Sujet Précédent Sujet Suivant

Virus

jmp -  
 jmp -
Bonjour,

je ne peux plus accéder à d'autre poste en réseau on me demande de m'identifier et en plus avast me signale que j'envoie des mails

voici la copy de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 08:35:50, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe
C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\jmye.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NCR\Retail\NCRLoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\Program Files\NCR\FitClient\NCRDLLLoader.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\outils\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2flenovo.live.com%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: 172.17.30.80 RR-CRE-PRO
O1 - Hosts: 172.17.30.106 ATIGSRV2000
O1 - Hosts: 83.206.38.17 AXIS
O1 - Hosts: 213.11.83.104 AXISV4
O1 - Hosts: 172.17.30.117 TROY
O1 - Hosts: 172.17.30.211 SAFEPAY1
O1 - Hosts: 172.17.30.252 serveurcom.atig.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jmye] C:\WINDOWS\system32\jmye.exe \u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: ib_affinity.bat.lnk = C:\ib_affinity.bat
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\15089531.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\15089531.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://hades.cg94.fr/vdesk/cachecleaner.cab#version=6020,2008,0514,2338
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://hades.cg94.fr/vdesk/terminal/InstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://hades.cg94.fr/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://hades.cg94.fr/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://hades.cg94.fr/vdesk/terminal/urxhost.cab#version=6020,2008,0514,2340
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rma.local
O17 - HKLM\Software\..\Telephony: DomainName = rma.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rma.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rma.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AspenTouch Service - Aspen Touch Solutions, Inc. - C:\Program Files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackfishSQL - Unknown owner - C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe" -S="BlackfishSQL (file missing)
O23 - Service: BorneMonecarte (BorneMonecar) - Unknown owner - D:\Developpement\Version 6\BrnMonecar.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Epson Point of Service Log Service (EpsonPOSLog) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
O23 - Service: Epson Point of Service Port Handler (EpsonPOSPort) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server FullText Search (SQL2005) (msftesql$SQL2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:SQL2005 (file missing)
O23 - Service: SQL Server Analysis Services (SQL2005) (MSOLAP$SQL2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server (SQL2005) (MSSQL$SQL2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQL2005 (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NCR DLL Loader Service (NCRDLLLoaderService) - NCR - C:\Program Files\NCR\FitClient\NCRDLLLoader.exe
O23 - Service: NCR Loader Service (NCRLoader) - NCR Corporation - C:\Program Files\NCR\Retail\NCRLoader.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQL Server Agent (SQL2005) (SQLAgent$SQL2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i SQL2005 (file missing)
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: SVNService - Clansoft - C:\Program Files\Subversion\bin\SVNService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
A voir également:

5 réponses

Réponse 1 / 5
totobetourne Messages postés 5677 Statut Membre 65
 
bonjour

1)enleve ta version de hijack car trop ancienne.

2)Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

3)Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://telechargement.zebulon.fr/smitfraudfix.html
et télécharge SmitfraudFix.exe.

Exécute le en choisissant l’option 1,
il va générer un rapport
Copie/colle le sur le poste stp.
0
jmp
 
SmitFraudFix v2.412

Rapport fait à 11:37:04.18, 24/04/2009
Executé à partir de D:\Antivirus\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe
C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\WINDOWS\system32\jmye.exe
C:\Program Files\NCR\Retail\NCRLoader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\NCR\FitClient\NCRDLLLoader.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\outils\ExpBd.exe
C:\Program Files\Borland\Delphi 3\Bin\Delphi32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeanmarc.RMA


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeanmarc.RMA\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeanmarc.RMA\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeanmarc.RMA\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,userinit.exe"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 172.17.30.252
DNS Server Search Order: 172.17.30.250
DNS Server Search Order: 172.17.12.3
DNS Server Search Order: 172.17.12.4

Description: Broadcom NetLink (TM) Gigabit Ethernet - Miniport d'ordonnancement de paquets
DNS Server Search Order: 172.17.30.252
DNS Server Search Order: 172.17.30.250
DNS Server Search Order: 172.17.12.3
DNS Server Search Order: 172.17.12.4

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D5054B44-7C8E-4F2B-B6BA-4BAAD5FC281C}: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D73F5494-570E-4847-9D67-1180DC7B888A}: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D5054B44-7C8E-4F2B-B6BA-4BAAD5FC281C}: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D73F5494-570E-4847-9D67-1180DC7B888A}: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D5054B44-7C8E-4F2B-B6BA-4BAAD5FC281C}: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D73F5494-570E-4847-9D67-1180DC7B888A}: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.17.30.252 172.17.30.250 172.17.12.3 172.17.12.4


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 2 / 5
totobetourne Messages postés 5677 Statut Membre 65
 
fait le 2) de mon premier message . merci .

pour smitfraud rien de trouver.
0
jmp
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by jeanmarc at 2009-04-24 13:42:35
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (17%) free of 40 GB
Total RAM: 1014 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:45, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe
C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Retail\NCRLoader.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\Program Files\NCR\FitClient\NCRDLLLoader.exe
C:\WINDOWS\Explorer.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\jmye.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
D:\Antivirus\RSIT.exe
C:\Program Files\trend micro\jeanmarc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: 172.17.30.80 RR-CRE-PRO
O1 - Hosts: 172.17.30.106 ATIGSRV2000
O1 - Hosts: 83.206.38.17 AXIS
O1 - Hosts: 213.11.83.104 AXISV4
O1 - Hosts: 172.17.30.117 TROY
O1 - Hosts: 172.17.30.211 SAFEPAY1
O1 - Hosts: 172.17.30.252 serveurcom.atig.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jmye] C:\WINDOWS\system32\jmye.exe \u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: ib_affinity.bat.lnk = C:\ib_affinity.bat
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\15089531.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\15089531.dll
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://hades.cg94.fr/vdesk/cachecleaner.cab#version=6020,2008,0514,2338
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://hades.cg94.fr/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://hades.cg94.fr/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://hades.cg94.fr/vdesk/terminal/urxhost.cab#version=6020,2008,0514,2340
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rma.local
O17 - HKLM\Software\..\Telephony: DomainName = rma.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rma.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rma.local
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AspenTouch Service - Aspen Touch Solutions, Inc. - C:\Program Files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
O23 - Service: BorneMonecarte (BorneMonecar) - Unknown owner - D:\Developpement\Version 6\BrnMonecar.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Epson Point of Service Log Service (EpsonPOSLog) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
O23 - Service: Epson Point of Service Port Handler (EpsonPOSPort) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NCR DLL Loader Service (NCRDLLLoaderService) - NCR - C:\Program Files\NCR\FitClient\NCRDLLLoader.exe
O23 - Service: NCR Loader Service (NCRLoader) - NCR Corporation - C:\Program Files\NCR\Retail\NCRLoader.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: SVNService - Clansoft - C:\Program Files\Subversion\bin\SVNService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
0
Réponse 3 / 5
totobetourne Messages postés 5677 Statut Membre 65
 
bonjour

1)Bonjour,

*Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu

*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.

2)pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
jmp
 
[b]SDFix: Version 1.240 [/b]
Run by jeanmarc on 27/04/2009 at 09:00

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 09:14:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Jeanmarc.RMA\\coraml.exe"="C:\\Documents and Settings\\Jeanmarc.RMA\\coraml.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Jeanmarc.RMA\\Local Settings\\Temp\\ms1240486490.exe"="C:\\Documents and Settings\\Jeanmarc.RMA\\Local Settings\\Temp\\ms1240486490.exe:*:Disabled:ms1240486490"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Disabled:BlueSoleil"
"C:\\Documents and Settings\\Jeanmarc.RMA\\coraml.exe"="C:\\Documents and Settings\\Jeanmarc.RMA\\coraml.exe:*:Disabled:ENABLE"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\WINDOWS\\system32\\jmye.exe"="C:\\WINDOWS\\system32\\jmye.exe:*:Enabled:ENABLE"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Thu 23 Apr 2009 33,280 ...H. --- "C:\Documents and Settings\Jeanmarc.RMA\coraml.exe"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 23 Apr 2009 135,168 ..SHR --- "C:\WINDOWS\system32\15089531.dll"
Mon 22 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 24 Apr 2009 0 ...H. --- "C:\Documents and Settings\Jeanmarc.RMA\Application Data\Microsoft\Word\~WRL2300.tmp"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

[b]Finished![/b]
0
jmp
 
ComboFix 09-04-25.A3 - jeanmarc 27/04/2009 9:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.276 [GMT 2:00]
Lancé depuis: d:\telechargement\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090426-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\project1.exe
c:\windows\system32\15089531.dll
c:\windows\system32\Cache
c:\windows\system32\tmp.reg
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
.

2009-04-27 06:59 . 2009-04-27 06:59 579584 ----a-w c:\windows\system32\dllcache\user32.dll
2009-04-27 06:57 . 2009-04-27 06:57 -------- d-----w c:\windows\ERUNT
2009-04-27 06:49 . 2009-04-27 07:17 -------- d-----w C:\SDFix
2009-04-27 06:30 . 2009-04-27 06:30 -------- d-----w c:\program files\Windows Defender
2009-04-24 11:42 . 2009-04-24 11:42 -------- d-----w C:\rsit
2009-04-24 07:35 . 2009-04-24 07:35 -------- d-sh--w c:\documents and settings\Jeanmarc.RMA\IECompatCache
2009-04-24 07:33 . 2009-04-24 07:33 -------- d-----w c:\program files\CCleaner
2009-04-24 06:51 . 2009-04-24 13:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-24 06:51 . 2009-04-24 07:43 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 15:09 . 2009-04-23 15:09 -------- d-----w c:\program files\Alwil Software
2009-04-23 14:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 14:51 . 2009-04-23 14:51 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\Malwarebytes
2009-04-23 14:51 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 14:51 . 2009-04-23 14:51 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 14:51 . 2009-04-23 14:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 14:08 . 2009-04-23 14:08 -------- d-sh--w c:\documents and settings\Jeanmarc.JEANMARCP\IETldCache
2009-04-23 11:34 . 2009-04-23 11:34 118784 ----a-w c:\windows\system32\sgcckbj0ej1v.dll
2009-04-23 11:34 . 2009-04-23 11:34 80191 ----a-w c:\windows\system32\qgc9kbj0ej1v.exe502242340
2009-04-23 11:34 . 2009-04-23 11:34 80191 ----a-w c:\windows\system32\qgc9kbj0ej1v.exe
2009-04-23 11:34 . 2009-04-23 11:34 80191 ----a-w c:\windows\system32\qgc9kbj0ej1v .exe
2009-04-23 11:34 . 2009-04-23 11:34 33280 ---h--w c:\documents and settings\Jeanmarc.RMA\coraml.exe
2009-04-23 11:34 . 2009-04-23 11:34 33280 ----a-w c:\windows\system32\jmye.exe
2009-04-23 08:17 . 2009-04-23 08:17 -------- d-----w c:\documents and settings\AtigTemp20090422104010\CHERI_BCHE1
2009-04-23 08:17 . 2009-04-23 08:17 -------- d-----w c:\documents and settings\AtigTemp20090422104010\Import
2009-04-22 10:00 . 2009-04-24 13:31 -------- d-----w c:\documents and settings\AtigTemp20090422104010\Caisse
2009-04-22 08:40 . 2009-04-24 12:31 -------- d-----w c:\documents and settings\AtigTemp20090422104010
2009-04-22 07:11 . 2009-04-22 08:51 102268 ----a-w C:\CECRAMA.DAT
2009-04-22 06:46 . 2009-04-22 07:09 -------- d-----w c:\documents and settings\AtigTemp20090422084628
2009-04-22 06:26 . 2009-04-22 06:39 -------- d-----w c:\documents and settings\AtigTemp20090422082603
2009-04-21 07:36 . 2009-04-21 07:37 -------- d-----w c:\documents and settings\AtigTemp20090408085701\3355_C1
2009-04-21 06:13 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-21 06:13 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-21 06:13 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-21 06:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-21 06:13 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-21 06:13 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-21 06:13 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-21 06:13 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-21 06:13 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-21 06:13 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-21 06:13 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-21 06:12 . 2009-03-27 06:54 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-21 06:12 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 15:00 . 2009-04-21 07:36 -------- d-----w c:\documents and settings\AtigTemp20090408085701\Import
2009-04-08 15:00 . 2009-04-08 15:00 -------- d-----w c:\documents and settings\AtigTemp20090408085701\3153_C1
2009-04-08 07:55 . 2009-04-21 09:02 -------- d-----w c:\documents and settings\AtigTemp20090408085701\Caisse
2009-04-08 06:57 . 2009-04-21 15:59 -------- d-----w c:\documents and settings\AtigTemp20090408085701
2009-04-07 07:14 . 2007-01-18 12:00 3968 ----a-w c:\windows\system32\drivers\AvgArCln.sys
2009-04-07 06:37 . 2009-04-08 06:58 -------- d-----w C:\exports
2009-04-06 10:12 . 2009-04-06 10:12 -------- d-----w c:\documents and settings\administrateur.RMA\Local Settings\Application Data\TSVNCache
2009-04-06 10:12 . 2009-04-06 10:12 -------- d-sh--w c:\documents and settings\administrateur.RMA\IETldCache
2009-04-03 08:50 . 2009-04-03 13:35 -------- d-----w c:\documents and settings\AtigTemp20090402170814\Caisse
2009-04-02 15:08 . 2009-04-03 08:50 -------- d-----w c:\documents and settings\AtigTemp20090402170814
2009-04-02 11:21 . 2009-04-02 11:23 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\gtk-2.0
2009-04-02 11:21 . 2009-04-02 11:21 -------- d-----w c:\documents and settings\Jeanmarc.RMA\.thumbnails
2009-04-02 11:20 . 2009-04-02 11:24 -------- d-----w c:\documents and settings\Jeanmarc.RMA\.gimp-2.6
2009-04-02 11:20 . 2009-04-02 11:20 -------- d-----w c:\documents and settings\Jeanmarc.RMA\.gegl-0.0
2009-03-30 06:00 . 2009-03-30 06:00 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-30 06:00 . 2009-03-30 06:00 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-30 06:00 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 07:05 . 2008-01-28 06:18 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-04-24 13:31 . 2009-02-09 09:08 13030 ----a-w C:\PDOXUSRS.NET
2009-04-24 11:42 . 2009-01-19 15:42 -------- d-----w c:\program files\trend micro
2009-04-24 09:49 . 2009-04-24 09:37 3697 ----a-w C:\rapport.txt
2009-04-24 05:53 . 2008-05-15 16:46 -------- d-----w c:\program files\CA
2009-04-23 13:48 . 2008-01-28 06:11 -------- d-----w c:\program files\PCDR5
2009-04-22 13:41 . 2006-01-26 20:35 753920 ----a-w c:\windows\system32\perfh00C.dat
2009-04-22 13:41 . 2006-01-26 20:35 182340 ----a-w c:\windows\system32\perfc00C.dat
2009-04-10 12:00 . 2008-11-18 14:08 -------- d-----w c:\documents and settings\All Users\Application Data\Embarcadero
2009-03-31 10:53 . 2009-02-19 11:26 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\FileZilla
2009-03-27 08:08 . 2009-03-27 08:08 -------- d-----w c:\program files\Fichiers communs\PCSuite
2009-03-27 08:08 . 2009-03-27 08:08 -------- d-----w c:\program files\Fichiers communs\Nokia
2009-03-27 08:06 . 2009-03-04 11:30 -------- d-----w c:\program files\Nokia
2009-03-26 11:53 . 2009-03-26 11:53 -------- d-----w c:\program files\Siber Systems
2009-03-25 15:17 . 2009-03-26 07:43 1088587 ----a-w c:\windows\win32504.zip
2009-03-23 15:21 . 2008-09-25 14:34 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-23 14:06 . 2009-03-23 13:50 -------- d-----w c:\program files\OMNIKEY
2009-03-23 12:00 . 2009-03-23 11:58 -------- d-----w c:\program files\Solveig Multimedia
2009-03-23 12:00 . 2009-03-23 11:59 240 ----a-w C:\split.log
2009-03-23 11:35 . 2009-03-23 11:23 -------- d-----w c:\program files\PhotoFiltre
2009-03-21 14:07 . 2009-03-21 14:07 1054720 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 11:51 . 2009-03-20 11:51 -------- d-----w c:\program files\QuickTime
2009-03-20 11:50 . 2009-03-20 11:50 -------- d-----w c:\program files\Apple Software Update
2009-03-20 06:56 . 2008-01-28 06:30 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-19 12:28 . 2009-03-19 12:25 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\vlc
2009-03-19 12:28 . 2009-03-19 12:21 68 ----a-w C:\copier_fichier_deezer.bat
2009-03-19 12:24 . 2009-03-19 12:24 -------- d-----w c:\program files\VideoLAN
2009-03-19 12:17 . 2009-03-19 12:18 4047085 ----a-w C:\fla67.flv
2009-03-16 09:08 . 2009-03-16 09:08 -------- d-----w c:\program files\OPOS
2009-03-11 12:24 . 2009-03-11 12:24 131 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.4.tmp
2009-03-11 12:15 . 2009-03-11 12:15 126 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.3.tmp
2009-03-11 12:10 . 2009-03-11 12:09 122 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.2.tmp
2009-03-11 11:56 . 2009-03-11 11:55 125 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.tmp
2009-03-11 06:59 . 2009-02-19 10:21 135 ----a-w c:\documents and settings\Jeanmarc.RMA\Local Settings\Application Data\fusioncache.dat
2009-03-10 20:18 . 2008-09-05 22:30 970120 ------w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2008-09-05 22:30 265088 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 16:07 . 2009-03-09 16:07 565 ----a-w C:\SQL.txt
2009-03-08 13:09 . 2006-11-07 02:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 13:09 . 2006-10-17 11:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 03:41 . 2006-11-07 20:03 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 03:39 . 2007-12-07 02:08 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 03:34 . 2006-11-07 20:03 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 03:34 . 2006-01-26 20:35 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2006-11-07 20:03 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 03:34 . 2006-11-07 20:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 03:34 . 2006-10-17 11:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 03:34 . 2006-01-26 20:34 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:34 . 2006-10-17 11:05 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 03:34 . 2006-10-17 11:05 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 03:34 . 2006-10-17 11:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 03:33 . 2006-11-07 20:03 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 03:33 . 2009-03-08 03:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 03:33 . 2006-01-26 20:34 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2006-11-07 20:03 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 03:33 . 2008-05-09 10:55 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 03:33 . 2006-11-07 02:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 03:33 . 2008-05-09 10:55 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 03:33 . 2006-01-26 20:35 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 . 2006-11-07 02:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 03:32 . 2006-11-07 02:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 03:32 . 2006-01-26 20:34 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2006-11-07 02:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 03:32 . 2006-11-07 02:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 03:32 . 2006-11-07 02:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 03:32 . 2006-11-07 02:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 03:32 . 2006-01-26 20:34 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:32 . 2006-11-07 02:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 03:32 . 2006-11-07 02:26 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 03:32 . 2007-12-07 02:08 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 03:32 . 2007-12-07 02:08 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 03:32 . 2006-11-07 20:03 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 03:24 . 2006-10-17 10:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 03:22 . 2006-11-07 20:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 03:22 . 2006-01-26 20:34 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 03:11 . 2007-12-07 02:08 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 14:20 . 2006-01-26 20:35 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-04 11:53 . 2009-03-04 11:53 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\Apple Computer
2009-03-04 11:48 . 2009-02-19 11:26 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\Nokia
2009-03-04 11:35 . 2009-03-04 11:35 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-04 11:35 . 2009-03-04 11:35 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-04 11:30 . 2009-02-06 12:03 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-26 16:05 . 2008-01-28 06:13 -------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-26 16:05 . 2008-04-28 07:58 -------- d-----w c:\program files\Symantec
2009-02-26 16:05 . 2008-01-28 06:13 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-26 15:37 . 2008-04-28 12:52 -------- d-----w c:\program files\Norton Ghost
2009-02-26 10:52 . 2008-04-08 17:51 -------- d-----w c:\program files\RestOffice
2009-02-26 10:25 . 2008-06-19 11:50 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 10:52 . 2009-02-19 10:46 3852528 ----a-w C:\microsoftoffice.reg
2009-02-19 10:46 . 2009-02-19 10:34 142776222 ----a-w C:\Copie de sauve_reg.reg
2009-02-19 09:21 . 2009-02-19 09:21 146628668 ----a-w C:\sauve_reg.reg
2009-02-19 09:19 . 2009-02-19 09:19 6134174 ----a-w C:\current_user.reg
2009-02-19 09:17 . 2009-02-19 09:17 817290 ----a-w C:\codegear.reg
2009-02-19 09:17 . 2009-02-19 09:17 50820 ----a-w C:\araxis.reg
2009-02-19 09:17 . 2009-02-19 09:17 27236 ----a-w C:\borland.reg
2009-02-16 09:51 . 2009-02-16 09:51 244 ---ha-w C:\sqmnoopt07.sqm
2009-02-16 09:51 . 2009-02-16 09:51 232 ---ha-w C:\sqmdata07.sqm
2009-02-13 12:20 . 2009-02-13 12:20 244 ---ha-w C:\sqmnoopt06.sqm
2009-02-13 12:20 . 2009-02-13 12:20 232 ---ha-w C:\sqmdata06.sqm
2009-02-12 12:11 . 2009-02-12 12:11 244 ---ha-w C:\sqmnoopt05.sqm
2009-02-12 12:11 . 2009-02-12 12:11 232 ---ha-w C:\sqmdata05.sqm
2008-11-04 12:43 . 2008-11-04 12:43 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008110420081105\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 2333440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"jmye"="c:\windows\system32\jmye.exe" [2009-04-23 33280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2005-04-13 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jeanmarc.RMA\Menu D‚marrer\Programmes\D‚marrage\
D‚marrer Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - c:\program files\Microsoft Office97\Office\OSA.EXE [1997-8-29 51984]
ib_affinity.bat.lnk - C:\ib_affinity.bat [2008-5-22 30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-18 17:05 49152 ------w c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 18:59 24674 ----a-w c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-05 09:50 8704 ------w c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Jeanmarc.RMA\\coraml.exe"=

R1 vcdrom;Virtual CD-ROM Device Driver; [x]
R2 BorneMonecar;BorneMonecarte;d:\developpement\Version 6\BrnMonecar.exe [2005-06-29 645632]
R2 SVNService;SVNService;c:\program files\Subversion\bin\SVNService.exe [2004-03-31 61440]
R3 EdgeSer;Inside Out Networks Edgeport Driver;c:\windows\system32\DRIVERS\edgeser.sys [2004-08-26 183534]
R3 NcrWedge;NCR Wedge Keyboard Filter Driver;c:\windows\System32\drivers\ncrwedge.sys [2007-12-19 11012]
R3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [1998-03-12 1781248]
R3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [1998-03-12 193536]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\DRIVERS\TMUSBXP.SYS [2007-10-17 46336]
R3 urvpndrv;F5 Networks VPN Adapter; [x]
R3 UTCUSB;UTCUSB;c:\windows\system32\DRIVERS\UTCUSB.sys [2005-07-28 32936]
R4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808]
S1 aswSP;avast! Self Protection; [x]
S1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
S1 NCRBus;NCRBus; [x]
S1 NCRKMPDR;NCR Kernel Mode Peripheral Driver; [x]
S2 AspenTouch Service;AspenTouch Service;c:\program files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe [2004-12-15 40960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 BlackfishSQL;BlackfishSQL;c:\program files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe [2008-08-29 65536]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2006-04-09 36400]
S2 EpsonPOSLog;Epson Point of Service Log Service;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe [2008-04-12 290816]
S2 EpsonPOSPort;Epson Point of Service Port Handler;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe [2008-04-22 368640]
S2 EpsPort;EpsPort; [x]
S2 Esdpdx01;Esdpdx01;c:\windows\system32\Drivers\ESDPDX01.SYS [2007-06-11 95495]
S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2007-03-03 202096]
S2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
S2 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2007-03-03 14560624]
S2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-03-03 28771240]
S2 NCRDLLLoaderService;NCR DLL Loader Service;c:\program files\NCR\FitClient\NCRDLLLoader.exe [2007-12-19 61440]
S2 NCRLoader;NCR Loader Service;c:\program files\NCR\Retail\NCRLoader.exe [2007-12-19 61440]
S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-05-12 3968]
S2 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2006-04-09 109072]
S2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2006-04-09 671472]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 cxru0wdm;CardMan 5x21;c:\windows\system32\DRIVERS\cxru0wdm.sys [2008-10-24 221568]
S3 DRVDRW;DRVDRW;c:\windows\system32\DRIVERS\DRVDRW.SYS [2007-05-14 8832]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2006-04-09 2234320]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-24 c:\windows\Tasks\chauffe.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-22 c:\windows\Tasks\mercredi.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-23 c:\windows\Tasks\midi.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-04-23 c:\windows\Tasks\soir.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-27 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-NavLogon - (no file)


.
------- Examen supplémentaire -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 09:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(2016)
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(188)
c:\windows\system32\eToken.dll
c:\windows\system32\eTUi.dll

- - - - - - - > 'explorer.exe'(1332)
c:\windows\system32\PROCHLP.DLL
c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\eTSrv.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\InterBase Corp\InterBase\Bin\ibguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\NCR\RSM\NCRFsm.exe
c:\program files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Fichiers communs\Lenovo\Logger\logmon.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\InterBase Corp\InterBase\Bin\ibserver.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Heure de fin: 2009-04-27 9:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-27 07:40

Avant-CF: 6,586,576,896 octets libres
Après-CF: 7,318,597,632 octets libres

411 --- E O F --- 2009-04-22 13:06
0
Réponse 4 / 5
totobetourne Messages postés 5677 Statut Membre 65
 
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

Kill all::

File:
c:\windows\system32\sgcckbj0ej1v.dll
c:\windows\system32\qgc9kbj0ej1v.exe502242340
c:\windows\system32\qgc9kbj0ej1v.exe
c:\windows\system32\qgc9kbj0ej1v .exe
c:\documents and settings\Jeanmarc.RMA\coraml.exe
c:\windows\system32\jmye.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jmye"=-

Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
jmp
 
ComboFix 09-04-25.A3 - jeanmarc 27/04/2009 10:53.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.367 [GMT 2:00]
Lancé depuis: d:\antivirus\ComboFix.exe
Commutateurs utilisés :: d:\antivirus\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090426-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
.

2009-04-27 06:59 . 2009-04-27 06:59 579584 ----a-w c:\windows\system32\dllcache\user32.dll
2009-04-27 06:57 . 2009-04-27 06:57 -------- d-----w c:\windows\ERUNT
2009-04-27 06:49 . 2009-04-27 07:17 -------- d-----w C:\SDFix
2009-04-27 06:30 . 2009-04-27 06:30 -------- d-----w c:\program files\Windows Defender
2009-04-24 11:42 . 2009-04-24 11:42 -------- d-----w C:\rsit
2009-04-24 07:35 . 2009-04-24 07:35 -------- d-sh--w c:\documents and settings\Jeanmarc.RMA\IECompatCache
2009-04-24 07:33 . 2009-04-24 07:33 -------- d-----w c:\program files\CCleaner
2009-04-24 06:51 . 2009-04-24 13:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-24 06:51 . 2009-04-24 07:43 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 15:09 . 2009-04-23 15:09 -------- d-----w c:\program files\Alwil Software
2009-04-23 14:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 14:51 . 2009-04-23 14:51 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\Malwarebytes
2009-04-23 14:51 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 14:51 . 2009-04-23 14:51 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 14:51 . 2009-04-23 14:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 14:08 . 2009-04-23 14:08 -------- d-sh--w c:\documents and settings\Jeanmarc.JEANMARCP\IETldCache
2009-04-23 11:34 . 2009-04-23 11:34 118784 ----a-w c:\windows\system32\sgcckbj0ej1v.dll
2009-04-23 11:34 . 2009-04-23 11:34 80191 ----a-w c:\windows\system32\qgc9kbj0ej1v.exe502242340
2009-04-23 11:34 . 2009-04-23 11:34 80191 ----a-w c:\windows\system32\qgc9kbj0ej1v.exe
2009-04-23 11:34 . 2009-04-23 11:34 80191 ----a-w c:\windows\system32\qgc9kbj0ej1v .exe
2009-04-23 11:34 . 2009-04-23 11:34 33280 ---h--w c:\documents and settings\Jeanmarc.RMA\coraml.exe
2009-04-23 11:34 . 2009-04-23 11:34 33280 ----a-w c:\windows\system32\jmye.exe
2009-04-23 08:17 . 2009-04-23 08:17 -------- d-----w c:\documents and settings\AtigTemp20090422104010\CHERI_BCHE1
2009-04-23 08:17 . 2009-04-23 08:17 -------- d-----w c:\documents and settings\AtigTemp20090422104010\Import
2009-04-22 10:00 . 2009-04-27 08:43 -------- d-----w c:\documents and settings\AtigTemp20090422104010\Caisse
2009-04-22 08:40 . 2009-04-24 12:31 -------- d-----w c:\documents and settings\AtigTemp20090422104010
2009-04-22 07:11 . 2009-04-22 08:51 102268 ----a-w C:\CECRAMA.DAT
2009-04-22 06:46 . 2009-04-22 07:09 -------- d-----w c:\documents and settings\AtigTemp20090422084628
2009-04-22 06:26 . 2009-04-22 06:39 -------- d-----w c:\documents and settings\AtigTemp20090422082603
2009-04-21 07:36 . 2009-04-21 07:37 -------- d-----w c:\documents and settings\AtigTemp20090408085701\3355_C1
2009-04-21 06:13 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-21 06:13 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-21 06:13 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-21 06:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-21 06:13 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-21 06:13 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-21 06:13 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-21 06:13 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-21 06:13 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-21 06:13 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-21 06:13 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-21 06:12 . 2009-03-27 06:54 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-21 06:12 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 15:00 . 2009-04-21 07:36 -------- d-----w c:\documents and settings\AtigTemp20090408085701\Import
2009-04-08 15:00 . 2009-04-08 15:00 -------- d-----w c:\documents and settings\AtigTemp20090408085701\3153_C1
2009-04-08 07:55 . 2009-04-21 09:02 -------- d-----w c:\documents and settings\AtigTemp20090408085701\Caisse
2009-04-08 06:57 . 2009-04-21 15:59 -------- d-----w c:\documents and settings\AtigTemp20090408085701
2009-04-07 07:14 . 2007-01-18 12:00 3968 ----a-w c:\windows\system32\drivers\AvgArCln.sys
2009-04-07 06:37 . 2009-04-08 06:58 -------- d-----w C:\exports
2009-04-06 10:12 . 2009-04-06 10:12 -------- d-----w c:\documents and settings\administrateur.RMA\Local Settings\Application Data\TSVNCache
2009-04-06 10:12 . 2009-04-06 10:12 -------- d-sh--w c:\documents and settings\administrateur.RMA\IETldCache
2009-04-03 08:50 . 2009-04-03 13:35 -------- d-----w c:\documents and settings\AtigTemp20090402170814\Caisse
2009-04-02 15:08 . 2009-04-03 08:50 -------- d-----w c:\documents and settings\AtigTemp20090402170814
2009-04-02 11:21 . 2009-04-02 11:23 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\gtk-2.0
2009-04-02 11:21 . 2009-04-02 11:21 -------- d-----w c:\documents and settings\Jeanmarc.RMA\.thumbnails
2009-04-02 11:20 . 2009-04-02 11:24 -------- d-----w c:\documents and settings\Jeanmarc.RMA\.gimp-2.6
2009-04-02 11:20 . 2009-04-02 11:20 -------- d-----w c:\documents and settings\Jeanmarc.RMA\.gegl-0.0
2009-03-30 06:00 . 2009-03-30 06:00 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-30 06:00 . 2009-03-30 06:00 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-30 06:00 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 08:43 . 2009-02-09 09:08 13030 ----a-w C:\PDOXUSRS.NET
2009-04-27 07:05 . 2008-01-28 06:18 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-04-24 11:42 . 2009-01-19 15:42 -------- d-----w c:\program files\trend micro
2009-04-24 09:49 . 2009-04-24 09:37 3697 ----a-w C:\rapport.txt
2009-04-24 05:53 . 2008-05-15 16:46 -------- d-----w c:\program files\CA
2009-04-23 13:48 . 2008-01-28 06:11 -------- d-----w c:\program files\PCDR5
2009-04-22 13:41 . 2006-01-26 20:35 753920 ----a-w c:\windows\system32\perfh00C.dat
2009-04-22 13:41 . 2006-01-26 20:35 182340 ----a-w c:\windows\system32\perfc00C.dat
2009-04-10 12:00 . 2008-11-18 14:08 -------- d-----w c:\documents and settings\All Users\Application Data\Embarcadero
2009-03-31 10:53 . 2009-02-19 11:26 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\FileZilla
2009-03-27 08:08 . 2009-03-27 08:08 -------- d-----w c:\program files\Fichiers communs\PCSuite
2009-03-27 08:08 . 2009-03-27 08:08 -------- d-----w c:\program files\Fichiers communs\Nokia
2009-03-27 08:06 . 2009-03-04 11:30 -------- d-----w c:\program files\Nokia
2009-03-26 11:53 . 2009-03-26 11:53 -------- d-----w c:\program files\Siber Systems
2009-03-25 15:17 . 2009-03-26 07:43 1088587 ----a-w c:\windows\win32504.zip
2009-03-23 15:21 . 2008-09-25 14:34 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-23 14:06 . 2009-03-23 13:50 -------- d-----w c:\program files\OMNIKEY
2009-03-23 12:00 . 2009-03-23 11:58 -------- d-----w c:\program files\Solveig Multimedia
2009-03-23 12:00 . 2009-03-23 11:59 240 ----a-w C:\split.log
2009-03-23 11:35 . 2009-03-23 11:23 -------- d-----w c:\program files\PhotoFiltre
2009-03-21 14:07 . 2009-03-21 14:07 1054720 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 11:51 . 2009-03-20 11:51 -------- d-----w c:\program files\QuickTime
2009-03-20 11:50 . 2009-03-20 11:50 -------- d-----w c:\program files\Apple Software Update
2009-03-20 06:56 . 2008-01-28 06:30 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-19 12:28 . 2009-03-19 12:25 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\vlc
2009-03-19 12:28 . 2009-03-19 12:21 68 ----a-w C:\copier_fichier_deezer.bat
2009-03-19 12:24 . 2009-03-19 12:24 -------- d-----w c:\program files\VideoLAN
2009-03-19 12:17 . 2009-03-19 12:18 4047085 ----a-w C:\fla67.flv
2009-03-16 09:08 . 2009-03-16 09:08 -------- d-----w c:\program files\OPOS
2009-03-11 12:24 . 2009-03-11 12:24 131 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.4.tmp
2009-03-11 12:15 . 2009-03-11 12:15 126 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.3.tmp
2009-03-11 12:10 . 2009-03-11 12:09 122 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.2.tmp
2009-03-11 11:56 . 2009-03-11 11:55 125 ----a-w c:\documents and settings\Jeanmarc.RMA\svn-commit.tmp
2009-03-11 06:59 . 2009-02-19 10:21 135 ----a-w c:\documents and settings\Jeanmarc.RMA\Local Settings\Application Data\fusioncache.dat
2009-03-10 20:18 . 2008-09-05 22:30 970120 ------w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2008-09-05 22:30 265088 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 16:07 . 2009-03-09 16:07 565 ----a-w C:\SQL.txt
2009-03-08 13:09 . 2006-11-07 02:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 13:09 . 2006-10-17 11:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 03:41 . 2006-11-07 20:03 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 03:39 . 2007-12-07 02:08 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 03:34 . 2006-11-07 20:03 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 03:34 . 2006-01-26 20:35 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2006-11-07 20:03 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 03:34 . 2006-11-07 20:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 03:34 . 2006-10-17 11:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 03:34 . 2006-01-26 20:34 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:34 . 2006-10-17 11:05 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 03:34 . 2006-10-17 11:05 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 03:34 . 2006-10-17 11:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 03:33 . 2006-11-07 20:03 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 03:33 . 2009-03-08 03:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 03:33 . 2006-01-26 20:34 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2006-11-07 20:03 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 03:33 . 2008-05-09 10:55 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 03:33 . 2006-11-07 02:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 03:33 . 2008-05-09 10:55 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 03:33 . 2006-01-26 20:35 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 . 2006-11-07 02:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 03:32 . 2006-11-07 02:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 03:32 . 2006-01-26 20:34 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2006-11-07 02:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 03:32 . 2006-11-07 02:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 03:32 . 2006-11-07 02:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 03:32 . 2006-11-07 02:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 03:32 . 2006-01-26 20:34 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:32 . 2006-11-07 02:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 03:32 . 2006-11-07 02:26 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 03:32 . 2007-12-07 02:08 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 03:32 . 2007-12-07 02:08 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 03:32 . 2006-11-07 20:03 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 03:24 . 2006-10-17 10:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 03:22 . 2006-11-07 20:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 03:22 . 2006-01-26 20:34 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 03:11 . 2007-12-07 02:08 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 14:20 . 2006-01-26 20:35 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-04 11:53 . 2009-03-04 11:53 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\Apple Computer
2009-03-04 11:48 . 2009-02-19 11:26 -------- d-----w c:\documents and settings\Jeanmarc.RMA\Application Data\Nokia
2009-03-04 11:35 . 2009-03-04 11:35 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-04 11:35 . 2009-03-04 11:35 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-04 11:30 . 2009-02-06 12:03 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-26 16:05 . 2008-01-28 06:13 -------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-26 16:05 . 2008-04-28 07:58 -------- d-----w c:\program files\Symantec
2009-02-26 16:05 . 2008-01-28 06:13 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-26 15:37 . 2008-04-28 12:52 -------- d-----w c:\program files\Norton Ghost
2009-02-26 10:52 . 2008-04-08 17:51 -------- d-----w c:\program files\RestOffice
2009-02-26 10:25 . 2008-06-19 11:50 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 10:52 . 2009-02-19 10:46 3852528 ----a-w C:\microsoftoffice.reg
2009-02-19 10:46 . 2009-02-19 10:34 142776222 ----a-w C:\Copie de sauve_reg.reg
2009-02-19 09:21 . 2009-02-19 09:21 146628668 ----a-w C:\sauve_reg.reg
2009-02-19 09:19 . 2009-02-19 09:19 6134174 ----a-w C:\current_user.reg
2009-02-19 09:17 . 2009-02-19 09:17 817290 ----a-w C:\codegear.reg
2009-02-19 09:17 . 2009-02-19 09:17 50820 ----a-w C:\araxis.reg
2009-02-19 09:17 . 2009-02-19 09:17 27236 ----a-w C:\borland.reg
2009-02-16 09:51 . 2009-02-16 09:51 244 ---ha-w C:\sqmnoopt07.sqm
2009-02-16 09:51 . 2009-02-16 09:51 232 ---ha-w C:\sqmdata07.sqm
2009-02-13 12:20 . 2009-02-13 12:20 244 ---ha-w C:\sqmnoopt06.sqm
2009-02-13 12:20 . 2009-02-13 12:20 232 ---ha-w C:\sqmdata06.sqm
2009-02-12 12:11 . 2009-02-12 12:11 244 ---ha-w C:\sqmnoopt05.sqm
2009-02-12 12:11 . 2009-02-12 12:11 232 ---ha-w C:\sqmdata05.sqm
2008-11-04 12:43 . 2008-11-04 12:43 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008110420081105\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-27_07.37.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-27 08:21 . 2009-04-27 08:21 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-04-27 08:21 . 2009-04-27 08:21 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
+ 2008-04-08 15:20 . 2009-04-27 08:22 219774 c:\windows\system32\inetsrv\MetaBase.bin
- 2008-04-08 15:20 . 2009-04-27 07:35 219774 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 2333440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2005-04-13 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jeanmarc.RMA\Menu D‚marrer\Programmes\D‚marrage\
D‚marrer Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - c:\program files\Microsoft Office97\Office\OSA.EXE [1997-8-29 51984]
ib_affinity.bat.lnk - C:\ib_affinity.bat [2008-5-22 30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-18 17:05 49152 ------w c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 18:59 24674 ----a-w c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-05 09:50 8704 ------w c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Jeanmarc.RMA\\coraml.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 vcdrom;Virtual CD-ROM Device Driver; [x]
R2 BorneMonecar;BorneMonecarte;d:\developpement\Version 6\BrnMonecar.exe [2005-06-29 645632]
R2 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
R2 SVNService;SVNService;c:\program files\Subversion\bin\SVNService.exe [2004-03-31 61440]
R3 EdgeSer;Inside Out Networks Edgeport Driver;c:\windows\system32\DRIVERS\edgeser.sys [2004-08-26 183534]
R3 NcrWedge;NCR Wedge Keyboard Filter Driver;c:\windows\System32\drivers\ncrwedge.sys [2007-12-19 11012]
R3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [1998-03-12 1781248]
R3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [1998-03-12 193536]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\DRIVERS\TMUSBXP.SYS [2007-10-17 46336]
R3 urvpndrv;F5 Networks VPN Adapter; [x]
R3 UTCUSB;UTCUSB;c:\windows\system32\DRIVERS\UTCUSB.sys [2005-07-28 32936]
R4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808]
S1 aswSP;avast! Self Protection; [x]
S1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
S1 NCRBus;NCRBus; [x]
S1 NCRKMPDR;NCR Kernel Mode Peripheral Driver; [x]
S2 AspenTouch Service;AspenTouch Service;c:\program files\Preh MCI Touch\Drivers\Touchscreen\UTCServiceApp.exe [2004-12-15 40960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 BlackfishSQL;BlackfishSQL;c:\program files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe [2008-08-29 65536]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2006-04-09 36400]
S2 EpsonPOSLog;Epson Point of Service Log Service;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe [2008-04-12 290816]
S2 EpsonPOSPort;Epson Point of Service Port Handler;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe [2008-04-22 368640]
S2 EpsPort;EpsPort; [x]
S2 Esdpdx01;Esdpdx01;c:\windows\system32\Drivers\ESDPDX01.SYS [2007-06-11 95495]
S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2007-03-03 202096]
S2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
S2 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2007-03-03 14560624]
S2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-03-03 28771240]
S2 NCRDLLLoaderService;NCR DLL Loader Service;c:\program files\NCR\FitClient\NCRDLLLoader.exe [2007-12-19 61440]
S2 NCRLoader;NCR Loader Service;c:\program files\NCR\Retail\NCRLoader.exe [2007-12-19 61440]
S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-05-12 3968]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2006-04-09 109072]
S2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2006-04-09 671472]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 cxru0wdm;CardMan 5x21;c:\windows\system32\DRIVERS\cxru0wdm.sys [2008-10-24 221568]
S3 DRVDRW;DRVDRW;c:\windows\system32\DRIVERS\DRVDRW.SYS [2007-05-14 8832]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2006-04-09 2234320]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-24 c:\windows\Tasks\chauffe.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-22 c:\windows\Tasks\mercredi.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-23 c:\windows\Tasks\midi.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-04-23 c:\windows\Tasks\soir.job
- c:\windows\system32\sndrec32.exe [2006-01-26 02:34]

2009-04-27 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
.
------- Examen supplémentaire -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 10:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(2008)
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(140)
c:\windows\system32\eToken.dll
c:\windows\system32\eTUi.dll

- - - - - - - > 'explorer.exe'(4376)
c:\windows\system32\PROCHLP.DLL
c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2009-04-27 10:57
ComboFix-quarantined-files.txt 2009-04-27 08:57
ComboFix2.txt 2009-04-27 07:40

Avant-CF: 7,780,589,568 octets libres
Après-CF: 7,756,009,472 octets libres

Current=1 Default=1 Failed=4 LastKnownGood=2 Sets=1,2,3,4
372 --- E O F --- 2009-04-22 13:06
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
totobetourne Messages postés 5677 Statut Membre 65
 
toujours present . on va faire autrement.

1)Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

2)Une fois téléchargé double-clique sur OTMoveIt3.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

:processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"jmye"=-

:files
c:\windows\system32\sgcckbj0ej1v.dll
c:\windows\system32\qgc9kbj0ej1v.exe502242340
c:\windows\system32\qgc9kbj0ej1v.exe
c:\windows\system32\qgc9kbj0ej1v .exe
c:\documents and settings\Jeanmarc.RMA\coraml.exe
c:\windows\system32\jmye.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur move it pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.
0
jmp
 
j'ai un message d'erreur en lancant OTMoveIt

this appliaction has requested to treminated it in an usual way

et donc je n'ai pas de fichier result
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses