-12-14 14:57 . 2008-12-14 14:57 <REP> d-------- c:\program files\QuickMediaConverter
2008-12-12 19:51 . 2008-12-12 19:51 <REP> d-------- c:\program files\IVT Corporation
2008-12-02 21:20 . 2008-12-02 21:26 0 --a------ c:\windows\BsMobileModel.ini
2008-12-02 21:13 . 2008-12-02 21:13 <REP> d-------- c:\windows\system32\ivtMobCache
2008-12-02 21:03 . 2008-12-18 14:49 32 --a------ c:\windows\[u]0[/u]
2008-12-02 21:03 . 2008-12-02 21:03 0 --a------ c:\windows\system32\[u]0[/u]
2008-12-01 21:59 . 2008-12-02 20:33 98 --a------ c:\windows\WirelessFTP.INI
2008-12-01 21:40 . 2008-12-01 21:40 0 --a------ c:\windows\tosOBEX.INI
2008-12-01 21:39 . 2008-12-01 21:39 <REP> d-------- c:\documents and settings\Admin\Application Data\Toshiba
2008-12-01 21:34 . 2008-12-01 21:34 <REP> d-------- c:\program files\Toshiba
2008-12-01 18:42 . 2008-12-01 18:42 <REP> d-------- c:\documents and settings\Admin\Application Data\Apple Computer
2008-12-01 18:41 . 2008-12-01 18:41 <REP> d-------- c:\program files\QuickTime
2008-12-01 18:41 . 2008-12-01 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-01 17:21 . 2008-12-01 18:00 <REP> d-------- c:\program files\Free Easy Burner
2008-12-01 17:21 . 2003-05-21 23:50 344,064 --a------ c:\windows\system32\msvcr70.dll
2008-12-01 17:21 . 2003-08-07 13:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2008-12-01 17:21 . 2006-11-18 11:38 200,704 --a------ c:\windows\system32\vbalExpBar6.ocx
2008-12-01 17:21 . 1998-07-13 17:53 44,544 --a------ c:\windows\system32\GIF89.DLL
2008-11-30 11:00 . 2008-11-30 11:01 <REP> d-------- c:\documents and settings\Admin\Application Data\AVS Video Converter
2008-11-30 10:47 . 2008-11-30 10:47 <REP> d-------- c:\program files\AVSMedia
2008-11-30 10:47 . 2003-05-22 12:26 638,976 --a------ c:\windows\system32\divx.dll
2008-11-30 10:47 . 2004-07-03 20:59 524,288 --a------ c:\windows\system32\xvidcore.dll
2008-11-30 10:47 . 2003-05-21 23:50 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2008-11-30 10:47 . 2003-05-22 12:26 221,215 --a------ c:\windows\system32\divxdec.ax
2008-11-30 10:47 . 2003-05-21 23:50 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-30 10:47 . 2004-07-03 21:08 139,264 --a------ c:\windows\system32\xvidvfw.dll
2008-11-30 10:47 . 2003-05-21 23:50 82,944 --a------ c:\windows\system32\vct3216.acm
2008-11-30 10:47 . 2004-02-04 21:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2008-11-30 10:47 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-30 10:47 . 2003-05-21 23:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2008-11-30 10:47 . 2000-03-14 20:55 13,239 --a------ c:\windows\system32\Scg726.acm
2008-11-29 20:38 . 2008-11-29 20:38 <REP> d-------- c:\windows\system32\LogFiles
2008-11-29 20:30 . 2006-10-04 15:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2008-11-29 20:28 . 2008-11-29 20:28 <REP> d-------- c:\program files\Windows Media Connect 2
2008-11-29 20:24 . 2008-11-29 20:41 <REP> d-------- c:\windows\system32\drivers\umdf
2008-11-29 20:11 . 2004-08-19 15:09 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-29 19:46 . 2008-11-29 19:46 <REP> d-------- c:\program files\LG Electronics
2008-11-29 19:46 . 2008-09-04 06:27 24,832 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-11-29 19:46 . 2008-09-04 06:28 19,968 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-11-29 19:46 . 2008-09-04 06:27 13,056 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-11-29 19:45 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\system32\NMSDVDXU.dll
2008-11-29 19:45 . 2005-03-18 16:55 630,784 --a------ c:\windows\system32\vsflex8u.ocx
2008-11-29 19:45 . 2005-09-26 22:55 419,240 --a------ c:\windows\system32\Vsflex7L.ocx
2008-11-29 19:45 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2008-11-29 19:44 . 2008-12-14 19:22 <REP> d-------- c:\program files\LG PC Suite II
2008-11-29 19:44 . 2008-11-29 19:44 <REP> d-------- c:\documents and settings\Admin\Application Data\LG Electronics
2008-11-29 19:44 . 2008-11-29 19:44 <REP> d-------- c:\documents and settings\Admin\Application Data\InstallShield
2008-11-29 18:29 . 2008-11-29 18:29 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-29 18:29 . 2008-11-29 18:29 <REP> d-------- c:\documents and settings\Admin\Application Data\AVS4YOU
2008-11-29 18:28 . 2008-11-30 10:47 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2008-11-29 18:27 . 2008-11-30 10:46 <REP> d-------- c:\program files\AVS4YOU
2008-11-29 18:27 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2008-11-29 18:27 . 2007-02-27 18:36 24,576 --a------ c:\windows\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 12:43 --------- d-----w c:\program files\Spybot
2008-12-29 11:00 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 08:29 --------- d-----w c:\program files\Avast
2008-12-28 18:22 --------- d-----w c:\documents and settings\Admin\Application Data\Vso
2008-12-23 14:09 --------- d-----w c:\documents and settings\Admin\Application Data\dvdcss
2008-12-18 13:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 17:23 --------- d-----w c:\program files\World of Warcraft
2008-12-15 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-30 15:02 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-28 20:13 --------- d-----w c:\program files\CamStudio
2008-11-27 19:47 --------- d-----w c:\program files\Steam
2008-11-15 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-11-15 19:07 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-15 19:07 47,360 ----a-w c:\documents and settings\Admin\Application Data\pcouffin.sys
2008-11-15 19:07 --------- d-----w c:\program files\VSO
2008-11-10 19:41 --------- d-----w c:\program files\EPSON
2008-11-08 13:00 --------- d-----w c:\program files\Jeskola Buzz
2008-11-08 13:00 --------- d-----w c:\program files\Buzz
2008-11-07 16:49 --------- d-----w c:\program files\Audacity
2008-11-02 19:18 --------- d-----w c:\program files\Shareaza
2008-11-02 19:17 --------- d-----w c:\documents and settings\Admin\Application Data\Shareaza
2008-11-01 13:12 --------- d-----w c:\program files\Peer2Me
2008-11-01 10:56 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-11-01 10:34 --------- d--h--r c:\documents and settings\Admin\Application Data\SecuROM
2008-11-01 10:33 --------- d-----w c:\program files\GameSpy
2008-11-01 10:12 --------- d-----w c:\program files\Electronic Arts
2008-10-31 12:03 --------- d-----w c:\program files\Pinnacle
2008-10-31 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-29 19:21 --------- d-----w c:\program files\AP Tuner
2008-10-29 16:58 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-29 16:54 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-29 16:54 --------- d-----w c:\documents and settings\Admin\Application Data\DAEMON Tools
2008-10-29 12:26 --------- d-----w c:\program files\Fichiers communs\BOONTY Shared
2008-10-29 12:26 --------- d-----w c:\documents and settings\All Users\Application Data\BOONTY
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2008-11-26 81000]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"00saskda"="c:\program files\Access Manager\newlock.exe" [2008-07-06 1453056]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 08:20 222080 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Peer2Me]
--a------ 2008-01-04 17:47 49152 c:\program files\Peer2Me\Peer2Me.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 17:07 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-06 20560]
R2 DeskSaverService;DeskSaverService;c:\program files\Access Manager\newlock.exe [2008-12-24 1453056]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7712e3af-be4d-11dd-abec-00138fc87a20}]
\Shell\AutoRun\command - F:\USBAutoRun.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-zzsecagent - (no file)
MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mRouterConfig - c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\rwogg3u8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 13:43:51
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Avast\ashMaiSv.exe
c:\program files\Avast\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Avast\ashDisp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-29 13:45:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-29 12:45:37
Avant-CF: 34.885.857.280 octets libres
Après-CF: 34,768,261,120 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
276
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.504 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\inst.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\frmwrk32.exe
c:\windows\system32\mpg4c32.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\test.ttt
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\qoobox\Quarantine\C\\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 12:20 . 2008-12-29 12:20 <REP> d-------- C:\rsit
2008-12-29 11:50 . 2008-12-29 11:50 <REP> d-------- c:\program files\CCleaner
2008-12-29 11:24 . 2008-12-29 11:24 <REP> d-------- c:\program files\vghd
2008-12-29 11:24 . 2008-12-29 11:27 <REP> d-------- c:\documents and settings\Admin\Application Data\vghd
2008-12-29 11:24 . 2008-12-29 11:24 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-26 12:40 . 2008-12-29 11:23 <REP> d-------- c:\program files\eMule
2008-12-25 15:39 . 2008-12-25 15:39 <REP> d-------- c:\program files\DownloadToolz
2008-12-24 14:16 . 2008-12-24 14:16 <REP> d-------- c:\program files\Access Manager
2008-12-24 14:16 . 2008-12-24 14:16 <REP> d-------- c:\documents and settings\Admin\Access Manager
2008-12-24 14:16 . 2008-12-24 14:16 <REP> d--h----- C:\Access Manager
2008-12-20 13:18 . 2008-12-20 13:18 <REP> d-------- c:\documents and settings\Admin\Application Data\WNR
2008-12-19 14:27 . 2008-12-19 14:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-19 14:27 . 2008-12-19 19:37 <REP> d-------- c:\documents and settings\Admin\Application Data\Azureus
2008-12-18 14:53 . 2008-12-18 14:53 146 --a------ c:\windows\DelMR.bat
2008-12-18 14:25 . 2008-12-29 13:43 <REP> d-------- c:\program files\DNA
2008-12-18 14:25 . 2008-12-18 14:25 <REP> d-------- c:\program files\BitTorrent
2008-12-18 14:25 . 2008-12-29 13:43 <REP> d-------- c:\documents and settings\Admin\Application Data\DNA
2008-12-18 14:25 . 2008-12-26 13:14 <REP> d-------- c:\documents and settings\Admin\Application Data\BitTorrent
2008-12-17 13:56 . 2008-12-17 13:56 98 ---hs---- c:\windows\Tnghprn4.drv
2008-12-17 13:56 . 2008-12-17 16:01 0 --a------ c:\windows\WD.INI
2008-12-17 13:55 . 2008-12-18 14:47 <REP> d-------- c:\program files\Anag'In 3
2008-12-17 13:55 . 1998-02-06 22:39 304,128 --a------ c:\windows\unin040c.exe
2008-12-15 20:52 . 2008-12-20 14:23 <REP> d-------- c:\program files\ElcomSoft
2008-12-15 20:52 . 2008-12-15 20:55 1,105 --a------ c:\windows\AZPR3.INI
2008-12-14 14:57 . 2008-12-14 14:57 <REP> d-------- c:\program files\QuickMediaConverter
2008-12-12 19:51 . 2008-12-12 19:51 <REP> d-------- c:\program files\IVT Corporation
2008-12-02 21:20 . 2008-12-02 21:26 0 --a------ c:\windows\BsMobileModel.ini
2008-12-02 21:13 . 2008-12-02 21:13 <REP> d-------- c:\windows\system32\ivtMobCache
2008-12-02 21:03 . 2008-12-18 14:49 32 --a------ c:\windows\[u]0[/u]
2008-12-02 21:03 . 2008-12-02 21:03 0 --a------ c:\windows\system32\[u]0[/u]
2008-12-01 21:59 . 2008-12-02 20:33 98 --a------ c:\windows\WirelessFTP.INI
2008-12-01 21:40 . 2008-12-01 21:40 0 --a------ c:\windows\tosOBEX.INI
2008-12-01 21:39 . 2008-12-01 21:39 <REP> d-------- c:\documents and settings\Admin\Application Data\Toshiba
2008-12-01 21:34 . 2008-12-01 21:34 <REP> d-------- c:\program files\Toshiba
2008-12-01 18:42 . 2008-12-01 18:42 <REP> d-------- c:\documents and settings\Admin\Application Data\Apple Computer
2008-12-01 18:41 . 2008-12-01 18:41 <REP> d-------- c:\program files\QuickTime
2008-12-01 18:41 . 2008-12-01 18:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-01 17:21 . 2008-12-01 18:00 <REP> d-------- c:\program files\Free Easy Burner
2008-12-01 17:21 . 2003-05-21 23:50 344,064 --a------ c:\windows\system32\msvcr70.dll
2008-12-01 17:21 . 2003-08-07 13:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2008-12-01 17:21 . 2006-11-18 11:38 200,704 --a------ c:\windows\system32\vbalExpBar6.ocx
2008-12-01 17:21 . 1998-07-13 17:53 44,544 --a------ c:\windows\system32\GIF89.DLL
2008-11-30 11:00 . 2008-11-30 11:01 <REP> d-------- c:\documents and settings\Admin\Application Data\AVS Video Converter
2008-11-30 10:47 . 2008-11-30 10:47 <REP> d-------- c:\program files\AVSMedia
2008-11-30 10:47 . 2003-05-22 12:26 638,976 --a------ c:\windows\system32\divx.dll
2008-11-30 10:47 . 2004-07-03 20:59 524,288 --a------ c:\windows\system32\xvidcore.dll
2008-11-30 10:47 . 2003-05-21 23:50 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2008-11-30 10:47 . 2003-05-22 12:26 221,215 --a------ c:\windows\system32\divxdec.ax
2008-11-30 10:47 . 2003-05-21 23:50 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-30 10:47 . 2004-07-03 21:08 139,264 --a------ c:\windows\system32\xvidvfw.dll
2008-11-30 10:47 . 2003-05-21 23:50 82,944 --a------ c:\windows\system32\vct3216.acm
2008-11-30 10:47 . 2004-02-04 21:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2008-11-30 10:47 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-30 10:47 . 2003-05-21 23:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2008-11-30 10:47 . 2000-03-14 20:55 13,239 --a------ c:\windows\system32\Scg726.acm
2008-11-29 20:38 . 2008-11-29 20:38 <REP> d-------- c:\windows\system32\LogFiles
2008-11-29 20:30 . 2006-10-04 15:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2008-11-29 20:28 . 2008-11-29 20:28 <REP> d-------- c:\program files\Windows Media Connect 2
2008-11-29 20:24 . 2008-11-29 20:41 <REP> d-------- c:\windows\system32\drivers\umdf
2008-11-29 20:11 . 2004-08-19 15:09 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-29 19:46 . 2008-11-29 19:46 <REP> d-------- c:\program files\LG Electronics
2008-11-29 19:46 . 2008-09-04 06:27 24,832 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-11-29 19:46 . 2008-09-04 06:28 19,968 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-11-29 19:46 . 2008-09-04 06:27 13,056 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-11-29 19:45 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\system32\NMSDVDXU.dll
2008-11-29 19:45 . 2005-03-18 16:55 630,784 --a------ c:\windows\system32\vsflex8u.ocx
2008-11-29 19:45 . 2005-09-26 22:55 419,240 --a------ c:\windows\system32\Vsflex7L.ocx
2008-11-29 19:45 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2008-11-29 19:44 . 2008-12-14 19:22 <REP> d-------- c:\program files\LG PC Suite II
2008-11-29 19:44 . 2008-11-29 19:44 <REP> d-------- c:\documents and settings\Admin\Application Data\LG Electronics
2008-11-29 19:44 . 2008-11-29 19:44 <REP> d-------- c:\documents and settings\Admin\Application Data\InstallShield
2008-11-29 18:29 . 2008-11-29 18:29 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-29 18:29 . 2008-11-29 18:29 <REP> d-------- c:\documents and settings\Admin\Application Data\AVS4YOU
2008-11-29 18:28 . 2008-11-30 10:47 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2008-11-29 18:27 . 2008-11-30 10:46 <REP> d-------- c:\program files\AVS4YOU
2008-11-29 18:27 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2008-11-29 18:27 . 2007-02-27 18:36 24,576 --a------ c:\windows\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 12:43 --------- d-----w c:\program files\Spybot
2008-12-29 11:00 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 08:29 --------- d-----w c:\program files\Avast
2008-12-28 18:22 --------- d-----w c:\documents and settings\Admin\Application Data\Vso
2008-12-23 14:09 --------- d-----w c:\documents and settings\Admin\Application Data\dvdcss
2008-12-18 13:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 17:23 --------- d-----w c:\program files\World of Warcraft
2008-12-15 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-30 15:02 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-28 20:13 --------- d-----w c:\program files\CamStudio
2008-11-27 19:47 --------- d-----w c:\program files\Steam
2008-11-15 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-11-15 19:07 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-15 19:07 47,360 ----a-w c:\documents and settings\Admin\Application Data\pcouffin.sys
2008-11-15 19:07 --------- d-----w c:\program files\VSO
2008-11-10 19:41 --------- d-----w c:\program files\EPSON
2008-11-08 13:00 --------- d-----w c:\program files\Jeskola Buzz
2008-11-08 13:00 --------- d-----w c:\program files\Buzz
2008-11-07 16:49 --------- d-----w c:\program files\Audacity
2008-11-02 19:18 --------- d-----w c:\program files\Shareaza
2008-11-02 19:17 --------- d-----w c:\documents and settings\Admin\Application Data\Shareaza
2008-11-01 13:12 --------- d-----w c:\program files\Peer2Me
2008-11-01 10:56 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-11-01 10:34 --------- d--h--r c:\documents and settings\Admin\Application Data\SecuROM
2008-11-01 10:33 --------- d-----w c:\program files\GameSpy
2008-11-01 10:12 --------- d-----w c:\program files\Electronic Arts
2008-10-31 12:03 --------- d-----w c:\program files\Pinnacle
2008-10-31 12:01 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-29 19:21 --------- d-----w c:\program files\AP Tuner
2008-10-29 16:58 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-29 16:54 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-29 16:54 --------- d-----w c:\documents and settings\Admin\Application Data\DAEMON Tools
2008-10-29 12:26 --------- d-----w c:\program files\Fichiers communs\BOONTY Shared
2008-10-29 12:26 --------- d-----w c:\documents and settings\All Users\Application Data\BOONTY
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2008-11-26 81000]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"\\XPSP2-2CF74B55F\EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"00saskda"="c:\program files\Access Manager\newlock.exe" [2008-07-06 1453056]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 08:20 222080 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Peer2Me]
--a------ 2008-01-04 17:47 49152 c:\program files\Peer2Me\Peer2Me.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 17:07 1410296 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:10.0.0.0/255.0.0.0,127.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-06 20560]
R2 DeskSaverService;DeskSaverService;c:\program files\Access Manager\newlock.exe [2008-12-24 1453056]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-16 33752]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7712e3af-be4d-11dd-abec-00138fc87a20}]
\Shell\AutoRun\command - F:\USBAutoRun.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-zzsecagent - (no file)
MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mRouterConfig - c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\rwogg3u8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 13:43:51
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Avast\ashMaiSv.exe
c:\program files\Avast\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Avast\ashDisp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-29 13:45:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-29 12:45:37
Avant-CF: 34.885.857.280 octets libres
Après-CF: 34,768,261,120 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
276
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
29 déc. 2008 à 14:32
29 déc. 2008 à 14:32
lance ccleaner pour virer les traces d'infections puis dis nous si encore des soucis
https://www.malekal.com/tutoriel-ccleaner/
https://www.malekal.com/tutoriel-ccleaner/
