Rapport HijackThis (Suppretion de Virtumonde)
Résolu
Kimboo
Messages postés
49
Statut
Membre
-
totobetourne Messages postés 5677 Statut Membre -
totobetourne Messages postés 5677 Statut Membre -
Bonjour, alors j'ai suivie les étapes sur se lien (http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde) pour supprimer Virtumonde mais je ne suis pas sur que c'est totalement supprimer.
Voicie mes rapports:
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:44, on 2009-02-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 7822 bytes
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1792
Windows 5.1.2600 Service Pack 3
2009-02-22 19:25:56
mbam-log-2009-02-22 (19-25-01).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 163469
Temps écoulé: 2 hour(s), 3 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP47\A0013259.exe (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP47\A0013276.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013291.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013310.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013331.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013353.dll (Adware.MyWebSearch) -> No action taken.
ComboFix
ComboFix 09-02-21.01 - HP_Propriétaire 2009-02-22 20:11:18.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.503.25 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
[i] ADS - WINDOWS: deleted 48 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-23 au 2009-02-23 ))))))))))))))))))))))))))))))))))))
.
2009-02-21 16:02 . 2009-02-21 16:02 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2009-02-21 16:02 . 2009-02-21 16:02 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2009-02-21 16:02 . 2009-02-21 16:02 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2009-02-21 16:02 . 2009-02-21 16:02 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-21 15:50 . 2009-02-21 15:50 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-21 15:34 . 2009-02-21 15:35 <REP> d-------- c:\program files\QuickTime
2009-02-20 19:21 . 2009-02-20 19:21 <REP> d-------- c:\program files\Bonjour
2009-02-19 18:59 . 2009-02-20 12:05 <REP> d-------- c:\windows\system32\Adobe
2009-02-13 00:19 . 2009-02-13 00:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-06 20:24 . 2009-02-06 20:27 34 --a------ c:\documents and settings\HP_Propriétaire\jagex_runescape_preferences.dat
2009-02-06 20:24 . 2009-02-06 20:27 34 --a------ c:\documents and settings\HP_Propriétaire\jagex_runescape_preferences.dat
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-01 11:48 . 2009-02-01 11:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2009-02-01 11:48 . 2009-02-01 11:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2009-02-01 11:48 . 2009-02-01 11:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 01:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DNA
2009-02-23 01:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DNA
2009-02-23 01:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DNA
2009-02-23 00:37 --------- d-----w c:\program files\DNA
2009-02-23 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-23 00:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-21 21:27 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-21 21:27 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-21 21:27 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-21 21:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-21 21:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 21:03 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Skype
2009-02-21 21:03 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Skype
2009-02-21 21:03 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Skype
2009-02-21 21:00 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\uTorrent
2009-02-21 21:00 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\uTorrent
2009-02-21 21:00 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\uTorrent
2009-02-21 20:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 20:49 --------- d-----w c:\program files\Fichiers communs\Real
2009-02-21 20:36 --------- d-----w c:\program files\LimeWire
2009-02-21 20:16 --------- d-----w c:\program files\Notepad++
2009-02-21 19:59 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-21 19:59 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-21 19:59 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-15 13:23 --------- d-----w c:\program files\eMule
2009-02-13 05:18 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-13 05:18 --------- d-----w c:\program files\Java
2009-02-12 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 18:44 --------- d-----w c:\program files\Profile
2009-02-01 16:50 1,482 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-02-01 16:50 1,482 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-02-01 16:50 1,482 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-01-26 04:03 141,612 ----a-w c:\windows\system32\drivers\dump_wmimmc.sys
2009-01-24 17:51 --------- d-----w c:\program files\Easy Internet signup
2009-01-23 05:01 --------- d-----w c:\program files\Elaborate Bytes
2009-01-20 23:53 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Xfire
2009-01-20 23:53 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Xfire
2009-01-20 23:53 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Xfire
2009-01-20 23:17 --------- d-s---w c:\program files\Xfire
2009-01-19 03:02 --------- d-----w c:\program files\Shareaza
2009-01-19 02:30 --------- d-----w c:\program files\Microsoft LifeCam
2009-01-19 02:18 --------- d-----w c:\program files\ma-config.com
2009-01-19 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-18 19:59 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-18 19:41 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-18 19:41 --------- d-----w c:\program files\Microsoft
2009-01-18 19:40 --------- d-----w c:\program files\Windows Live
2009-01-18 19:35 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-01-18 19:26 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-01-02 04:00 --------- d-----w c:\program files\MSBuild
2009-01-02 04:00 --------- d-----w c:\program files\Microsoft Works
2009-01-02 03:59 --------- d-----w c:\program files\Microsoft.NET
2009-01-02 03:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-02 02:17 --------- d-----w c:\program files\RegCleaner
2009-01-02 02:08 --------- d-----w c:\program files\Common Files
2009-01-02 01:02 --------- d-----w c:\program files\Free Audio Pack
2008-12-30 23:41 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ahead
2008-12-30 23:41 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ahead
2008-12-30 23:41 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ahead
2008-12-30 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Elaborate Bytes
2008-12-30 22:08 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-30 20:09 --------- d-----w c:\program files\Tell Me More Nv
2008-12-30 20:02 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DAEMON Tools Lite
2008-12-30 20:02 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DAEMON Tools Lite
2008-12-30 20:02 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DAEMON Tools Lite
2008-12-30 02:52 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InfraRecorder
2008-12-30 02:52 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InfraRecorder
2008-12-30 02:52 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InfraRecorder
2008-12-30 02:50 --------- d-----w c:\program files\InfraRecorder
2008-12-30 01:18 --------- d-----w c:\program files\Nero
2008-12-30 01:17 --------- d-----w c:\program files\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-30 01:09 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-30 01:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Notepad++
2008-12-30 01:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Notepad++
2008-12-30 01:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Notepad++
2008-12-30 00:35 --------- d-----w c:\program files\MagicDVDRipper
2008-12-30 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-30 00:29 --------- d-----w c:\program files\DVD Shrink
2008-12-30 00:13 --------- d-----w c:\program files\DVDVideoSoft
2008-12-29 23:42 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-12-29 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-12-29 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-29 21:28 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-29 21:28 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-29 21:28 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-29 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 06:23 --------- d-----w c:\program files\WinUtilities
2008-12-29 03:16 --------- d-----w c:\program files\BitLord
2008-12-29 03:15 --------- d-----w c:\program files\Reference Assemblies
2008-12-29 02:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ImgBurn
2008-12-29 02:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ImgBurn
2008-12-29 02:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ImgBurn
2008-12-29 02:47 --------- d-----w c:\program files\ImgBurn
2008-12-29 02:40 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Canneverbe_Limited
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-18 342848]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-21 1601304]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 c:\windows\ALCWZRD.EXE]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-11-04 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-21 16:27 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 05:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
--a------ 2008-10-22 07:51 147968 c:\program files\filehippo.com\UpdateChecker.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-25 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-25 298264]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
.
Contenu du dossier 'Tâches planifiées'
2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-24 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-CTFMON - (no file)
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3ooy76vi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 20:13:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-22 20:15:17
ComboFix-quarantined-files.txt 2009-02-23 01:15:11
Avant-CF: 110 236 835 840 octets libres
Après-CF: 110,364,942,336 octets libres
241 --- E O F --- 2009-02-12 08:08:00
VundoFix
VundoFix V7.0.6
Scan started at 20:17:35 2009-02-22
Listing files found while scanning....
No infected files were found.
Beginning removal...
Voicie mes rapports:
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:44, on 2009-02-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 7822 bytes
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1792
Windows 5.1.2600 Service Pack 3
2009-02-22 19:25:56
mbam-log-2009-02-22 (19-25-01).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 163469
Temps écoulé: 2 hour(s), 3 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP47\A0013259.exe (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP47\A0013276.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013291.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013310.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013331.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{C592EEE8-8362-4445-98F0-1FDC60FA539D}\RP48\A0013353.dll (Adware.MyWebSearch) -> No action taken.
ComboFix
ComboFix 09-02-21.01 - HP_Propriétaire 2009-02-22 20:11:18.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.503.25 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
[i] ADS - WINDOWS: deleted 48 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-23 au 2009-02-23 ))))))))))))))))))))))))))))))))))))
.
2009-02-21 16:02 . 2009-02-21 16:02 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2009-02-21 16:02 . 2009-02-21 16:02 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2009-02-21 16:02 . 2009-02-21 16:02 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\skypePM
2009-02-21 16:02 . 2009-02-21 16:02 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-21 15:50 . 2009-02-21 15:50 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-21 15:34 . 2009-02-21 15:35 <REP> d-------- c:\program files\QuickTime
2009-02-20 19:21 . 2009-02-20 19:21 <REP> d-------- c:\program files\Bonjour
2009-02-19 18:59 . 2009-02-20 12:05 <REP> d-------- c:\windows\system32\Adobe
2009-02-13 00:19 . 2009-02-13 00:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-06 20:24 . 2009-02-06 20:27 34 --a------ c:\documents and settings\HP_Propriétaire\jagex_runescape_preferences.dat
2009-02-06 20:24 . 2009-02-06 20:27 34 --a------ c:\documents and settings\HP_Propriétaire\jagex_runescape_preferences.dat
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-01 11:48 . 2009-02-01 11:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2009-02-01 11:48 . 2009-02-01 11:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2009-02-01 11:48 . 2009-02-01 11:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 01:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DNA
2009-02-23 01:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DNA
2009-02-23 01:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DNA
2009-02-23 00:37 --------- d-----w c:\program files\DNA
2009-02-23 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-23 00:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-21 21:27 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-21 21:27 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-21 21:27 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-21 21:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-21 21:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 21:03 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Skype
2009-02-21 21:03 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Skype
2009-02-21 21:03 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Skype
2009-02-21 21:00 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\uTorrent
2009-02-21 21:00 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\uTorrent
2009-02-21 21:00 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\uTorrent
2009-02-21 20:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 20:49 --------- d-----w c:\program files\Fichiers communs\Real
2009-02-21 20:36 --------- d-----w c:\program files\LimeWire
2009-02-21 20:16 --------- d-----w c:\program files\Notepad++
2009-02-21 19:59 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-21 19:59 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-21 19:59 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-15 13:23 --------- d-----w c:\program files\eMule
2009-02-13 05:18 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-13 05:18 --------- d-----w c:\program files\Java
2009-02-12 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 18:44 --------- d-----w c:\program files\Profile
2009-02-01 16:50 1,482 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-02-01 16:50 1,482 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-02-01 16:50 1,482 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-01-26 04:03 141,612 ----a-w c:\windows\system32\drivers\dump_wmimmc.sys
2009-01-24 17:51 --------- d-----w c:\program files\Easy Internet signup
2009-01-23 05:01 --------- d-----w c:\program files\Elaborate Bytes
2009-01-20 23:53 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Xfire
2009-01-20 23:53 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Xfire
2009-01-20 23:53 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Xfire
2009-01-20 23:17 --------- d-s---w c:\program files\Xfire
2009-01-19 03:02 --------- d-----w c:\program files\Shareaza
2009-01-19 02:30 --------- d-----w c:\program files\Microsoft LifeCam
2009-01-19 02:18 --------- d-----w c:\program files\ma-config.com
2009-01-19 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-18 19:59 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-18 19:41 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-18 19:41 --------- d-----w c:\program files\Microsoft
2009-01-18 19:40 --------- d-----w c:\program files\Windows Live
2009-01-18 19:35 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-01-18 19:26 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-01-02 04:00 --------- d-----w c:\program files\MSBuild
2009-01-02 04:00 --------- d-----w c:\program files\Microsoft Works
2009-01-02 03:59 --------- d-----w c:\program files\Microsoft.NET
2009-01-02 03:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-02 02:17 --------- d-----w c:\program files\RegCleaner
2009-01-02 02:08 --------- d-----w c:\program files\Common Files
2009-01-02 01:02 --------- d-----w c:\program files\Free Audio Pack
2008-12-30 23:41 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ahead
2008-12-30 23:41 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ahead
2008-12-30 23:41 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ahead
2008-12-30 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Elaborate Bytes
2008-12-30 22:08 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-30 20:09 --------- d-----w c:\program files\Tell Me More Nv
2008-12-30 20:02 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DAEMON Tools Lite
2008-12-30 20:02 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DAEMON Tools Lite
2008-12-30 20:02 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\DAEMON Tools Lite
2008-12-30 02:52 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InfraRecorder
2008-12-30 02:52 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InfraRecorder
2008-12-30 02:52 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\InfraRecorder
2008-12-30 02:50 --------- d-----w c:\program files\InfraRecorder
2008-12-30 01:18 --------- d-----w c:\program files\Nero
2008-12-30 01:17 --------- d-----w c:\program files\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\AVSMedia
2008-12-30 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-30 01:09 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-30 01:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Notepad++
2008-12-30 01:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Notepad++
2008-12-30 01:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Notepad++
2008-12-30 00:35 --------- d-----w c:\program files\MagicDVDRipper
2008-12-30 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-30 00:29 --------- d-----w c:\program files\DVD Shrink
2008-12-30 00:13 --------- d-----w c:\program files\DVDVideoSoft
2008-12-29 23:42 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-12-29 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-12-29 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-29 21:28 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-29 21:28 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-29 21:28 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-29 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 06:23 --------- d-----w c:\program files\WinUtilities
2008-12-29 03:16 --------- d-----w c:\program files\BitLord
2008-12-29 03:15 --------- d-----w c:\program files\Reference Assemblies
2008-12-29 02:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ImgBurn
2008-12-29 02:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ImgBurn
2008-12-29 02:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\ImgBurn
2008-12-29 02:47 --------- d-----w c:\program files\ImgBurn
2008-12-29 02:40 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Canneverbe_Limited
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-18 342848]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-21 1601304]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 c:\windows\ALCWZRD.EXE]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-11-04 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-21 16:27 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 05:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
--a------ 2008-10-22 07:51 147968 c:\program files\filehippo.com\UpdateChecker.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-25 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-25 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-25 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-25 298264]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
.
Contenu du dossier 'Tâches planifiées'
2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-24 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 08:50]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-CTFMON - (no file)
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\3ooy76vi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 20:13:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-22 20:15:17
ComboFix-quarantined-files.txt 2009-02-23 01:15:11
Avant-CF: 110 236 835 840 octets libres
Après-CF: 110,364,942,336 octets libres
241 --- E O F --- 2009-02-12 08:08:00
VundoFix
VundoFix V7.0.6
Scan started at 20:17:35 2009-02-22
Listing files found while scanning....
No infected files were found.
Beginning removal...
Configuration: Windows XP Firefox 3.0.6
A voir également:
- Rapport HijackThis (Suppretion de Virtumonde)
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Rapport de stage - Guide
- Rapport de crash windows - Guide
- Exemple de thème de rapport de stage en ressources humaines - Forum Réseau
- Impression rapport de stage ✓ - Forum Word
