A voir également:
- Virus cheval de troie
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Cheval de troie virus comment le supprimer - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
6 réponses
bonjour , ton anti-virus c'est qui ???
il te les trouve ou ???
peux tu mettre un rapport hijackthis , Merci
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
si besion d'aide pour l'installation : https://www.malekal.com/tutoriel-hijackthis/
et si problème pour VISTA :https://blog.sosordi.net/category/articles
des expliquations en images pour l'utiliser : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
il te les trouve ou ???
peux tu mettre un rapport hijackthis , Merci
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
si besion d'aide pour l'installation : https://www.malekal.com/tutoriel-hijackthis/
et si problème pour VISTA :https://blog.sosordi.net/category/articles
des expliquations en images pour l'utiliser : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
bonjour , cette ligne la O23 - Service: Service Gestion des clés et des certificats d'intégrité hkmsvchelpsvc (hkmsvchelpsvc) - Unknown owner - C:\WINDOWS\system32\agrscoink.exe ne me plait pas plus que ça tu vas le faire analyser sur virus total , merci
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier :agrscoink.exe
qui se trouve dans C:\WINDOWS\system32\
Clique sur envoyer le lien.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier :agrscoink.exe
qui se trouve dans C:\WINDOWS\system32\
Clique sur envoyer le lien.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
tu ne trouve pas agrscoink.exe dans système32 bizare tu vas faire otmoviet , Merci tu postes le rapport tu passes ccleaner avec les réglage donnés et puis tu passeras malwarebytes
1) Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Double-clique sur OTMoveIt3.exe pour le lancer.
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:processes
explorer.exe
agrscoink.exe
:services
hkmsvchelpsvc
:files
C:\WINDOWS\system32\agrscoink.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
2) Redémarres le PC et passes Ccleaner avec ces réglages LA
télécharge Ccleaner à partir de cette adresses
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
et pour mieux le connaire : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
3) passes malwarebytes
Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Il va se mettre à jour une fois faite
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés)
. cliques sur Supprimer la sélection
. Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
1) Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Double-clique sur OTMoveIt3.exe pour le lancer.
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:processes
explorer.exe
agrscoink.exe
:services
hkmsvchelpsvc
:files
C:\WINDOWS\system32\agrscoink.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
2) Redémarres le PC et passes Ccleaner avec ces réglages LA
télécharge Ccleaner à partir de cette adresses
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
et pour mieux le connaire : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
3) passes malwarebytes
Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Il va se mettre à jour une fois faite
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés)
. cliques sur Supprimer la sélection
. Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: agrscoink.exe
========== SERVICES/DRIVERS ==========
Service\Driver hkmsvchelpsvc deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\system32\agrscoink.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3-journal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CA4TF7PHCAWLO1P5CA2N9NKCCAV0FUWKCAH6WC5PCAOYZXUYCAHEUF5ACAZP4X5LCAJAEKH4CAPTB9KHCAAPLN2YCA8ZBNVVCAWCS391CAMQYMJ1CAT7KSK1CACITBB1CAVQTK10CAZH4U1KCABY4DLPCAAT32AR.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CAL4FPASCAZKMEKGCAPGL6TBCA1HG07ICAO1R8N4CAKZ07YLCAC8M86FCABQMI7ECA54IPRDCAGISO15CARYREMMCA8BV8N0CAD383SHCAR2LIFOCATKP52DCAZXOJO1CAS2F9ADCAN94MSWCAPSMF4PCAI7ZNO9.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\affich-12265341-virus-cheval-de-troie[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CA4XGKVTCAKM7OG4CAY3EXLWCASVBADKCA9T5SCUCA4B0XGLCA0SV40XCAQ3LGOCCAXIAIV0CAKQYQ50CAP99XRJCAWFENXGCAOQHGR9CAQOB8H3CARJ0HH5CAHKH5DDCAI9B8ZGCAGRXBIXCAZSIBW4CACUCGED.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CAC16YMPCAIKHA03CAFQXYQXCAE8LOZ3CA2ZUEJZCA7HGKERCAV6MU4UCAD4662ECA1UQS84CAPBPI4GCAPKDWBZCANK1UM7CAVPQMJACA6MLWSXCA1B8JDVCAK6Q9FTCA9HJQPLCASC4UVVCAQ5NIUYCAU9ATAP.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CA6W8PUACA4NBW1JCAQZ2YSQCA0A170NCAS1MJJRCAMXU43GCA521KORCAKRUCT4CACRAHOPCAL4DB8NCAAO0L95CAQU7TCNCA4HK1GSCADZOOSMCANRJGG5CA3Y42T3CA9N8KNPCAFBK4F5CA120LSUCAAQUTUG.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAIE0CPACAYEYWK1CA125KLICAMHA3DQCAPY9UD8CAR516V5CA4TTNUFCANLT990CAFKFS33CAFTHL2ECATGFWOGCAOYUHHXCAV11TUUCAI19CCLCAA4M92FCA8J00Z1CA1MKYFBCAZ1JKXACACMJCIWCACCWL03.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAVVPU9YCAZQMI30CANII8L0CATO02N1CAVSNJUDCACF6WJ9CA1IT06KCAG82AVICA2CC323CABK1SCHCA13H0L1CA7FSKK3CAV9SRPBCAWA9T8RCA8HH01NCAX5IGH7CABH3SSSCA3REEA1CAIP2GTJCAROX4RE.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3da78.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_55c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_223357
Files moved on Reboot...
C:\WINDOWS\system32\agrscoink.exe moved successfully.
File C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3 not found!
File C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3-journal not found!
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CA4TF7PHCAWLO1P5CA2N9NKCCAV0FUWKCAH6WC5PCAOYZXUYCAHEUF5ACAZP4X5LCAJAEKH4CAPTB9KHCAAPLN2YCA8ZBNVVCAWCS391CAMQYMJ1CAT7KSK1CACITBB1CAVQTK10CAZH4U1KCABY4DLPCAAT32AR.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CAL4FPASCAZKMEKGCAPGL6TBCA1HG07ICAO1R8N4CAKZ07YLCAC8M86FCABQMI7ECA54IPRDCAGISO15CARYREMMCA8BV8N0CAD383SHCAR2LIFOCATKP52DCAZXOJO1CAS2F9ADCAN94MSWCAPSMF4PCAI7ZNO9.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\affich-12265341-virus-cheval-de-troie[1].htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\OTMoveIt3[1].exe moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CA4XGKVTCAKM7OG4CAY3EXLWCASVBADKCA9T5SCUCA4B0XGLCA0SV40XCAQ3LGOCCAXIAIV0CAKQYQ50CAP99XRJCAWFENXGCAOQHGR9CAQOB8H3CARJ0HH5CAHKH5DDCAI9B8ZGCAGRXBIXCAZSIBW4CACUCGED.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CAC16YMPCAIKHA03CAFQXYQXCAE8LOZ3CA2ZUEJZCA7HGKERCAV6MU4UCAD4662ECA1UQS84CAPBPI4GCAPKDWBZCANK1UM7CAVPQMJACA6MLWSXCA1B8JDVCAK6Q9FTCA9HJQPLCASC4UVVCAQ5NIUYCAU9ATAP.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CA6W8PUACA4NBW1JCAQZ2YSQCA0A170NCAS1MJJRCAMXU43GCA521KORCAKRUCT4CACRAHOPCAL4DB8NCAAO0L95CAQU7TCNCA4HK1GSCADZOOSMCANRJGG5CA3Y42T3CA9N8KNPCAFBK4F5CA120LSUCAAQUTUG.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAIE0CPACAYEYWK1CA125KLICAMHA3DQCAPY9UD8CAR516V5CA4TTNUFCANLT990CAFKFS33CAFTHL2ECATGFWOGCAOYUHHXCAV11TUUCAI19CCLCAA4M92FCA8J00Z1CA1MKYFBCAZ1JKXACACMJCIWCACCWL03.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAVVPU9YCAZQMI30CANII8L0CATO02N1CAVSNJUDCACF6WJ9CA1IT06KCAG82AVICA2CC323CABK1SCHCA13H0L1CA7FSKK3CAV9SRPBCAWA9T8RCA8HH01NCAX5IGH7CABH3SSSCA3REEA1CAIP2GTJCAROX4RE.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_3da78.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_55c.dat not found!
File C:\WINDOWS\temp\WFV2.tmp not found!
je vous enverrai le rapport mlware
Process explorer.exe killed successfully.
Unable to kill process: agrscoink.exe
========== SERVICES/DRIVERS ==========
Service\Driver hkmsvchelpsvc deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\system32\agrscoink.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3-journal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CA4TF7PHCAWLO1P5CA2N9NKCCAV0FUWKCAH6WC5PCAOYZXUYCAHEUF5ACAZP4X5LCAJAEKH4CAPTB9KHCAAPLN2YCA8ZBNVVCAWCS391CAMQYMJ1CAT7KSK1CACITBB1CAVQTK10CAZH4U1KCABY4DLPCAAT32AR.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CAL4FPASCAZKMEKGCAPGL6TBCA1HG07ICAO1R8N4CAKZ07YLCAC8M86FCABQMI7ECA54IPRDCAGISO15CARYREMMCA8BV8N0CAD383SHCAR2LIFOCATKP52DCAZXOJO1CAS2F9ADCAN94MSWCAPSMF4PCAI7ZNO9.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\affich-12265341-virus-cheval-de-troie[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CA4XGKVTCAKM7OG4CAY3EXLWCASVBADKCA9T5SCUCA4B0XGLCA0SV40XCAQ3LGOCCAXIAIV0CAKQYQ50CAP99XRJCAWFENXGCAOQHGR9CAQOB8H3CARJ0HH5CAHKH5DDCAI9B8ZGCAGRXBIXCAZSIBW4CACUCGED.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CAC16YMPCAIKHA03CAFQXYQXCAE8LOZ3CA2ZUEJZCA7HGKERCAV6MU4UCAD4662ECA1UQS84CAPBPI4GCAPKDWBZCANK1UM7CAVPQMJACA6MLWSXCA1B8JDVCAK6Q9FTCA9HJQPLCASC4UVVCAQ5NIUYCAU9ATAP.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CA6W8PUACA4NBW1JCAQZ2YSQCA0A170NCAS1MJJRCAMXU43GCA521KORCAKRUCT4CACRAHOPCAL4DB8NCAAO0L95CAQU7TCNCA4HK1GSCADZOOSMCANRJGG5CA3Y42T3CA9N8KNPCAFBK4F5CA120LSUCAAQUTUG.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAIE0CPACAYEYWK1CA125KLICAMHA3DQCAPY9UD8CAR516V5CA4TTNUFCANLT990CAFKFS33CAFTHL2ECATGFWOGCAOYUHHXCAV11TUUCAI19CCLCAA4M92FCA8J00Z1CA1MKYFBCAZ1JKXACACMJCIWCACCWL03.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAVVPU9YCAZQMI30CANII8L0CATO02N1CAVSNJUDCACF6WJ9CA1IT06KCAG82AVICA2CC323CABK1SCHCA13H0L1CA7FSKK3CAV9SRPBCAWA9T8RCA8HH01NCAX5IGH7CABH3SSSCA3REEA1CAIP2GTJCAROX4RE.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3da78.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_55c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_223357
Files moved on Reboot...
C:\WINDOWS\system32\agrscoink.exe moved successfully.
File C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3 not found!
File C:\DOCUME~1\HP\LOCALS~1\Temp\etilqs_Xs0LtgtPENQzOL0xiSD3-journal not found!
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CA4TF7PHCAWLO1P5CA2N9NKCCAV0FUWKCAH6WC5PCAOYZXUYCAHEUF5ACAZP4X5LCAJAEKH4CAPTB9KHCAAPLN2YCA8ZBNVVCAWCS391CAMQYMJ1CAT7KSK1CACITBB1CAVQTK10CAZH4U1KCABY4DLPCAAT32AR.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\CAL4FPASCAZKMEKGCAPGL6TBCA1HG07ICAO1R8N4CAKZ07YLCAC8M86FCABQMI7ECA54IPRDCAGISO15CARYREMMCA8BV8N0CAD383SHCAR2LIFOCATKP52DCAZXOJO1CAS2F9ADCAN94MSWCAPSMF4PCAI7ZNO9.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\affich-12265341-virus-cheval-de-troie[1].htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\LJVA04JZ\OTMoveIt3[1].exe moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CA4XGKVTCAKM7OG4CAY3EXLWCASVBADKCA9T5SCUCA4B0XGLCA0SV40XCAQ3LGOCCAXIAIV0CAKQYQ50CAP99XRJCAWFENXGCAOQHGR9CAQOB8H3CARJ0HH5CAHKH5DDCAI9B8ZGCAGRXBIXCAZSIBW4CACUCGED.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\G0K1YM6O\CAC16YMPCAIKHA03CAFQXYQXCAE8LOZ3CA2ZUEJZCA7HGKERCAV6MU4UCAD4662ECA1UQS84CAPBPI4GCAPKDWBZCANK1UM7CAVPQMJACA6MLWSXCA1B8JDVCAK6Q9FTCA9HJQPLCASC4UVVCAQ5NIUYCAU9ATAP.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CA6W8PUACA4NBW1JCAQZ2YSQCA0A170NCAS1MJJRCAMXU43GCA521KORCAKRUCT4CACRAHOPCAL4DB8NCAAO0L95CAQU7TCNCA4HK1GSCADZOOSMCANRJGG5CA3Y42T3CA9N8KNPCAFBK4F5CA120LSUCAAQUTUG.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAIE0CPACAYEYWK1CA125KLICAMHA3DQCAPY9UD8CAR516V5CA4TTNUFCANLT990CAFKFS33CAFTHL2ECATGFWOGCAOYUHHXCAV11TUUCAI19CCLCAA4M92FCA8J00Z1CA1MKYFBCAZ1JKXACACMJCIWCACCWL03.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\7ZCJX49I\CAVVPU9YCAZQMI30CANII8L0CATO02N1CAVSNJUDCACF6WJ9CA1IT06KCAG82AVICA2CC323CABK1SCHCA13H0L1CA7FSKK3CAV9SRPBCAWA9T8RCA8HH01NCAX5IGH7CABH3SSSCA3REEA1CAIP2GTJCAROX4RE.htm moved successfully.
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_3da78.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_55c.dat not found!
File C:\WINDOWS\temp\WFV2.tmp not found!
je vous enverrai le rapport mlware
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1817
Windows 5.1.2600 Service Pack 3
01/05/2009 22:47:20
mbam-log-2009-05-01 (22-47-20).txt
Type de recherche: Examen rapide
Eléments examinés: 61587
Temps écoulé: 2 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 1817
Windows 5.1.2600 Service Pack 3
01/05/2009 22:47:20
mbam-log-2009-05-01 (22-47-20).txt
Type de recherche: Examen rapide
Eléments examinés: 61587
Temps écoulé: 2 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 56
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
bon tu vériffis avec ton anti-virus si il n'y a plus de problème sinon tu peut remette un nouveau hijackthis pour contrôle , merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok , tu vas passer combofix mais attention c'est un outil relativement puissant donc pas de place pour l'improvisation personnel , donc tu suis les recommandations et tu prend le temps de regarder le tutoriel officiels afin de bien appliquer les consignes, Merci
Télécharge Combofix.exe de sUBs sur ton Bureau;
tutoriel officiel prend le temps de le lire : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnectes toi d'internet et désactives ton antivirus pour que Combofix puisse s'exécuter normalement.
Doubles clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
tu Ne touches à rien tant que le scan n'est pas terminé.
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis
Réactives la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.
Note : Le rapport se trouve également là : C:\Combofix.txt
Télécharge Combofix.exe de sUBs sur ton Bureau;
tutoriel officiel prend le temps de le lire : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnectes toi d'internet et désactives ton antivirus pour que Combofix puisse s'exécuter normalement.
Doubles clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
tu Ne touches à rien tant que le scan n'est pas terminé.
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis
Réactives la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.
Note : Le rapport se trouve également là : C:\Combofix.txt
ComboFix 09-05-02.4 - HP 01/05/2009 23:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1977.1495 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP\Mes documents\logiciels\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP\HP.exe
C:\e2.cmd
c:\windows\system32\digiwet.dll
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
D:\e2.cmd
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.
2009-04-28 20:27 . 2009-04-28 20:27 -------- d-----w C:\_OTMoveIt
2009-04-28 15:29 . 2009-04-28 15:29 105774 --sh--r C:\ymxf2.exe
2009-04-28 15:01 . 2009-04-28 15:21 -------- d-----w C:\UsbFix
2009-04-28 13:03 . 2009-05-01 18:39 -------- d-----w c:\program files\trend micro
2009-04-28 13:03 . 2009-04-28 13:04 -------- d-----w C:\rsit
2009-04-27 23:06 . 2009-04-27 23:06 -------- d-----w c:\documents and settings\HP\Application Data\TrojanHunter
2009-04-27 22:38 . 2009-04-30 11:15 -------- d-----w c:\program files\TrojanHunter 5.0
2009-04-19 23:36 . 2009-04-19 23:36 61440 ----a-w c:\windows\system32\drivers\chxhpzh.sys
2009-04-19 21:38 . 2009-04-25 16:14 32 --s-a-w c:\windows\system32\3432757737.dat
2009-04-04 22:28 . 2009-04-04 22:28 106365 ----a-w c:\windows\system32\z98a.bin
2009-04-04 22:28 . 2009-04-04 22:28 8688 ----a-w c:\windows\system32\jscript.sys
2009-04-04 22:28 . 2009-04-04 22:28 24329 ----a-w c:\windows\system32\jstdrv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:44 . 2009-02-17 09:03 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-28 21:22 . 2009-03-30 21:54 83400 ----a-w c:\documents and settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 19:16 . 2009-03-22 19:16 -------- d-----w c:\program files\Canon
2009-03-22 13:38 . 2008-04-14 12:00 467886 ----a-w c:\windows\system32\perfh00C.dat
2009-03-22 13:38 . 2008-04-14 12:00 74336 ----a-w c:\windows\system32\perfc00C.dat
2009-03-15 00:51 . 2009-03-15 00:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-15 00:50 . 2009-02-17 08:53 -------- d-----w c:\program files\Java
2009-03-05 20:35 . 2009-03-05 20:35 -------- d-----w c:\program files\QuickMediaConverter
2009-03-04 21:21 . 2009-03-04 21:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 20:57 . 2009-03-04 20:57 -------- d-----w c:\program files\CCleaner
2009-03-04 20:57 . 2009-03-04 20:57 -------- d-----w c:\program files\Yahoo!
2009-03-04 20:44 . 2009-03-04 20:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:29 . 2009-02-21 21:39 -------- d-----w c:\program files\Google
2009-02-21 21:41 . 2009-02-21 21:41 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-02-18 10:56 . 2009-02-17 08:52 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-17 20:21 . 2009-02-17 20:21 83400 ----a-w c:\documents and settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-17 08:52 . 2008-04-14 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-17 08:50 . 2009-02-17 08:50 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-11 09:19 . 2009-03-04 20:39 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 . 2009-03-04 20:39 15504 ----a-w c:\windows\system32\drivers\mbam.sys
.
------- Sigcheck -------
[-] 2008-04-29 18:34 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-07 15:51 1571840 50C27DB0AC142028795C5565D96F4FED c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2009-04-13 1061536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jscript.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"odserv"=3 (0x3)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"btwdins"=2 (0x2)
"AgereModemAudio"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\1036\\MSOHELP.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32Info.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\spider.exe"=
"c:\\WINDOWS\\msagent\\AgentSvr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe"=
"c:\\Program Files\\Fichiers communs\\Network Associates\\TalkBack\\TBMon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\TrojanHunter 5.0\\THGuard.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE"=
R2 acpi32;acpi32; [x]
R2 amd64si;amd64si; [x]
R2 ati64si;ati64si; [x]
R2 fips32cup;fips32cup; [x]
R2 i386si;i386si; [x]
R2 ksi32sk;ksi32sk; [x]
R2 netsik;netsik; [x]
R2 nicsk32;nicsk32; [x]
R2 port135sik;port135sik; [x]
R2 securentm;securentm; [x]
R2 systemntmi;systemntmi;c:\windows\system32\drivers\systemntmi.sys [2008-04-14 30464]
R2 ws2_32sik;ws2_32sik; [x]
S0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064]
S1 jscript;JavaScript VirtualMachine Driver;c:\windows\system32\jscript.sys [2009-04-04 8688]
S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2004-09-22 58048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b545cf0-fd2e-11dd-a0e2-00215d17cb8a}]
\Shell\AutoRun\command - F:\qwtb.com
\Shell\open\Command - F:\qwtb.com
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-HP - c:\documents and settings\HP\HP.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 23:44
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\EntApi.dll
- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\EntApi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Temp\BN5.tmp
.
**************************************************************************
.
Heure de fin: 2009-05-01 23:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-01 22:46
Avant-CF: 43 696 222 208 octets libres
Après-CF: 43 749 048 320 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
272
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:27, on 01/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\BN5.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237078103518&h=3f1cf950f2266da4df27986a36d7712d/&filename=jinstall-6u12-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1977.1495 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP\Mes documents\logiciels\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP\HP.exe
C:\e2.cmd
c:\windows\system32\digiwet.dll
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
D:\e2.cmd
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.
2009-04-28 20:27 . 2009-04-28 20:27 -------- d-----w C:\_OTMoveIt
2009-04-28 15:29 . 2009-04-28 15:29 105774 --sh--r C:\ymxf2.exe
2009-04-28 15:01 . 2009-04-28 15:21 -------- d-----w C:\UsbFix
2009-04-28 13:03 . 2009-05-01 18:39 -------- d-----w c:\program files\trend micro
2009-04-28 13:03 . 2009-04-28 13:04 -------- d-----w C:\rsit
2009-04-27 23:06 . 2009-04-27 23:06 -------- d-----w c:\documents and settings\HP\Application Data\TrojanHunter
2009-04-27 22:38 . 2009-04-30 11:15 -------- d-----w c:\program files\TrojanHunter 5.0
2009-04-19 23:36 . 2009-04-19 23:36 61440 ----a-w c:\windows\system32\drivers\chxhpzh.sys
2009-04-19 21:38 . 2009-04-25 16:14 32 --s-a-w c:\windows\system32\3432757737.dat
2009-04-04 22:28 . 2009-04-04 22:28 106365 ----a-w c:\windows\system32\z98a.bin
2009-04-04 22:28 . 2009-04-04 22:28 8688 ----a-w c:\windows\system32\jscript.sys
2009-04-04 22:28 . 2009-04-04 22:28 24329 ----a-w c:\windows\system32\jstdrv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:44 . 2009-02-17 09:03 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-28 21:22 . 2009-03-30 21:54 83400 ----a-w c:\documents and settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 19:16 . 2009-03-22 19:16 -------- d-----w c:\program files\Canon
2009-03-22 13:38 . 2008-04-14 12:00 467886 ----a-w c:\windows\system32\perfh00C.dat
2009-03-22 13:38 . 2008-04-14 12:00 74336 ----a-w c:\windows\system32\perfc00C.dat
2009-03-15 00:51 . 2009-03-15 00:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-15 00:50 . 2009-02-17 08:53 -------- d-----w c:\program files\Java
2009-03-05 20:35 . 2009-03-05 20:35 -------- d-----w c:\program files\QuickMediaConverter
2009-03-04 21:21 . 2009-03-04 21:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 20:57 . 2009-03-04 20:57 -------- d-----w c:\program files\CCleaner
2009-03-04 20:57 . 2009-03-04 20:57 -------- d-----w c:\program files\Yahoo!
2009-03-04 20:44 . 2009-03-04 20:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:29 . 2009-02-21 21:39 -------- d-----w c:\program files\Google
2009-02-21 21:41 . 2009-02-21 21:41 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-02-18 10:56 . 2009-02-17 08:52 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-17 20:21 . 2009-02-17 20:21 83400 ----a-w c:\documents and settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-17 08:52 . 2008-04-14 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-17 08:50 . 2009-02-17 08:50 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-11 09:19 . 2009-03-04 20:39 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 . 2009-03-04 20:39 15504 ----a-w c:\windows\system32\drivers\mbam.sys
.
------- Sigcheck -------
[-] 2008-04-29 18:34 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-07 15:51 1571840 50C27DB0AC142028795C5565D96F4FED c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2009-04-13 1061536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jscript.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"odserv"=3 (0x3)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"btwdins"=2 (0x2)
"AgereModemAudio"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\1036\\MSOHELP.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32Info.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\spider.exe"=
"c:\\WINDOWS\\msagent\\AgentSvr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe"=
"c:\\Program Files\\Fichiers communs\\Network Associates\\TalkBack\\TBMon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\TrojanHunter 5.0\\THGuard.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\system32\\SNDVOL32.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Microsoft Office\\Office10\\EXCEL.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE"=
R2 acpi32;acpi32; [x]
R2 amd64si;amd64si; [x]
R2 ati64si;ati64si; [x]
R2 fips32cup;fips32cup; [x]
R2 i386si;i386si; [x]
R2 ksi32sk;ksi32sk; [x]
R2 netsik;netsik; [x]
R2 nicsk32;nicsk32; [x]
R2 port135sik;port135sik; [x]
R2 securentm;securentm; [x]
R2 systemntmi;systemntmi;c:\windows\system32\drivers\systemntmi.sys [2008-04-14 30464]
R2 ws2_32sik;ws2_32sik; [x]
S0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064]
S1 jscript;JavaScript VirtualMachine Driver;c:\windows\system32\jscript.sys [2009-04-04 8688]
S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2004-09-22 58048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b545cf0-fd2e-11dd-a0e2-00215d17cb8a}]
\Shell\AutoRun\command - F:\qwtb.com
\Shell\open\Command - F:\qwtb.com
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-HP - c:\documents and settings\HP\HP.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 23:44
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\EntApi.dll
- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\EntApi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Temp\BN5.tmp
.
**************************************************************************
.
Heure de fin: 2009-05-01 23:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-01 22:46
Avant-CF: 43 696 222 208 octets libres
Après-CF: 43 749 048 320 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
272
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:27, on 01/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\BN5.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237078103518&h=3f1cf950f2266da4df27986a36d7712d/&filename=jinstall-6u12-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Scan saved at 19:42:54, on 01/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HP\Local Settings\Temporary Internet Files\Content.IE5\SR4BAEJW\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HP] C:\Documents and Settings\HP\HP.exe /i
O4 - HKCU\..\Run: [] C:\Documents and Settings\HP\.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1237078103518&h=3f1cf950f2266da4df27986a36d7712d/&filename=jinstall-6u12-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Gestion des clés et des certificats d'intégrité hkmsvchelpsvc (hkmsvchelpsvc) - Unknown owner - C:\WINDOWS\system32\agrscoink.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe