Comment parer le virus mdnk44
Résolu
wallid44
-
avg8 Messages postés 426 Date d'inscription Statut Membre Dernière intervention -
avg8 Messages postés 426 Date d'inscription Statut Membre Dernière intervention -
salut a tous !
voila mon problème : avast n'arrête pas de me signaler le trojan mdnk44 ! le supprimer ou le mettre en quarantaine ne change rien il a l'air tenace le bougre !
merci de votre aide pour la démarche à suivre (hijackthis...)
voila mon problème : avast n'arrête pas de me signaler le trojan mdnk44 ! le supprimer ou le mettre en quarantaine ne change rien il a l'air tenace le bougre !
merci de votre aide pour la démarche à suivre (hijackthis...)
A voir également:
- Comment parer le virus mdnk44
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
13 réponses
Bonjour
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
voici le rapport
Rapport GenProc 2.500 [2] - 28/03/2009 à 19:21:51 - Windows XP
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
Rapport GenProc 2.500 [2] - 28/03/2009 à 19:21:51 - Windows XP
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
voici le rapport eset nod32
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3972 (20090328)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=dafae22421c0224fbe996cf1ad6e79a3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-28 07:27:32
# local_time=2009-03-28 08:27:32 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 3
# scanned=303590
# found=4
# scan_time=3571
C:\Documents and Settings\djebbi wallid\Application Data\cmstp.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\djebbi wallid\Application Data\Microsoft\clipsrv.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\djebbi wallid\Local Settings\Application Data\mqtgsvc.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system\mstsc.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3972 (20090328)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=dafae22421c0224fbe996cf1ad6e79a3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-28 07:27:32
# local_time=2009-03-28 08:27:32 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 3
# scanned=303590
# found=4
# scan_time=3571
C:\Documents and Settings\djebbi wallid\Application Data\cmstp.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\djebbi wallid\Application Data\Microsoft\clipsrv.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\djebbi wallid\Local Settings\Application Data\mqtgsvc.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system\mstsc.exe a variant of Win32/Agent.OWG trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1915
Windows 5.1.2600 Service Pack 3
29/03/2009 13:15:36
mbam-log-2009-03-29 (13-15-36).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 133259
Temps écoulé: 43 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\djebbi wallid\Mes documents\Downloads\Sony.Soundforge.8.Inc.Keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\djebbi wallid\Mes documents\mes logiciels\Windows XP Original Keys Keygen\Windows.XP original keygen\RockXP4.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\djebbi wallid\Mes documents\mes logiciels\Windows XP Original Keys Keygen\Windows.XP original keygen\keygens\XPKEY.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Sony Sound Forge 9.0a + KeyGen OK OK OK\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\djebbi wallid\Application Data\cmstp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Final Fantasy.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 1915
Windows 5.1.2600 Service Pack 3
29/03/2009 13:15:36
mbam-log-2009-03-29 (13-15-36).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 133259
Temps écoulé: 43 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\djebbi wallid\Mes documents\Downloads\Sony.Soundforge.8.Inc.Keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\djebbi wallid\Mes documents\mes logiciels\Windows XP Original Keys Keygen\Windows.XP original keygen\RockXP4.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\djebbi wallid\Mes documents\mes logiciels\Windows XP Original Keys Keygen\Windows.XP original keygen\keygens\XPKEY.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Sony Sound Forge 9.0a + KeyGen OK OK OK\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\djebbi wallid\Application Data\cmstp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Final Fantasy.dat (Trojan.Agent) -> Quarantined and deleted successfully.
fais ceci
- http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe Télécharge HiJackThis de Merijnsur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
- http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe Télécharge HiJackThis de Merijnsur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:57, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System\rsvp.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent Speed Booster] "C:\Program Files\uTorrent Speed Booster\uTorrent Speed Booster.exe" -tray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xilisoft
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 09:49:57, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System\rsvp.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent Speed Booster] "C:\Program Files\uTorrent Speed Booster\uTorrent Speed Booster.exe" -tray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xilisoft
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
fais ceci
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
ComboFix 09-03-30.02 - djebbi wallid 2009-03-31 10:46:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1491 [GMT 2:00]
Lancé depuis: c:\documents and settings\djebbi wallid\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\djebbi wallid\Application Data\Microsoft\spoolsv.exe
c:\documents and settings\djebbi wallid\ravmonlog
c:\documents and settings\djebbi wallid\real.txt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 ))))))))))))))))))))))))))))))))))))
.
2009-03-31 09:49 . 2009-03-31 09:49 <REP> d-------- c:\program files\Trend Micro
2009-03-30 17:50 . 2009-03-30 18:02 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-30 17:50 . 2009-03-30 18:02 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-30 17:49 . 2009-03-30 17:49 <REP> d-------- c:\program files\Kaspersky Lab
2009-03-30 17:49 . 2009-03-31 10:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-30 17:49 . 2009-03-31 10:48 2,211,360 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-30 17:49 . 2009-03-31 10:52 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-30 17:49 . 2009-03-31 10:48 19,404 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-30 17:49 . 2009-03-31 10:52 2,884 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-30 17:25 . 2009-03-30 18:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-29 11:28 . 2009-03-29 11:28 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 11:28 . 2009-03-29 11:28 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Malwarebytes
2009-03-29 11:28 . 2009-03-29 11:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 11:28 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 11:28 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-28 20:24 . 2009-03-28 21:27 <REP> d-------- c:\program files\EsetOnlineScanner
2009-03-28 20:15 . 2009-03-28 20:15 <REP> d-------- C:\GenProc
2009-03-21 18:26 . 2009-03-21 18:26 <REP> d-------- c:\program files\CCleaner
2009-03-18 17:26 . 2009-03-18 17:26 <REP> d-------- c:\program files\ANPSEDIC
2009-03-13 11:28 . 2009-03-15 21:04 3,532 --a------ C:\drmHeader.bin
2009-03-08 13:40 . 2009-03-31 10:52 <REP> d-------- c:\documents and settings\djebbi wallid\Tracing
2009-03-08 13:37 . 2009-03-08 13:37 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-08 13:37 . 2009-03-08 13:37 <REP> d-------- c:\program files\Microsoft
2009-03-08 13:37 . 2009-03-08 13:37 244 --ah----- C:\sqmnoopt03.sqm
2009-03-08 13:37 . 2009-03-08 13:37 232 --ah----- C:\sqmdata03.sqm
2009-03-08 13:36 . 2009-03-08 13:36 244 --ah----- C:\sqmnoopt02.sqm
2009-03-08 13:36 . 2009-03-08 13:36 232 --ah----- C:\sqmdata02.sqm
2009-03-08 13:34 . 2009-03-08 13:34 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-03-07 18:12 . 2009-03-07 18:12 <REP> d-------- c:\program files\Audacity
2009-03-07 18:04 . 2008-04-13 21:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-07 18:04 . 2008-04-13 21:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-03-07 18:04 . 2008-04-14 05:33 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-07 18:04 . 2008-04-14 05:33 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-07 18:04 . 2008-04-13 21:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-07 18:04 . 2008-04-13 21:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-02-25 23:26 . 2009-02-25 23:26 244 --ah----- C:\sqmnoopt01.sqm
2009-02-25 23:26 . 2009-02-25 23:26 232 --ah----- C:\sqmdata01.sqm
2009-02-11 20:18 . 2009-02-11 20:18 <REP> d-------- c:\program files\Serato
2009-02-11 09:39 . 2009-02-11 09:39 <REP> d-------- c:\program files\Vstplugins
2009-02-08 14:42 . 2009-02-08 14:42 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Publish Providers
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-02 21:16 . 2009-02-02 21:16 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Sony
2009-02-02 21:15 . 2009-02-10 01:11 <REP> d-------- c:\program files\Sony
2009-02-02 21:08 . 2009-02-02 21:08 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Sony Setup
2009-02-02 21:07 . 2009-02-10 01:06 <REP> d-------- c:\program files\Sony Setup
2009-02-02 15:20 . 2009-02-02 15:20 <REP> d-------- c:\program files\VIA
2009-02-02 15:20 . 2001-11-23 22:40 65,536 --a------ c:\windows\system32\VNICPKT.DLL
2009-02-02 15:20 . 2001-07-26 15:02 16,202 --a------ c:\windows\system32\VNICPKT5.sys
2009-02-02 15:19 . 1998-10-07 14:08 327,168 --a------ c:\windows\IsUn040c.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 08:52 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-03-31 08:52 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\uTorrent
2009-03-31 08:51 --------- d-----w c:\program files\SuperCopier2
2009-03-31 08:33 --------- d-----w c:\program files\eMule
2009-03-30 16:44 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\Winamp
2009-03-30 16:02 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-23 21:32 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-22 10:04 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\BSplayer
2009-03-14 08:49 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\dvdcss
2009-03-13 09:43 --------- d-----w c:\program files\Winamp
2009-03-13 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 11:38 --------- d-----w c:\program files\Windows Live
2009-02-24 22:19 --------- d-----w c:\program files\BS.Player ControlBar
2009-01-31 15:27 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\Apple Computer
2008-10-16 19:03 1,136 ----a-w c:\documents and settings\djebbi wallid\Application Data\filterclsid.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"uTorrent Speed Booster"="c:\program files\uTorrent Speed Booster\uTorrent Speed Booster.exe" [2007-12-07 610304]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-09 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-30 206088]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-03 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\djebbi wallid\\Bureau\\MySpaceMp3Gopher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13785:TCP"= 13785:TCP:NortonAV
"17138:TCP"= 17138:TCP:NortonAV
"18059:TCP"= 18059:TCP:NortonAV
"17370:TCP"= 17370:TCP:NortonAV
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-03-31 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-05-24 17408]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2006-03-16 29696]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [2009-02-02 16202]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62759073-ef78-11dd-8ee0-0013d3f3f4ad}]
\Shell\Shell00\Command - L:\Start.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\djebbi wallid\Application Data\Mozilla\Firefox\Profiles\cvc8z9w6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 10:52:25
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\DJEBBI~1\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Heure de fin: 2009-03-31 10:55:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-31 08:55:35
Avant-CF: 13 646 757 888 octets libres
Après-CF: 13,682,139,136 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
204 --- E O F --- 2009-03-15 02:01:38
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1491 [GMT 2:00]
Lancé depuis: c:\documents and settings\djebbi wallid\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\djebbi wallid\Application Data\Microsoft\spoolsv.exe
c:\documents and settings\djebbi wallid\ravmonlog
c:\documents and settings\djebbi wallid\real.txt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 ))))))))))))))))))))))))))))))))))))
.
2009-03-31 09:49 . 2009-03-31 09:49 <REP> d-------- c:\program files\Trend Micro
2009-03-30 17:50 . 2009-03-30 18:02 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-30 17:50 . 2009-03-30 18:02 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-30 17:49 . 2009-03-30 17:49 <REP> d-------- c:\program files\Kaspersky Lab
2009-03-30 17:49 . 2009-03-31 10:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-30 17:49 . 2009-03-31 10:48 2,211,360 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-30 17:49 . 2009-03-31 10:52 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-30 17:49 . 2009-03-31 10:48 19,404 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-30 17:49 . 2009-03-31 10:52 2,884 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-30 17:25 . 2009-03-30 18:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-29 11:28 . 2009-03-29 11:28 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 11:28 . 2009-03-29 11:28 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Malwarebytes
2009-03-29 11:28 . 2009-03-29 11:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 11:28 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 11:28 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-28 20:24 . 2009-03-28 21:27 <REP> d-------- c:\program files\EsetOnlineScanner
2009-03-28 20:15 . 2009-03-28 20:15 <REP> d-------- C:\GenProc
2009-03-21 18:26 . 2009-03-21 18:26 <REP> d-------- c:\program files\CCleaner
2009-03-18 17:26 . 2009-03-18 17:26 <REP> d-------- c:\program files\ANPSEDIC
2009-03-13 11:28 . 2009-03-15 21:04 3,532 --a------ C:\drmHeader.bin
2009-03-08 13:40 . 2009-03-31 10:52 <REP> d-------- c:\documents and settings\djebbi wallid\Tracing
2009-03-08 13:37 . 2009-03-08 13:37 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-08 13:37 . 2009-03-08 13:37 <REP> d-------- c:\program files\Microsoft
2009-03-08 13:37 . 2009-03-08 13:37 244 --ah----- C:\sqmnoopt03.sqm
2009-03-08 13:37 . 2009-03-08 13:37 232 --ah----- C:\sqmdata03.sqm
2009-03-08 13:36 . 2009-03-08 13:36 244 --ah----- C:\sqmnoopt02.sqm
2009-03-08 13:36 . 2009-03-08 13:36 232 --ah----- C:\sqmdata02.sqm
2009-03-08 13:34 . 2009-03-08 13:34 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-03-07 18:12 . 2009-03-07 18:12 <REP> d-------- c:\program files\Audacity
2009-03-07 18:04 . 2008-04-13 21:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-07 18:04 . 2008-04-13 21:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-03-07 18:04 . 2008-04-14 05:33 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-07 18:04 . 2008-04-14 05:33 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-07 18:04 . 2008-04-13 21:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-07 18:04 . 2008-04-13 21:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-02-25 23:26 . 2009-02-25 23:26 244 --ah----- C:\sqmnoopt01.sqm
2009-02-25 23:26 . 2009-02-25 23:26 232 --ah----- C:\sqmdata01.sqm
2009-02-11 20:18 . 2009-02-11 20:18 <REP> d-------- c:\program files\Serato
2009-02-11 09:39 . 2009-02-11 09:39 <REP> d-------- c:\program files\Vstplugins
2009-02-08 14:42 . 2009-02-08 14:42 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Publish Providers
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-02 21:16 . 2009-02-02 21:16 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Sony
2009-02-02 21:15 . 2009-02-10 01:11 <REP> d-------- c:\program files\Sony
2009-02-02 21:08 . 2009-02-02 21:08 <REP> d-------- c:\documents and settings\djebbi wallid\Application Data\Sony Setup
2009-02-02 21:07 . 2009-02-10 01:06 <REP> d-------- c:\program files\Sony Setup
2009-02-02 15:20 . 2009-02-02 15:20 <REP> d-------- c:\program files\VIA
2009-02-02 15:20 . 2001-11-23 22:40 65,536 --a------ c:\windows\system32\VNICPKT.DLL
2009-02-02 15:20 . 2001-07-26 15:02 16,202 --a------ c:\windows\system32\VNICPKT5.sys
2009-02-02 15:19 . 1998-10-07 14:08 327,168 --a------ c:\windows\IsUn040c.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 08:52 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-03-31 08:52 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\uTorrent
2009-03-31 08:51 --------- d-----w c:\program files\SuperCopier2
2009-03-31 08:33 --------- d-----w c:\program files\eMule
2009-03-30 16:44 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\Winamp
2009-03-30 16:02 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-23 21:32 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-22 10:04 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\BSplayer
2009-03-14 08:49 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\dvdcss
2009-03-13 09:43 --------- d-----w c:\program files\Winamp
2009-03-13 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 11:38 --------- d-----w c:\program files\Windows Live
2009-02-24 22:19 --------- d-----w c:\program files\BS.Player ControlBar
2009-01-31 15:27 --------- d-----w c:\documents and settings\djebbi wallid\Application Data\Apple Computer
2008-10-16 19:03 1,136 ----a-w c:\documents and settings\djebbi wallid\Application Data\filterclsid.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"uTorrent Speed Booster"="c:\program files\uTorrent Speed Booster\uTorrent Speed Booster.exe" [2007-12-07 610304]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-09 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-30 206088]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-03 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\djebbi wallid\\Bureau\\MySpaceMp3Gopher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13785:TCP"= 13785:TCP:NortonAV
"17138:TCP"= 17138:TCP:NortonAV
"18059:TCP"= 18059:TCP:NortonAV
"17370:TCP"= 17370:TCP:NortonAV
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-03-31 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-05-24 17408]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2006-03-16 29696]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [2009-02-02 16202]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62759073-ef78-11dd-8ee0-0013d3f3f4ad}]
\Shell\Shell00\Command - L:\Start.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\djebbi wallid\Application Data\Mozilla\Firefox\Profiles\cvc8z9w6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 10:52:25
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\DJEBBI~1\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Heure de fin: 2009-03-31 10:55:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-31 08:55:35
Avant-CF: 13 646 757 888 octets libres
Après-CF: 13,682,139,136 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
204 --- E O F --- 2009-03-15 02:01:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:08, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\uTorrent Speed Booster\uTorrent Speed Booster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent Speed Booster] "C:\Program Files\uTorrent Speed Booster\uTorrent Speed Booster.exe" -tray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xilisoft
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 12:19:08, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\uTorrent Speed Booster\uTorrent Speed Booster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent Speed Booster] "C:\Program Files\uTorrent Speed Booster\uTorrent Speed Booster.exe" -tray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xilisoft
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
