Virus win kavos, cheval de troie
SANDRA
-
dakinmed Messages postés 1 Statut Membre -
dakinmed Messages postés 1 Statut Membre -
Bonjour,
mon ordinateur a détécté un virus cheval de troie win kavos, je l'ai mi en quarantaine et je peux utiliser l'ordinateur normalement. mais à chaque demarage le virus revient.
Comment le supprimer completement???
Merci de vos réponse
mon ordinateur a détécté un virus cheval de troie win kavos, je l'ai mi en quarantaine et je peux utiliser l'ordinateur normalement. mais à chaque demarage le virus revient.
Comment le supprimer completement???
Merci de vos réponse
A voir également:
- Virus win kavos, cheval de troie
- Win rar - Télécharger - Compression & Décompression
- Virus mcafee - Accueil - Piratage
- Win dir stat - Télécharger - Gestion de fichiers
- Win zip - Télécharger - Compression & Décompression
- Cle win 8.1 - Guide
9 réponses
Slt,
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
SANDRA
bonjour, merci pour vos reponse, j'ai telechargé RSIT, comme vous me lavez conseillé, j'ai un compte rendu "log bloc note qui s'affiche, mais je ne sais pas quoi en faire?????
comme déjà précisé:
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
voici le compte rendu
Logfile of random's system information tool 1.05 (written by random/random)
Run by Sandra at 2009-02-22 13:22:04
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 156 GB (65%) free of 238 GB
Total RAM: 2009 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:05, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Sandra\Bureau\RSIT.exe
C:\Program Files\trend micro\Sandra.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] F:\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.de/ips-opdata/objects/jordan-canvasx.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Sandra at 2009-02-22 13:22:04
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 156 GB (65%) free of 238 GB
Total RAM: 2009 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:05, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Sandra\Bureau\RSIT.exe
C:\Program Files\trend micro\Sandra.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] F:\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.de/ips-opdata/objects/jordan-canvasx.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\olhrwef.exe
E:\cv22.cmd
E:\EmDesk.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09ac39-c470-11dd-a503-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651a5ec1-fe5c-11dd-a586-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d52468c-fe76-11dd-a587-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d20ff533-c6f5-11dd-a50b-000df05717c9}]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
______________________________
installe malwarebyte, mets le a jour et colle nous le rapport avec un scan rapide
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\olhrwef.exe
E:\cv22.cmd
E:\EmDesk.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09ac39-c470-11dd-a503-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651a5ec1-fe5c-11dd-a586-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d52468c-fe76-11dd-a587-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d20ff533-c6f5-11dd-a50b-000df05717c9}]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
______________________________
installe malwarebyte, mets le a jour et colle nous le rapport avec un scan rapide
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
alors fais ceci
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
:files
C:\WINDOWS\system32\olhrwef.exe
E:\cv22.cmd
E:\EmDesk.exe
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09ac39-c470-11dd-a503-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651a5ec1-fe5c-11dd-a586-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d52468c-fe76-11dd-a587-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d20ff533-c6f5-11dd-a50b-000df05717c9}]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________
installe malwarebyte, mets le a jour et colle nous le rapport avec un scan rapide
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_____________
remets un rapport RSIt
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
:files
C:\WINDOWS\system32\olhrwef.exe
E:\cv22.cmd
E:\EmDesk.exe
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09ac39-c470-11dd-a503-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651a5ec1-fe5c-11dd-a586-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d52468c-fe76-11dd-a587-000df05717c9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d20ff533-c6f5-11dd-a50b-000df05717c9}]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________
installe malwarebyte, mets le a jour et colle nous le rapport avec un scan rapide
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_____________
remets un rapport RSIt
Il faut que tu désactive avast le temps de faire combofix ! pour cela clique sur la boule droite pres de l'horloge avec le bouton droit je pense et désactive avast
puis refais la procedure
si cela marche pas fais avec otmovit
puis refais la procedure
si cela marche pas fais avec otmovit
voici le rapport:
ComboFix 09-02-21.01 - Sandra 2009-02-22 14:29:27.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2009.1538 [GMT 1:00]
Lancé depuis: c:\documents and settings\Sandra\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090221-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.
2009-02-22 13:19 . 2009-02-22 13:19 <REP> d-------- C:\rsit
2009-02-22 13:19 . 2009-02-22 13:34 <REP> d-------- c:\program files\trend micro
2009-02-04 18:33 . 2009-02-04 18:33 8,192 --ahs---- c:\windows\Thumbs.db
2009-02-01 21:23 . 2007-08-21 15:21 794,624 --a------ c:\windows\system32\spr32d35.dll
2009-02-01 13:31 . 2009-02-01 13:32 <REP> d-------- c:\documents and settings\Sandra\Application Data\dvdcss
2009-01-25 18:51 . 2009-01-28 11:39 <REP> d-------- c:\program files\IKEA HomePlanner
2009-01-25 18:50 . 2009-01-25 18:50 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 10:54 --------- d-----w c:\program files\EasyGuide PC Portal
2009-02-06 22:13 --------- d-----w c:\program files\eMule
2009-02-04 17:33 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-04 17:33 --------- d-----w c:\program files\DivX
2009-02-01 12:25 --------- d-----w c:\program files\PhotoFiltre
2009-01-18 13:27 --------- d-----w c:\documents and settings\Sandra\Application Data\Destinator
2009-01-18 13:20 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-12 17:02 3,088,896 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\dllcache\srv.sys
2008-11-24 21:39 410,976 ----a-w c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-08 98304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-11-27 26112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-14 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= dvacm.acm
"VIDC.DVSD"= miroDV2avi.DLL
"VIDC.PIM1"= pclepim1.dll
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Sandra^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Sandra\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-04-29 11:36 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-03-25 14:33 570664 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-11-27 17:00 26112 c:\program files\Real\RealPlayer\realplay.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-16 111184]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-11-24 9867]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-16 20560]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-24 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-11-24 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09ac39-c470-11dd-a503-000df05717c9}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651a5ec1-fe5c-11dd-a586-000df05717c9}]
\Shell\AutoRun\command - E:\EmDesk.exe
\Shell\EmDesk\command - E:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d52468c-fe76-11dd-a587-000df05717c9}]
\Shell\AutoRun\command - E:\cv22.cmd
\Shell\open\Command - E:\cv22.cmd
.
Contenu du dossier 'Tâches planifiées'
2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan-canvasx.cab
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\otzvd10i.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 14:30:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-22 14:30:50
ComboFix-quarantined-files.txt 2009-02-22 13:30:48
ComboFix2.txt 2009-02-22 13:26:56
Avant-CF: 163 486 375 936 octets libres
Après-CF: 163,477,000,192 octets libres
131 --- E O F --- 2009-02-11 17:58:38
ComboFix 09-02-21.01 - Sandra 2009-02-22 14:29:27.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2009.1538 [GMT 1:00]
Lancé depuis: c:\documents and settings\Sandra\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090221-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.
2009-02-22 13:19 . 2009-02-22 13:19 <REP> d-------- C:\rsit
2009-02-22 13:19 . 2009-02-22 13:34 <REP> d-------- c:\program files\trend micro
2009-02-04 18:33 . 2009-02-04 18:33 8,192 --ahs---- c:\windows\Thumbs.db
2009-02-01 21:23 . 2007-08-21 15:21 794,624 --a------ c:\windows\system32\spr32d35.dll
2009-02-01 13:31 . 2009-02-01 13:32 <REP> d-------- c:\documents and settings\Sandra\Application Data\dvdcss
2009-01-25 18:51 . 2009-01-28 11:39 <REP> d-------- c:\program files\IKEA HomePlanner
2009-01-25 18:50 . 2009-01-25 18:50 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 10:54 --------- d-----w c:\program files\EasyGuide PC Portal
2009-02-06 22:13 --------- d-----w c:\program files\eMule
2009-02-04 17:33 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-04 17:33 --------- d-----w c:\program files\DivX
2009-02-01 12:25 --------- d-----w c:\program files\PhotoFiltre
2009-01-18 13:27 --------- d-----w c:\documents and settings\Sandra\Application Data\Destinator
2009-01-18 13:20 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-12 17:02 3,088,896 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\dllcache\srv.sys
2008-11-24 21:39 410,976 ----a-w c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-08 98304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-11-27 26112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-14 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= dvacm.acm
"VIDC.DVSD"= miroDV2avi.DLL
"VIDC.PIM1"= pclepim1.dll
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Sandra^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Sandra\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-04-29 11:36 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-03-25 14:33 570664 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-11-27 17:00 26112 c:\program files\Real\RealPlayer\realplay.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-16 111184]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-11-24 9867]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-16 20560]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-24 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-11-24 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e09ac39-c470-11dd-a503-000df05717c9}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651a5ec1-fe5c-11dd-a586-000df05717c9}]
\Shell\AutoRun\command - E:\EmDesk.exe
\Shell\EmDesk\command - E:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d52468c-fe76-11dd-a587-000df05717c9}]
\Shell\AutoRun\command - E:\cv22.cmd
\Shell\open\Command - E:\cv22.cmd
.
Contenu du dossier 'Tâches planifiées'
2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan-canvasx.cab
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\otzvd10i.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 14:30:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-22 14:30:50
ComboFix-quarantined-files.txt 2009-02-22 13:30:48
ComboFix2.txt 2009-02-22 13:26:56
Avant-CF: 163 486 375 936 octets libres
Après-CF: 163,477,000,192 octets libres
131 --- E O F --- 2009-02-11 17:58:38
voici le compte rendu de:::
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1792
Windows 5.1.2600 Service Pack 3
22/02/2009 14:36:31
mbam-log-2009-02-22 (14-36-31).txt
Type de recherche: Examen rapide
Eléments examinés: 65766
Temps écoulé: 1 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1792
Windows 5.1.2600 Service Pack 3
22/02/2009 14:36:31
mbam-log-2009-02-22 (14-36-31).txt
Type de recherche: Examen rapide
Eléments examinés: 65766
Temps écoulé: 1 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
bjr . je suis nvellement inscris parce que j'ai remarqué que ceux qui vous soumettent leur probleme trouve l presque tjrs satisfaction. excusez moi de vous envoyer ceci sans vous avoir consulté d'avance. j'ai suivi la meme procédure indiqué à sandra mais la notification de contrefacon n'a tjrs pas disparu( mon system xp est original par ailleurs). j'ai besoin de ton aide.je peux recommencer tout le processus si vous le trouvez inadapté a mon probleme. voici le rapport que j'ai obtenu apres avoir redemarré mon pc. merci d'avance
ComboFix 09-03-14.01 - Administrateur 2009-03-15 18:15:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.503.203 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\olhrwef.exe
E:\cv22.cmd
E:\EmDesk.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\(Read Me)Pendekar Blank.txt
C:\pook.com
C:\uxkl0apt.bat
c:\windows\system32\dllchache
c:\windows\system32\dllchache\msvbvm60.dll
c:\windows\system32\dllchache\Zero.txt
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-15 au 2009-03-15 ))))))))))))))))))))))))))))))))))))
.
2009-03-15 13:16 . 2009-03-15 13:17 <REP> d-------- C:\rsit
2009-03-15 13:16 . 2009-03-15 17:22 <REP> d-------- c:\program files\trend micro
2009-03-15 13:15 . 2009-03-15 13:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Simply Super Software
2009-03-15 13:15 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 10:47 . 2009-03-15 11:22 52,355,448 --a------ c:\program files\AntiMalwareSetup.exe
2009-03-14 22:25 . 2009-03-15 08:40 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Lavasoft
2009-03-14 22:08 . 2009-03-14 22:23 2,855,080 --a------ c:\program files\aawsepersonal.exe
2009-03-14 22:03 . 2009-03-14 22:06 <REP> d-------- C:\bd0b24a1c3ea46eeaeccbd50cc20
2009-03-14 21:41 . 2009-03-14 21:57 11,295,216 --a------ c:\program files\desktop-sidebar_desktop_sidebar_1.05_build_116_francais_12595.exe
2009-03-04 08:51 . 2009-03-04 08:51 <REP> d-------- c:\program files\Alwil Software
2009-02-27 17:27 . 2009-02-27 17:27 <REP> d--hs---- C:\found.000
2009-02-26 17:53 . 2002-03-10 18:32 528,039,936 --a------ c:\windows\MEMORY.DMP
2009-02-21 02:52 . 2009-02-21 02:52 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-02-21 02:00 . 2009-02-21 02:00 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-02-20 19:51 . 2009-02-20 19:51 106,970 -r-hs---- C:\w2.com
2009-02-17 22:24 . 2009-02-17 22:24 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneUp Software
2009-02-17 22:24 . 2009-02-17 22:24 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-17 22:24 . 2009-02-17 22:24 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-17 22:24 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-17 22:23 . 2009-02-17 22:23 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-17 22:22 . 2009-02-17 22:23 <REP> d-------- c:\program files\TuneUp Utilities 2009
2009-02-17 22:21 . 2009-02-17 22:21 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-16 23:28 . 2009-02-16 23:27 106,803 -r-hs---- C:\qphdin.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 16:31 110 ----a-w C:\autorun.inf.vir
2009-03-14 22:38 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2009-03-14 20:31 --------- d-----w c:\program files\Wallpaper
2009-03-14 02:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-09 11:39 --------- d-----w c:\program files\EoRezo
2009-02-28 16:09 --------- d-----w c:\program files\Luxor 3
2009-02-27 22:35 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 01:52 --------- d-----w c:\program files\Microsoft
2009-02-21 01:51 --------- d-----w c:\program files\Windows Live
2009-02-14 19:17 107,898 --sh--r C:\ur0.com
2009-02-11 20:33 108,067 --sh--r C:\opgde.exe
2009-02-11 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:07 --------- d-----w c:\program files\Mc Afee fichiers
2009-01-31 15:05 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-31 14:35 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-31 13:01 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-01-30 18:56 109,127 --sh--r C:\hl80c6b1.com
2009-01-27 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-27 19:59 --------- d-----w c:\program files\Yahoo!
2009-01-27 19:56 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2009-01-25 16:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2009-01-25 13:48 --------- d-----w c:\program files\Fichiers communs\snpstd
2009-01-24 23:07 --------- d-----w c:\program files\Fichiers communs\xing shared
2009-01-24 23:07 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-23 18:12 --------- d-----w c:\documents and settings\Administrateur\Application Data\Yahoo! Messenger
2009-01-23 16:49 --------- d-----w c:\program files\Google
2009-01-17 11:16 --------- d-----w c:\program files\MSECache
2009-01-17 11:12 --------- d-----w c:\program files\Real
2009-01-17 11:12 --------- d-----w c:\program files\Quintessential Player
2009-01-13 18:49 29,017,528 ----a-w c:\program files\FileFormatConverters.exe
2005-06-23 20:04 19,560 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2004-07-01 18:06 19,560 ----a-w c:\documents and settings\FORM3\Application Data\GDIPFONTCACHEV1.DAT
2004-06-12 22:45 245 ----a-w c:\program files\mafosav.INI
2004-06-12 20:23 1,208,826 ----a-w c:\program files\Info MF.exe
2004-06-06 23:37 13,762,037 ----a-w c:\program files\Mario Forever.exe
2004-05-20 13:02 40,792 ----a-w c:\program files\ktkm4.dll
2004-05-16 22:00 2,645,872 ----a-w c:\program files\ktkm39.dll
2004-01-01 22:12 13,506 ----a-w c:\program files\icoinst.bmp
2004-01-01 21:57 132,342 ----a-w c:\program files\leftinst.bmp
2003-10-26 18:58 524,537 ----a-w c:\program files\ktkm18.dll
2003-10-03 00:04 307,617 ----a-w c:\program files\ktkm15.dll
2002-09-15 13:59 47,104 ----a-w c:\program files\rubberovine.dll
2002-03-10 18:48 9,216 --sha-w c:\program files\Thumbs.db
2002-03-10 16:37 117 ----a-w c:\program files\forevermopt.INI
2002-03-10 16:34 75,699 ----a-w c:\program files\UnMario.exe
2002-03-03 13:34 538,410 ----a-w c:\program files\ktkm20.dll
2002-02-25 18:45 66,908 ----a-w c:\program files\ktkm17.dll
2002-02-25 18:44 209,936 ----a-w c:\program files\ktkm14.dll
2002-02-25 18:43 99,867 ----a-w c:\program files\ktkm13.dll
2002-02-25 18:42 62,631 ----a-w c:\program files\ktkm11.dll
2002-02-25 18:42 116,841 ----a-w c:\program files\ktkm26.dll
2002-02-25 18:38 81,427 ----a-w c:\program files\ktkm31.dll
2002-02-25 18:37 326,441 ----a-w c:\program files\ktkm32.dll
2002-02-25 18:35 92,400 ----a-w c:\program files\ktkm7.dll
2002-02-25 18:33 268,621 ----a-w c:\program files\ktkm33.dll
2002-02-25 18:31 197,408 ----a-w c:\program files\ktkm29.dll
2002-02-25 18:02 70,888 ----a-w c:\program files\ktkm19.dll
2002-02-25 17:57 58,192 ----a-w c:\program files\ktkm6.dll
2002-02-25 17:55 96,166 ----a-w c:\program files\ktkm1.dll
2002-02-25 17:49 55,186 ----a-w c:\program files\ktkm5.dll
2002-02-25 17:44 22,657 ----a-w c:\program files\ktkm3.dll
2002-02-25 17:37 20,926 ----a-w c:\program files\ktkm36.dll
2002-02-25 17:36 58,015 ----a-w c:\program files\ktkm10.dll
2002-02-25 17:32 20,974 ----a-w c:\program files\ktkm2.dll
2002-02-25 17:32 169,789 ----a-w c:\program files\ktkm38.dll
2002-02-25 17:31 128,042 ----a-w c:\program files\ktkm30.dll
2001-11-27 13:47 73,728 ----a-w c:\program files\CCTrans.dll
2001-11-27 13:46 285,696 ----a-w c:\program files\cncs232.dll
2000-11-05 16:56 81,920 ----a-w c:\program files\STrans.dll
2000-06-20 22:04 113,152 ----a-w c:\program files\SFTrans.dll
2000-02-28 16:26 92,660 ----a-w c:\program files\bass.dll
1999-03-25 09:55 56,992 ----a-w c:\program files\ktkm24.dll
1998-08-11 14:08 64,070 ----a-w c:\program files\ktkm21.dll
1998-07-01 10:29 30,166 ----a-w c:\program files\ktkm9.dll
1998-06-29 03:16 10,240 ----a-w c:\program files\ktkm34.dll
1998-04-22 23:27 23,364 ----a-w c:\program files\ktkm8.dll
1997-10-09 18:27 98,442 ----a-w c:\program files\ktkm35.dll
1997-05-09 13:14 370,880 ----a-w c:\program files\ktkm22.dll
1997-03-18 08:13 803,601 ----a-w c:\program files\ktkm16.dll
1997-01-18 13:45 524,164 ----a-w c:\program files\ktkm12.dll
1996-04-02 13:02 65,092 ----a-w c:\program files\ktkm27.dll
1996-04-02 13:02 49,094 ----a-w c:\program files\ktkm25.dll
1996-04-02 13:01 126,720 ----a-w c:\program files\ktkm23.dll
1994-10-06 10:14 82,542 ----a-w c:\program files\ktkm37.dll
1994-04-01 21:26 100,786 ----a-w c:\program files\ktkm28.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftwareHelper"="c:\documents and settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-05-14 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-05-14 114688]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-04-20 69632]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-25 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
--a------ 2001-12-14 15:01 32768 c:\program files\COMPAQ\Easy Access Button Support\STARTEAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
--a------ 2009-02-23 14:19 472872 c:\program files\EoRezo\EoEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-05-14 14:20 114688 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2006-06-09 10:23 36864 c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-05-14 14:29 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 18:51 3885408 c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2004-06-10 13:48 286720 c:\windows\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper]
--a------ 2008-12-09 10:13 368224 c:\documents and settings\Administrateur\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-25 00:06 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
--a------ 2006-06-15 07:43 49152 c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
--a------ 2002-02-20 12:40 143360 c:\program files\COMPAQ\Coloreal\COLOREAL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2009-01-08 19:38 4363504 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2000-11-22 04:40 462848 c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMSSvc"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LogWatch"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"cisvc"=3 (0x3)
"CA_LIC_SRVR"=3 (0x3)
"CA_LIC_CLNT"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-17 603904]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S4 CA_LIC_CLNT;Client de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-19 77824]
S4 CA_LIC_SRVR;Serveur de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-19 77824]
S4 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-19 53248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\2.bat
\Shell\open\Command - C:\2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9a8038-ab15-11dd-b09e-000bcd3c4aca}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9a8039-ab15-11dd-b09e-000bcd3c4aca}]
\Shell\AutoRun\command - G:\nq0cq.cmd
\Shell\explore\Command - G:\nq0cq.cmd
\Shell\open\Command - G:\nq0cq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22815000-a00a-11dd-b08d-000bcd3c4aca}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23507a65-c51a-11dd-b0dd-000bcd3c4aca}]
\Shell\AutoRun\command - F:\ij.bat
\Shell\explore\Command - F:\ij.bat
\Shell\open\Command - F:\ij.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c5525a-a22e-11dc-afaa-000bcd3c4aca}]
\Shell\Autoexec\command - wscript "The_Cars.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "The_Cars.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37d269e2-3605-11d6-b17b-000bcd3c4aca}]
\Shell\AutoRun\command - F:\uxkl0apt.bat
\Shell\open\Command - F:\uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37d269e3-3605-11d6-b17b-000bcd3c4aca}]
\Shell\AutoRun\command - G:\uxkl0apt.bat
\Shell\open\Command - G:\uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6639a116-386e-11dd-b037-000bcd3c4aca}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6708e3c7-0240-11dd-affc-000bcd3c4aca}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\Auto\command - F:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b797c52-ab0d-11dd-b09c-000bcd3c4aca}]
\Shell\AutoRun\command - G:\xih9.cmd
\Shell\explore\Command - G:\xih9.cmd
\Shell\open\Command - G:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7555f5a8-e96e-11dd-b10a-000bcd3c4aca}]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76dbca42-fd23-11dd-b13f-000bcd3c4aca}]
\Shell\AutOplAy\cOmmaNd - hbdqgt.pif
\Shell\AutoRun\command - hbdqgt.pif
\Shell\eXploRE\CommaND - hbdqgt.pif
\Shell\OPen\coMMand - hbdqgt.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{809f6792-c087-11dd-b0ca-000bcd3c4aca}]
\Shell\AutoRun\command - F:\abk.bat
\Shell\explore\Command - F:\
\Shell\open\Command - F:\abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec72186-0ca2-11de-b16b-000bcd3c4aca}]
\Shell\Auto\command - F:\explorer.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad3c0edc-c83d-11dd-b0e1-00e0a66641e1}]
\Shell\AutoRun\command - F:\w2.com
\Shell\open\Command - F:\w2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e48876-d058-11da-ae1d-000bcd3c4aca}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6bab4cc-0b19-11de-b163-000bcd3c4aca}]
\sHELl\autOpLay\coMmaNd - F:\wltjw.exe
\sHELl\AutoRun\command - F:\wltjw.exe
\sHELl\eXPlOre\COmmanD - F:\wltjw.exe
\sHELl\open\commAnd - F:\wltjw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cab02862-9f3f-11dd-b08c-000bcd3c4aca}]
\Shell\AutoRun\command - F:\o1.com
\Shell\explore\Command - F:\o1.com
\Shell\open\Command - F:\o1.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd84ffeb-c0a7-11dd-b0cb-000bcd3c4aca}]
\Shell\AutoRun\command - F:\abk.bat
\Shell\explore\Command - F:\abk.bat
\Shell\open\Command - F:\abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe00a041-9b91-11dd-b088-000bcd3c4aca}]
\Shell\AutoRun\command - F:\ph.com
\Shell\explore\Command - F:\ph.com
\Shell\open\Command - F:\ph.com
.
Contenu du dossier 'Tâches planifiées'
2009-03-09 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Blank AntiViri - C:\AUT0EXEC.BAT
MSConfigStartUp-Client Server Runtime Process - c:\windows\System32\csrs.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Secure32 - c:\windows\system32\dllcache\Shell32.com
MSConfigStartUp-Secure64 - c:\windows\system32\dllcache\Regedit32.com
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-System12 - c:\windows\system32\ne0kS.exe
MSConfigStartUp-Tok-Cirrhatus - c:\documents and settings\Administrateur\Local Settings\Application Data\smss.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-PROMon - PROMon.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = ftp=81.91.228.113:8080;gopher=81.91.228.126:8080;http=81.91.228.113:8080;https=81.91.228.113:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2987CE22-CF18-4742-9632-3C583ECE5331} = 81.91.225.18,81.91.225.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\74vrc5v6.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 18:23:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\WgaTray.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Heure de fin: 2009-03-15 18:28:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-15 17:28:23
Avant-CF: 17 450 184 704 octets libres
Après-CF: 17,549,426,688 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
456 --- E O F --- 2009-02-27 21:25:41
ComboFix 09-03-14.01 - Administrateur 2009-03-15 18:15:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.503.203 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\olhrwef.exe
E:\cv22.cmd
E:\EmDesk.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\(Read Me)Pendekar Blank.txt
C:\pook.com
C:\uxkl0apt.bat
c:\windows\system32\dllchache
c:\windows\system32\dllchache\msvbvm60.dll
c:\windows\system32\dllchache\Zero.txt
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-15 au 2009-03-15 ))))))))))))))))))))))))))))))))))))
.
2009-03-15 13:16 . 2009-03-15 13:17 <REP> d-------- C:\rsit
2009-03-15 13:16 . 2009-03-15 17:22 <REP> d-------- c:\program files\trend micro
2009-03-15 13:15 . 2009-03-15 13:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Simply Super Software
2009-03-15 13:15 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 10:47 . 2009-03-15 11:22 52,355,448 --a------ c:\program files\AntiMalwareSetup.exe
2009-03-14 22:25 . 2009-03-15 08:40 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Lavasoft
2009-03-14 22:08 . 2009-03-14 22:23 2,855,080 --a------ c:\program files\aawsepersonal.exe
2009-03-14 22:03 . 2009-03-14 22:06 <REP> d-------- C:\bd0b24a1c3ea46eeaeccbd50cc20
2009-03-14 21:41 . 2009-03-14 21:57 11,295,216 --a------ c:\program files\desktop-sidebar_desktop_sidebar_1.05_build_116_francais_12595.exe
2009-03-04 08:51 . 2009-03-04 08:51 <REP> d-------- c:\program files\Alwil Software
2009-02-27 17:27 . 2009-02-27 17:27 <REP> d--hs---- C:\found.000
2009-02-26 17:53 . 2002-03-10 18:32 528,039,936 --a------ c:\windows\MEMORY.DMP
2009-02-21 02:52 . 2009-02-21 02:52 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-02-21 02:00 . 2009-02-21 02:00 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-02-20 19:51 . 2009-02-20 19:51 106,970 -r-hs---- C:\w2.com
2009-02-17 22:24 . 2009-02-17 22:24 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneUp Software
2009-02-17 22:24 . 2009-02-17 22:24 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-17 22:24 . 2009-02-17 22:24 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-17 22:24 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-17 22:23 . 2009-02-17 22:23 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-17 22:22 . 2009-02-17 22:23 <REP> d-------- c:\program files\TuneUp Utilities 2009
2009-02-17 22:21 . 2009-02-17 22:21 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-16 23:28 . 2009-02-16 23:27 106,803 -r-hs---- C:\qphdin.com
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 16:31 110 ----a-w C:\autorun.inf.vir
2009-03-14 22:38 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2009-03-14 20:31 --------- d-----w c:\program files\Wallpaper
2009-03-14 02:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-09 11:39 --------- d-----w c:\program files\EoRezo
2009-02-28 16:09 --------- d-----w c:\program files\Luxor 3
2009-02-27 22:35 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 01:52 --------- d-----w c:\program files\Microsoft
2009-02-21 01:51 --------- d-----w c:\program files\Windows Live
2009-02-14 19:17 107,898 --sh--r C:\ur0.com
2009-02-11 20:33 108,067 --sh--r C:\opgde.exe
2009-02-11 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:07 --------- d-----w c:\program files\Mc Afee fichiers
2009-01-31 15:05 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-01-31 14:35 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-31 13:01 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-01-30 18:56 109,127 --sh--r C:\hl80c6b1.com
2009-01-27 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-27 19:59 --------- d-----w c:\program files\Yahoo!
2009-01-27 19:56 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2009-01-25 16:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2009-01-25 13:48 --------- d-----w c:\program files\Fichiers communs\snpstd
2009-01-24 23:07 --------- d-----w c:\program files\Fichiers communs\xing shared
2009-01-24 23:07 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-23 18:12 --------- d-----w c:\documents and settings\Administrateur\Application Data\Yahoo! Messenger
2009-01-23 16:49 --------- d-----w c:\program files\Google
2009-01-17 11:16 --------- d-----w c:\program files\MSECache
2009-01-17 11:12 --------- d-----w c:\program files\Real
2009-01-17 11:12 --------- d-----w c:\program files\Quintessential Player
2009-01-13 18:49 29,017,528 ----a-w c:\program files\FileFormatConverters.exe
2005-06-23 20:04 19,560 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2004-07-01 18:06 19,560 ----a-w c:\documents and settings\FORM3\Application Data\GDIPFONTCACHEV1.DAT
2004-06-12 22:45 245 ----a-w c:\program files\mafosav.INI
2004-06-12 20:23 1,208,826 ----a-w c:\program files\Info MF.exe
2004-06-06 23:37 13,762,037 ----a-w c:\program files\Mario Forever.exe
2004-05-20 13:02 40,792 ----a-w c:\program files\ktkm4.dll
2004-05-16 22:00 2,645,872 ----a-w c:\program files\ktkm39.dll
2004-01-01 22:12 13,506 ----a-w c:\program files\icoinst.bmp
2004-01-01 21:57 132,342 ----a-w c:\program files\leftinst.bmp
2003-10-26 18:58 524,537 ----a-w c:\program files\ktkm18.dll
2003-10-03 00:04 307,617 ----a-w c:\program files\ktkm15.dll
2002-09-15 13:59 47,104 ----a-w c:\program files\rubberovine.dll
2002-03-10 18:48 9,216 --sha-w c:\program files\Thumbs.db
2002-03-10 16:37 117 ----a-w c:\program files\forevermopt.INI
2002-03-10 16:34 75,699 ----a-w c:\program files\UnMario.exe
2002-03-03 13:34 538,410 ----a-w c:\program files\ktkm20.dll
2002-02-25 18:45 66,908 ----a-w c:\program files\ktkm17.dll
2002-02-25 18:44 209,936 ----a-w c:\program files\ktkm14.dll
2002-02-25 18:43 99,867 ----a-w c:\program files\ktkm13.dll
2002-02-25 18:42 62,631 ----a-w c:\program files\ktkm11.dll
2002-02-25 18:42 116,841 ----a-w c:\program files\ktkm26.dll
2002-02-25 18:38 81,427 ----a-w c:\program files\ktkm31.dll
2002-02-25 18:37 326,441 ----a-w c:\program files\ktkm32.dll
2002-02-25 18:35 92,400 ----a-w c:\program files\ktkm7.dll
2002-02-25 18:33 268,621 ----a-w c:\program files\ktkm33.dll
2002-02-25 18:31 197,408 ----a-w c:\program files\ktkm29.dll
2002-02-25 18:02 70,888 ----a-w c:\program files\ktkm19.dll
2002-02-25 17:57 58,192 ----a-w c:\program files\ktkm6.dll
2002-02-25 17:55 96,166 ----a-w c:\program files\ktkm1.dll
2002-02-25 17:49 55,186 ----a-w c:\program files\ktkm5.dll
2002-02-25 17:44 22,657 ----a-w c:\program files\ktkm3.dll
2002-02-25 17:37 20,926 ----a-w c:\program files\ktkm36.dll
2002-02-25 17:36 58,015 ----a-w c:\program files\ktkm10.dll
2002-02-25 17:32 20,974 ----a-w c:\program files\ktkm2.dll
2002-02-25 17:32 169,789 ----a-w c:\program files\ktkm38.dll
2002-02-25 17:31 128,042 ----a-w c:\program files\ktkm30.dll
2001-11-27 13:47 73,728 ----a-w c:\program files\CCTrans.dll
2001-11-27 13:46 285,696 ----a-w c:\program files\cncs232.dll
2000-11-05 16:56 81,920 ----a-w c:\program files\STrans.dll
2000-06-20 22:04 113,152 ----a-w c:\program files\SFTrans.dll
2000-02-28 16:26 92,660 ----a-w c:\program files\bass.dll
1999-03-25 09:55 56,992 ----a-w c:\program files\ktkm24.dll
1998-08-11 14:08 64,070 ----a-w c:\program files\ktkm21.dll
1998-07-01 10:29 30,166 ----a-w c:\program files\ktkm9.dll
1998-06-29 03:16 10,240 ----a-w c:\program files\ktkm34.dll
1998-04-22 23:27 23,364 ----a-w c:\program files\ktkm8.dll
1997-10-09 18:27 98,442 ----a-w c:\program files\ktkm35.dll
1997-05-09 13:14 370,880 ----a-w c:\program files\ktkm22.dll
1997-03-18 08:13 803,601 ----a-w c:\program files\ktkm16.dll
1997-01-18 13:45 524,164 ----a-w c:\program files\ktkm12.dll
1996-04-02 13:02 65,092 ----a-w c:\program files\ktkm27.dll
1996-04-02 13:02 49,094 ----a-w c:\program files\ktkm25.dll
1996-04-02 13:01 126,720 ----a-w c:\program files\ktkm23.dll
1994-10-06 10:14 82,542 ----a-w c:\program files\ktkm37.dll
1994-04-01 21:26 100,786 ----a-w c:\program files\ktkm28.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftwareHelper"="c:\documents and settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-05-14 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-05-14 114688]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-04-20 69632]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-25 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
--a------ 2001-12-14 15:01 32768 c:\program files\COMPAQ\Easy Access Button Support\STARTEAK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
--a------ 2009-02-23 14:19 472872 c:\program files\EoRezo\EoEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-05-14 14:20 114688 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2006-06-09 10:23 36864 c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-05-14 14:29 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 18:51 3885408 c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2004-06-10 13:48 286720 c:\windows\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper]
--a------ 2008-12-09 10:13 368224 c:\documents and settings\Administrateur\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-25 00:06 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
--a------ 2006-06-15 07:43 49152 c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
--a------ 2002-02-20 12:40 143360 c:\program files\COMPAQ\Coloreal\COLOREAL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2009-01-08 19:38 4363504 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2000-11-22 04:40 462848 c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMSSvc"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LogWatch"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"cisvc"=3 (0x3)
"CA_LIC_SRVR"=3 (0x3)
"CA_LIC_CLNT"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-17 603904]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S4 CA_LIC_CLNT;Client de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-19 77824]
S4 CA_LIC_SRVR;Serveur de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-19 77824]
S4 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-19 53248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\2.bat
\Shell\open\Command - C:\2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9a8038-ab15-11dd-b09e-000bcd3c4aca}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9a8039-ab15-11dd-b09e-000bcd3c4aca}]
\Shell\AutoRun\command - G:\nq0cq.cmd
\Shell\explore\Command - G:\nq0cq.cmd
\Shell\open\Command - G:\nq0cq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22815000-a00a-11dd-b08d-000bcd3c4aca}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23507a65-c51a-11dd-b0dd-000bcd3c4aca}]
\Shell\AutoRun\command - F:\ij.bat
\Shell\explore\Command - F:\ij.bat
\Shell\open\Command - F:\ij.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c5525a-a22e-11dc-afaa-000bcd3c4aca}]
\Shell\Autoexec\command - wscript "The_Cars.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "The_Cars.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37d269e2-3605-11d6-b17b-000bcd3c4aca}]
\Shell\AutoRun\command - F:\uxkl0apt.bat
\Shell\open\Command - F:\uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37d269e3-3605-11d6-b17b-000bcd3c4aca}]
\Shell\AutoRun\command - G:\uxkl0apt.bat
\Shell\open\Command - G:\uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6639a116-386e-11dd-b037-000bcd3c4aca}]
\Shell\AutoRun\command - 2.bat
\Shell\explore\Command - 2.bat
\Shell\open\Command - 2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6708e3c7-0240-11dd-affc-000bcd3c4aca}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\Auto\command - F:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b797c52-ab0d-11dd-b09c-000bcd3c4aca}]
\Shell\AutoRun\command - G:\xih9.cmd
\Shell\explore\Command - G:\xih9.cmd
\Shell\open\Command - G:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7555f5a8-e96e-11dd-b10a-000bcd3c4aca}]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76dbca42-fd23-11dd-b13f-000bcd3c4aca}]
\Shell\AutOplAy\cOmmaNd - hbdqgt.pif
\Shell\AutoRun\command - hbdqgt.pif
\Shell\eXploRE\CommaND - hbdqgt.pif
\Shell\OPen\coMMand - hbdqgt.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{809f6792-c087-11dd-b0ca-000bcd3c4aca}]
\Shell\AutoRun\command - F:\abk.bat
\Shell\explore\Command - F:\
\Shell\open\Command - F:\abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec72186-0ca2-11de-b16b-000bcd3c4aca}]
\Shell\Auto\command - F:\explorer.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad3c0edc-c83d-11dd-b0e1-00e0a66641e1}]
\Shell\AutoRun\command - F:\w2.com
\Shell\open\Command - F:\w2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e48876-d058-11da-ae1d-000bcd3c4aca}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6bab4cc-0b19-11de-b163-000bcd3c4aca}]
\sHELl\autOpLay\coMmaNd - F:\wltjw.exe
\sHELl\AutoRun\command - F:\wltjw.exe
\sHELl\eXPlOre\COmmanD - F:\wltjw.exe
\sHELl\open\commAnd - F:\wltjw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cab02862-9f3f-11dd-b08c-000bcd3c4aca}]
\Shell\AutoRun\command - F:\o1.com
\Shell\explore\Command - F:\o1.com
\Shell\open\Command - F:\o1.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd84ffeb-c0a7-11dd-b0cb-000bcd3c4aca}]
\Shell\AutoRun\command - F:\abk.bat
\Shell\explore\Command - F:\abk.bat
\Shell\open\Command - F:\abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe00a041-9b91-11dd-b088-000bcd3c4aca}]
\Shell\AutoRun\command - F:\ph.com
\Shell\explore\Command - F:\ph.com
\Shell\open\Command - F:\ph.com
.
Contenu du dossier 'Tâches planifiées'
2009-03-09 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Blank AntiViri - C:\AUT0EXEC.BAT
MSConfigStartUp-Client Server Runtime Process - c:\windows\System32\csrs.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Secure32 - c:\windows\system32\dllcache\Shell32.com
MSConfigStartUp-Secure64 - c:\windows\system32\dllcache\Regedit32.com
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-System12 - c:\windows\system32\ne0kS.exe
MSConfigStartUp-Tok-Cirrhatus - c:\documents and settings\Administrateur\Local Settings\Application Data\smss.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-PROMon - PROMon.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = ftp=81.91.228.113:8080;gopher=81.91.228.126:8080;http=81.91.228.113:8080;https=81.91.228.113:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2987CE22-CF18-4742-9632-3C583ECE5331} = 81.91.225.18,81.91.225.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\74vrc5v6.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 18:23:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\WgaTray.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Heure de fin: 2009-03-15 18:28:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-15 17:28:23
Avant-CF: 17 450 184 704 octets libres
Après-CF: 17,549,426,688 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
456 --- E O F --- 2009-02-27 21:25:41
