Virus plus de bureau visible
doc
-
gangoung Messages postés 67 Statut Membre -
gangoung Messages postés 67 Statut Membre -
Bonjour,
j'ai chopé un virus qui rend mon bureau invisible et plus de bouton arreter l'ordi
merci de m'aider a men débarrasser!
je vous poste un rapport hijackthis et combo fix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:09, on 26/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\yoyo\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\cradle_of_filth.vbe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Startup: Xfire.lnk = D:\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9823 bytes
ComboFix 08-12-01.01 - utilisateur 2009-01-26 22:44:32.13 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.501 [GMT 1:00]
Lancé depuis: d:\yoyo\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.
- Mode FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.
2009-01-25 20:40 . 2009-01-25 20:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-25 20:40 . 2009-01-25 20:40 1,409 --a------ c:\windows\QTFont.for
2009-01-24 13:06 . 2009-01-24 13:06 18,486 -rahs---- c:\windows\system32\cradle_of_filth.vbe
2009-01-15 19:27 . 2009-01-15 19:27 <REP> d---s---- c:\documents and settings\LocalService\Mes documents
2009-01-12 19:27 . 2009-01-12 19:27 <REP> d--hs---- C:\FOUND.001
2009-01-11 19:49 . 2009-01-11 19:49 <REP> d--hs---- C:\FOUND.000
2009-01-09 17:15 . 2009-01-09 17:15 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-09 17:15 . 2009-01-09 17:15 <REP> d-------- c:\program files\Microsoft
2008-12-30 16:07 . 2008-12-30 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\KONAMI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 20:50 3,530 ----a-w c:\windows\system32\tmp.reg
2008-12-13 17:56 --------- d-----w c:\program files\Ubisoft
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-03 17:30 --------- d-----w c:\documents and settings\utilisateur\Application Data\Malwarebytes
2008-12-03 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 08:09 --------- d-----w c:\program files\isoHunt
2008-12-01 08:09 --------- d-----w c:\program files\Conduit
2008-11-07 15:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-09-22 17:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092220080923\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-11_23.54.28,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-13 22:35:22 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-14 21:57:06 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-13 22:35:22 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-14 21:57:06 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-13 22:35:22 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-14 21:57:06 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-13 22:35:22 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-14 21:57:06 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-13 22:35:22 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-14 21:57:06 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-13 22:35:22 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-14 21:57:06 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-13 22:35:22 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-14 21:57:06 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-13 22:35:22 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-14 21:57:06 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-13 22:35:22 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-14 21:57:06 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-13 22:35:22 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-14 21:57:06 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-13 22:35:22 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-14 21:57:06 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-08-20 23:03 1780248 --a------ c:\program files\isoHunt\tbisoH.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-08-20 1780248]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-05-30 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-21 7335936]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"OoPDFSettingsv6.exe"="c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 460800]
"nwiz"="nwiz.exe" [2005-11-21 c:\windows\system32\nwiz.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 c:\windows\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS ChkMail.lnk - c:\program files\Asus\Asus ChkMail\ChkMail.exe [2006-12-06 32768]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-11-26 559104]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-11-26 257536]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoClose"= 1 (0x1)
"NoDesktop"= 1 (0x1)
"NoShellSearchButton"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe,c:\\WINDOWS\\system32\\wscript.exe c:\\WINDOWS\\system32\\cradle_of_filth.vbe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ubisoft\\Faces of War\\facesofwar.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-22 78416]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-10-17 160792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-22 20560]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2006-11-24 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-11-24 8278]
S2 42C18C68A56A76A0;42C18C68A56A76A0;\??\c:\documents and settings\utilisateur\Bureau\42C18C68A56A76A0\42C18C68A56A76A0 []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-02-08 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-02-08 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-02-08 94000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b11833a-af1c-11dc-99bf-0013023393bf}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59810584-821d-11dc-9973-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63eb6648-b178-11db-9819-0013023393bf}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63eb6649-b178-11db-9819-0013023393bf}]
\Shell\Auto\command - G:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{707a4762-3b95-11dc-98f0-0013023393bf}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782d1634-43b6-11dd-9afa-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782d1635-43b6-11dd-9afa-0013023393bf}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1c94b7-1928-11dc-98aa-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc67a5aa-7fdd-11db-979c-0013023393bf}]
\Shell\AutoRun\command - pa39xth.cmd
\Shell\explore\Command - pa39xth.cmd
\Shell\open\Command - pa39xth.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce391dc4-d252-11db-985b-0013023393bf}]
\Shell\AutoRun\command - F:\ekugb3.bat
\Shell\explore\Command - F:\ekugb3.bat
\Shell\open\Command - F:\ekugb3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d81f8b82-ca2f-11db-9849-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae14c2e-77b1-11dd-9b8c-0013023393bf}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
.
Contenu du dossier 'Tâches planifiées'
2006-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\tehzuv2n.default\
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\42C18C68A56A76A0]
"ImagePath"="\??\c:\documents and settings\utilisateur\Bureau\42C18C68A56A76A0\42C18C68A56A76A0"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\42C18C68A56A76A0]
"ImagePath"="\??\c:\documents and settings\utilisateur\Bureau\42C18C68A56A76A0\42C18C68A56A76A0"
.
Heure de fin: 2009-01-26 22:45:55
ComboFix-quarantined-files.txt 2009-01-26 21:45:52
ComboFix5.txt 2009-01-26 21:44:04
ComboFix4.txt 2009-01-15 19:44:14
ComboFix3.txt 2009-01-24 16:46:50
ComboFix2.txt 2009-01-25 18:42:52
216 --- E O F --- 2009-01-14 21:57:07
j'ai chopé un virus qui rend mon bureau invisible et plus de bouton arreter l'ordi
merci de m'aider a men débarrasser!
je vous poste un rapport hijackthis et combo fix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:09, on 26/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\yoyo\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\cradle_of_filth.vbe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Startup: Xfire.lnk = D:\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9823 bytes
ComboFix 08-12-01.01 - utilisateur 2009-01-26 22:44:32.13 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.501 [GMT 1:00]
Lancé depuis: d:\yoyo\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.
- Mode FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.
2009-01-25 20:40 . 2009-01-25 20:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-25 20:40 . 2009-01-25 20:40 1,409 --a------ c:\windows\QTFont.for
2009-01-24 13:06 . 2009-01-24 13:06 18,486 -rahs---- c:\windows\system32\cradle_of_filth.vbe
2009-01-15 19:27 . 2009-01-15 19:27 <REP> d---s---- c:\documents and settings\LocalService\Mes documents
2009-01-12 19:27 . 2009-01-12 19:27 <REP> d--hs---- C:\FOUND.001
2009-01-11 19:49 . 2009-01-11 19:49 <REP> d--hs---- C:\FOUND.000
2009-01-09 17:15 . 2009-01-09 17:15 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-09 17:15 . 2009-01-09 17:15 <REP> d-------- c:\program files\Microsoft
2008-12-30 16:07 . 2008-12-30 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\KONAMI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 20:50 3,530 ----a-w c:\windows\system32\tmp.reg
2008-12-13 17:56 --------- d-----w c:\program files\Ubisoft
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-03 17:30 --------- d-----w c:\documents and settings\utilisateur\Application Data\Malwarebytes
2008-12-03 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 08:09 --------- d-----w c:\program files\isoHunt
2008-12-01 08:09 --------- d-----w c:\program files\Conduit
2008-11-07 15:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-09-22 17:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092220080923\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-11_23.54.28,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-13 22:35:22 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-14 21:57:06 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-13 22:35:22 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-14 21:57:06 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-13 22:35:22 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-14 21:57:06 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-13 22:35:22 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-14 21:57:06 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-13 22:35:22 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-14 21:57:06 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-13 22:35:22 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-14 21:57:06 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-13 22:35:22 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-14 21:57:06 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-13 22:35:22 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-14 21:57:06 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-13 22:35:22 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-14 21:57:06 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-13 22:35:22 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-14 21:57:06 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-13 22:35:22 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-14 21:57:06 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-08-20 23:03 1780248 --a------ c:\program files\isoHunt\tbisoH.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-08-20 1780248]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-08-20 1780248]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-05-30 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-21 7335936]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"OoPDFSettingsv6.exe"="c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 460800]
"nwiz"="nwiz.exe" [2005-11-21 c:\windows\system32\nwiz.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 c:\windows\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS ChkMail.lnk - c:\program files\Asus\Asus ChkMail\ChkMail.exe [2006-12-06 32768]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-11-26 559104]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-11-26 257536]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoClose"= 1 (0x1)
"NoDesktop"= 1 (0x1)
"NoShellSearchButton"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe,c:\\WINDOWS\\system32\\wscript.exe c:\\WINDOWS\\system32\\cradle_of_filth.vbe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ubisoft\\Faces of War\\facesofwar.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-22 78416]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-10-17 160792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-22 20560]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2006-11-24 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-11-24 8278]
S2 42C18C68A56A76A0;42C18C68A56A76A0;\??\c:\documents and settings\utilisateur\Bureau\42C18C68A56A76A0\42C18C68A56A76A0 []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-02-08 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-02-08 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-02-08 94000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b11833a-af1c-11dc-99bf-0013023393bf}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59810584-821d-11dc-9973-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63eb6648-b178-11db-9819-0013023393bf}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63eb6649-b178-11db-9819-0013023393bf}]
\Shell\Auto\command - G:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{707a4762-3b95-11dc-98f0-0013023393bf}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782d1634-43b6-11dd-9afa-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782d1635-43b6-11dd-9afa-0013023393bf}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1c94b7-1928-11dc-98aa-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc67a5aa-7fdd-11db-979c-0013023393bf}]
\Shell\AutoRun\command - pa39xth.cmd
\Shell\explore\Command - pa39xth.cmd
\Shell\open\Command - pa39xth.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce391dc4-d252-11db-985b-0013023393bf}]
\Shell\AutoRun\command - F:\ekugb3.bat
\Shell\explore\Command - F:\ekugb3.bat
\Shell\open\Command - F:\ekugb3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d81f8b82-ca2f-11db-9849-0013023393bf}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae14c2e-77b1-11dd-9b8c-0013023393bf}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
.
Contenu du dossier 'Tâches planifiées'
2006-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\tehzuv2n.default\
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\42C18C68A56A76A0]
"ImagePath"="\??\c:\documents and settings\utilisateur\Bureau\42C18C68A56A76A0\42C18C68A56A76A0"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\42C18C68A56A76A0]
"ImagePath"="\??\c:\documents and settings\utilisateur\Bureau\42C18C68A56A76A0\42C18C68A56A76A0"
.
Heure de fin: 2009-01-26 22:45:55
ComboFix-quarantined-files.txt 2009-01-26 21:45:52
ComboFix5.txt 2009-01-26 21:44:04
ComboFix4.txt 2009-01-15 19:44:14
ComboFix3.txt 2009-01-24 16:46:50
ComboFix2.txt 2009-01-25 18:42:52
216 --- E O F --- 2009-01-14 21:57:07
Configuration: Windows XP Internet Explorer 7.0
A voir également:
- Virus plus de bureau visible
- Clé usb non visible - Guide
- Virus mcafee - Accueil - Piratage
- Mac de bureau - Guide
- Ordinateur de bureau - Guide
- Excel ligne toujours visible - Guide
