Infection qui me fait chier
BOB
-
BOB -
BOB -
Bonjour, probleme de curseur de souris, lenteur de la connexion internet regulierement ca me gonfle
quelqu'un peut me regarder mon log pour voir si ya des infections ?
merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:34, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2009\Shredder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1245002399625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
quelqu'un peut me regarder mon log pour voir si ya des infections ?
merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:34, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2009\Shredder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1245002399625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
A voir également:
- Infection qui me fait chier
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
- Infection par 007guard ✓ - Forum Virus
- Suppose une infection ✓ - Forum Virus
- Infection par autorun.inf ✓ - Forum Virus
12 réponses
Hello BOB
Tout d'abord on dit "faire caca " et non "chier"....
Ton scan montre bien une infection....
Pour + d'infos peux-tu faire ceci stp:
Télécharges RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Tout d'abord on dit "faire caca " et non "chier"....
Ton scan montre bien une infection....
Pour + d'infos peux-tu faire ceci stp:
Télécharges RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Logfile of random's system information tool 1.06 (written by random/random)
Run by bob at 2009-06-24 20:18:20
WIN_XP Service Pack 3
System drive C: has 418 GB (88%) free of 477 GB
Total RAM: 3070 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:40, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2009\Shredder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\bob\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1245002399625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
Run by bob at 2009-06-24 20:18:20
WIN_XP Service Pack 3
System drive C: has 418 GB (88%) free of 477 GB
Total RAM: 3070 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:40, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2009\Shredder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\bob\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1245002399625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
ComboFix 09-06-23.01 - bob 24/06/2009 20:28.2 - NTFSx86
Lancé depuis: c:\documents and settings\bob\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
.
2009-06-24 18:18 . 2009-06-24 18:18 -------- d-----w- C:\rsit
2009-06-24 18:02 . 2009-06-24 18:02 -------- d-----w- c:\program files\Trend Micro
2009-06-24 11:30 . 2009-06-24 11:30 -------- d-----w- c:\program files\7-Zip
2009-06-24 11:18 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\nhe24.exe
2009-06-22 20:36 . 2009-06-22 20:36 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Identities
2009-06-22 20:04 . 2009-06-22 20:04 -------- d-----w- c:\program files\Reality Pump
2009-06-22 17:24 . 2009-06-22 17:24 -------- d-----w- c:\documents and settings\bob\Application Data\TrojanHunter
2009-06-22 17:13 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\rde5C.exe
2009-06-22 17:12 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-22 17:12 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-22 17:12 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-22 17:12 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-22 17:12 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-22 17:12 . 2009-06-22 17:13 -------- d-----w- c:\program files\Trojan Remover
2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\bob\Application Data\Simply Super Software
2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-22 17:11 . 2009-06-22 17:11 -------- d-----w- c:\program files\TrojanHunter 5.1
2009-06-20 11:52 . 2009-06-20 11:52 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Adobe
2009-06-20 11:51 . 2009-06-20 11:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-20 09:37 . 2009-06-20 09:37 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-17 20:18 . 2009-06-17 20:18 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-16 17:58 . 2009-06-16 17:58 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\G DATA
2009-06-15 19:25 . 2009-06-15 19:25 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-06-15 18:48 . 2009-06-15 20:34 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-14 16:26 . 2008-04-13 17:33 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-14 13:21 . 2009-06-14 13:21 -------- d-----w- c:\windows\Logs
2009-06-14 13:15 . 2009-06-14 13:15 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-14 13:15 . 2009-06-14 13:15 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-14 13:12 . 2009-06-14 13:25 -------- d-----w- c:\program files\Gothic III
2009-06-14 13:11 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Pro
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-14 13:07 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Lite
2009-06-14 13:07 . 2009-06-14 13:07 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-14 10:49 . 2009-06-24 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-14 10:49 . 2009-06-14 10:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-12 16:12 . 2009-06-12 16:12 -------- d-----w- c:\windows\Sun
2009-06-10 18:41 . 2009-06-20 17:16 -------- d-----w- c:\documents and settings\bob\Contacts
2009-06-10 18:23 . 2009-06-10 18:23 -------- d-sh--w- c:\documents and settings\bob\IECompatCache
2009-06-10 18:22 . 2009-06-10 18:22 -------- d-sh--w- c:\documents and settings\bob\PrivacIE
2009-06-10 18:21 . 2009-06-15 17:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-10 18:04 . 2009-06-10 18:04 68424 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-06-10 18:03 . 2009-06-15 17:18 -------- d-sh--w- c:\documents and settings\bob\IETldCache
2009-06-10 18:00 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 18:00 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 18:00 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 18:00 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 18:00 . 2009-06-10 18:00 -------- d-----w- c:\windows\ie8updates
2009-06-10 18:00 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-10 17:58 . 2009-06-10 18:00 -------- dc-h--w- c:\windows\ie8
2009-06-10 17:53 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-10 17:53 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-10 17:53 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-10 17:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-10 17:52 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-06-10 17:51 . 2008-04-13 16:57 58752 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-06-10 17:51 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-10 17:51 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-10 17:51 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-06-10 17:51 . 2008-04-13 17:33 77312 ----a-w- c:\windows\system32\usbui.dll
2009-06-10 17:49 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-10 17:49 . 2009-06-10 18:00 -------- d--h--w- c:\windows\$hf_mig$
2009-06-10 17:47 . 2009-06-10 17:47 -------- d-sh--w- c:\documents and settings\bob\UserData
2009-06-10 17:41 . 2009-06-10 17:41 -------- d-----w- c:\program files\DartyBox
2009-06-10 17:41 . 2007-04-04 06:08 184320 ----a-w- c:\windows\system32\coclassfast.dll
2009-06-10 17:40 . 2009-06-10 17:41 -------- d-----w- c:\program files\Assistant Dartybox
2009-06-10 17:28 . 2009-06-10 17:28 9240 ----a-w- c:\documents and settings\bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 17:22 . 2009-06-10 18:00 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-06-10 17:22 . 2009-06-10 18:00 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2009-06-10 17:21 . 2009-06-10 18:03 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-10 17:21 . 2009-06-10 17:21 22272 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-sh--w- C:\#GDATA.Trash.Store#
2009-06-10 17:20 . 2009-06-10 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\Fichiers communs\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Downloaded Installations
2009-06-10 17:12 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-10 17:12 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-10 17:11 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-10 17:11 . 2009-06-21 18:13 -------- d-----w- c:\windows\system32\Filt
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\Agnitum
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-10 17:09 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\MSN Messenger
2009-06-10 17:05 . 2009-06-10 17:05 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-10 17:05 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-10 17:05 . 2009-06-10 17:05 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\bob\Application Data\TuneUp Software
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\VS Revo Group
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\MRU-Blaster
2009-06-10 17:04 . 2009-06-10 17:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 17:04 . 2009-06-10 17:04 -------- d-----w- c:\program files\Java
2009-06-10 17:03 . 2009-06-10 17:03 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Mozilla
2009-06-10 17:03 . 2009-06-10 17:03 0 ----a-w- c:\windows\nsreg.dat
2009-06-10 17:02 . 2009-06-10 17:02 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:20 . 2009-06-10 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 11:15 . 2009-06-10 16:40 -------- d-----w- c:\program files\a-squared Free
2009-06-22 20:17 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-21 18:33 . 2009-06-10 16:42 -------- d-----w- c:\program files\SpywareBlaster
2009-06-17 20:18 . 2009-06-10 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 09:27 . 2009-06-10 16:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-06-10 16:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 20:34 . 2009-06-15 18:48 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-14 13:17 . 2009-06-10 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\bob\Application Data\Media Player Classic
2009-06-10 17:10 . 2009-06-10 17:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-10 17:00 . 2008-04-13 17:34 36864 ----a-w- c:\windows\system32\ctfmon.exe
2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\bob\Application Data\Malwarebytes
2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 16:37 . 2009-06-10 16:36 -------- d-----w- c:\program files\Intel
2009-06-10 16:36 . 2009-06-10 16:36 -------- d-----w- c:\documents and settings\bob\Application Data\InstallShield
2009-06-10 16:34 . 2009-06-10 16:34 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Realtek
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-10 16:13 . 2009-06-10 16:13 -------- d-----w- c:\program files\microsoft frontpage
2009-06-10 16:09 . 2004-08-10 12:00 35172 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-10 16:09 . 2004-08-10 12:00 326822 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-09 20:56 . 2009-06-09 20:56 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\system32\syssetup.dll
2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\inf\syssbck.dll
2009-05-13 05:04 . 2008-04-13 17:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2008-04-13 17:33 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2009-04-29 04:34 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2008-04-13 16:58 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-04-13 17:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 13:21 . 2009-06-10 17:09 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-27 06:14 . 2009-06-10 16:32 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
.
------- Sigcheck -------
[-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\ctfmon.exe
[-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-06-09 20:56 1571840 805C0C12E2CF496B19843CDE04008DA0 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-15 1229640]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-04-14 433480]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-18 1061536]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18077696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-10 36864]
c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L'Assistant DartyBox"=c:\program files\Assistant Dartybox\Upgrade_Manager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-14 1267528]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\documents and settings\bob\Local Settings\Temp\{C38B3C1C-EBA4-4338-AFDD-75A1139F3D49}\fsgk.sys [x]
R3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
R3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-06-20 26624]
S0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-06-10 22272]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-06-10 68424]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
S2 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
S2 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-06-10 51016]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-06-10 603904]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-04-06 33888]
S3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-06-10 48712]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-06-10 32328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-06-24 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 09:13]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:32
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-06-24 20:34
ComboFix-quarantined-files.txt 2009-06-24 18:34
Avant-CF: 438 356 844 544 octets libres
Après-CF: 438 396 903 424 octets libres
259
Lancé depuis: c:\documents and settings\bob\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
.
2009-06-24 18:18 . 2009-06-24 18:18 -------- d-----w- C:\rsit
2009-06-24 18:02 . 2009-06-24 18:02 -------- d-----w- c:\program files\Trend Micro
2009-06-24 11:30 . 2009-06-24 11:30 -------- d-----w- c:\program files\7-Zip
2009-06-24 11:18 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\nhe24.exe
2009-06-22 20:36 . 2009-06-22 20:36 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Identities
2009-06-22 20:04 . 2009-06-22 20:04 -------- d-----w- c:\program files\Reality Pump
2009-06-22 17:24 . 2009-06-22 17:24 -------- d-----w- c:\documents and settings\bob\Application Data\TrojanHunter
2009-06-22 17:13 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\rde5C.exe
2009-06-22 17:12 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-22 17:12 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-22 17:12 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-22 17:12 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-22 17:12 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-22 17:12 . 2009-06-22 17:13 -------- d-----w- c:\program files\Trojan Remover
2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\bob\Application Data\Simply Super Software
2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-22 17:11 . 2009-06-22 17:11 -------- d-----w- c:\program files\TrojanHunter 5.1
2009-06-20 11:52 . 2009-06-20 11:52 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Adobe
2009-06-20 11:51 . 2009-06-20 11:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-20 09:37 . 2009-06-20 09:37 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-17 20:18 . 2009-06-17 20:18 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-16 17:58 . 2009-06-16 17:58 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\G DATA
2009-06-15 19:25 . 2009-06-15 19:25 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-06-15 18:48 . 2009-06-15 20:34 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-14 16:26 . 2008-04-13 17:33 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-14 13:21 . 2009-06-14 13:21 -------- d-----w- c:\windows\Logs
2009-06-14 13:15 . 2009-06-14 13:15 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-14 13:15 . 2009-06-14 13:15 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-14 13:12 . 2009-06-14 13:25 -------- d-----w- c:\program files\Gothic III
2009-06-14 13:11 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Pro
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-14 13:07 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Lite
2009-06-14 13:07 . 2009-06-14 13:07 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-14 10:49 . 2009-06-24 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-14 10:49 . 2009-06-14 10:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-12 16:12 . 2009-06-12 16:12 -------- d-----w- c:\windows\Sun
2009-06-10 18:41 . 2009-06-20 17:16 -------- d-----w- c:\documents and settings\bob\Contacts
2009-06-10 18:23 . 2009-06-10 18:23 -------- d-sh--w- c:\documents and settings\bob\IECompatCache
2009-06-10 18:22 . 2009-06-10 18:22 -------- d-sh--w- c:\documents and settings\bob\PrivacIE
2009-06-10 18:21 . 2009-06-15 17:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-10 18:04 . 2009-06-10 18:04 68424 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-06-10 18:03 . 2009-06-15 17:18 -------- d-sh--w- c:\documents and settings\bob\IETldCache
2009-06-10 18:00 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 18:00 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 18:00 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 18:00 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 18:00 . 2009-06-10 18:00 -------- d-----w- c:\windows\ie8updates
2009-06-10 18:00 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-10 17:58 . 2009-06-10 18:00 -------- dc-h--w- c:\windows\ie8
2009-06-10 17:53 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-10 17:53 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-10 17:53 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-10 17:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-10 17:52 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-06-10 17:51 . 2008-04-13 16:57 58752 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-06-10 17:51 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-10 17:51 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-10 17:51 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-06-10 17:51 . 2008-04-13 17:33 77312 ----a-w- c:\windows\system32\usbui.dll
2009-06-10 17:49 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-10 17:49 . 2009-06-10 18:00 -------- d--h--w- c:\windows\$hf_mig$
2009-06-10 17:47 . 2009-06-10 17:47 -------- d-sh--w- c:\documents and settings\bob\UserData
2009-06-10 17:41 . 2009-06-10 17:41 -------- d-----w- c:\program files\DartyBox
2009-06-10 17:41 . 2007-04-04 06:08 184320 ----a-w- c:\windows\system32\coclassfast.dll
2009-06-10 17:40 . 2009-06-10 17:41 -------- d-----w- c:\program files\Assistant Dartybox
2009-06-10 17:28 . 2009-06-10 17:28 9240 ----a-w- c:\documents and settings\bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 17:22 . 2009-06-10 18:00 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-06-10 17:22 . 2009-06-10 18:00 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2009-06-10 17:21 . 2009-06-10 18:03 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-10 17:21 . 2009-06-10 17:21 22272 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-sh--w- C:\#GDATA.Trash.Store#
2009-06-10 17:20 . 2009-06-10 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\Fichiers communs\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Downloaded Installations
2009-06-10 17:12 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-10 17:12 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-10 17:11 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-10 17:11 . 2009-06-21 18:13 -------- d-----w- c:\windows\system32\Filt
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\Agnitum
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-10 17:09 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\MSN Messenger
2009-06-10 17:05 . 2009-06-10 17:05 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-10 17:05 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-10 17:05 . 2009-06-10 17:05 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\bob\Application Data\TuneUp Software
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\VS Revo Group
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\MRU-Blaster
2009-06-10 17:04 . 2009-06-10 17:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 17:04 . 2009-06-10 17:04 -------- d-----w- c:\program files\Java
2009-06-10 17:03 . 2009-06-10 17:03 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Mozilla
2009-06-10 17:03 . 2009-06-10 17:03 0 ----a-w- c:\windows\nsreg.dat
2009-06-10 17:02 . 2009-06-10 17:02 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:20 . 2009-06-10 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 11:15 . 2009-06-10 16:40 -------- d-----w- c:\program files\a-squared Free
2009-06-22 20:17 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-21 18:33 . 2009-06-10 16:42 -------- d-----w- c:\program files\SpywareBlaster
2009-06-17 20:18 . 2009-06-10 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 09:27 . 2009-06-10 16:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-06-10 16:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 20:34 . 2009-06-15 18:48 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-14 13:17 . 2009-06-10 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\bob\Application Data\Media Player Classic
2009-06-10 17:10 . 2009-06-10 17:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-10 17:00 . 2008-04-13 17:34 36864 ----a-w- c:\windows\system32\ctfmon.exe
2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\bob\Application Data\Malwarebytes
2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 16:37 . 2009-06-10 16:36 -------- d-----w- c:\program files\Intel
2009-06-10 16:36 . 2009-06-10 16:36 -------- d-----w- c:\documents and settings\bob\Application Data\InstallShield
2009-06-10 16:34 . 2009-06-10 16:34 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Realtek
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-10 16:13 . 2009-06-10 16:13 -------- d-----w- c:\program files\microsoft frontpage
2009-06-10 16:09 . 2004-08-10 12:00 35172 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-10 16:09 . 2004-08-10 12:00 326822 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-09 20:56 . 2009-06-09 20:56 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\system32\syssetup.dll
2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\inf\syssbck.dll
2009-05-13 05:04 . 2008-04-13 17:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2008-04-13 17:33 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2009-04-29 04:34 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2008-04-13 16:58 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-04-13 17:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 13:21 . 2009-06-10 17:09 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-27 06:14 . 2009-06-10 16:32 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
.
------- Sigcheck -------
[-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\ctfmon.exe
[-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\dllcache\ctfmon.exe
[-] 2009-06-09 20:56 1571840 805C0C12E2CF496B19843CDE04008DA0 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-15 1229640]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-04-14 433480]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-18 1061536]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18077696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-10 36864]
c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L'Assistant DartyBox"=c:\program files\Assistant Dartybox\Upgrade_Manager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-14 1267528]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\documents and settings\bob\Local Settings\Temp\{C38B3C1C-EBA4-4338-AFDD-75A1139F3D49}\fsgk.sys [x]
R3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
R3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-06-20 26624]
S0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-06-10 22272]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-06-10 68424]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
S2 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
S2 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-06-10 51016]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-06-10 603904]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-04-06 33888]
S3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-06-10 48712]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-06-10 32328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-06-24 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 09:13]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:32
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-06-24 20:34
ComboFix-quarantined-files.txt 2009-06-24 18:34
Avant-CF: 438 356 844 544 octets libres
Après-CF: 438 396 903 424 octets libres
259
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:processes
explorer.exe
:files
C:\WINDOWS\PEV.exe
c:\windows\system32\ups.exe
c:\windows\system32\perfc00C.dat
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
:commands
[purity]
[emptytemp]
[start explorer]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
a+
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:processes
explorer.exe
:files
C:\WINDOWS\PEV.exe
c:\windows\system32\ups.exe
c:\windows\system32\perfc00C.dat
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
:commands
[purity]
[emptytemp]
[start explorer]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
a+
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\WINDOWS\PEV.exe moved successfully.
File/Folder c:\windows\system32\ups.exe not found.
c:\windows\system32\perfc00C.dat moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: bob
->Temp folder emptied: 36238852 bytes
->Temporary Internet Files folder emptied: 536973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61297506 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 557257 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
File delete failed. C:\WINDOWS\temp\tmp0000651e\tmp00000000 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\tmp00000049\tmp00000000 scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 96,31 mb
OTM by OldTimer - Version 3.0.0.2 log created on 06242009_211226
Files moved on Reboot...
File C:\WINDOWS\temp\tmp0000651e\tmp00000000 not found!
File C:\WINDOWS\temp\tmp00000049\tmp00000000 not found!
Registry entries deleted on Reboot...
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\WINDOWS\PEV.exe moved successfully.
File/Folder c:\windows\system32\ups.exe not found.
c:\windows\system32\perfc00C.dat moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: bob
->Temp folder emptied: 36238852 bytes
->Temporary Internet Files folder emptied: 536973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61297506 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 557257 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
File delete failed. C:\WINDOWS\temp\tmp0000651e\tmp00000000 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\tmp00000049\tmp00000000 scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 96,31 mb
OTM by OldTimer - Version 3.0.0.2 log created on 06242009_211226
Files moved on Reboot...
File C:\WINDOWS\temp\tmp0000651e\tmp00000000 not found!
File C:\WINDOWS\temp\tmp00000049\tmp00000000 not found!
Registry entries deleted on Reboot...
pour cette ligne
C:\WINDOWS\System32\ups.exe
j'avais regarder sur comment ca marche il indique ca
http://www.commentcamarche.net/contents/processus/ups exe.php3
C:\WINDOWS\System32\ups.exe
j'avais regarder sur comment ca marche il indique ca
http://www.commentcamarche.net/contents/processus/ups exe.php3
ok....
Le processus ups.exe (ups signifiant uninterruptible power supplies, en français onduleur) est un processus générique de Windows NT/2000/XP servant à gérer les onduleurs sous Windows.
Le processus ups n'est en aucun cas un Virus résident, un ver, un cheval de Troie, un spyware, ni un AdWare.
Il s'agit d'un processus système pouvant être arrêté.
a+
Le processus ups.exe (ups signifiant uninterruptible power supplies, en français onduleur) est un processus générique de Windows NT/2000/XP servant à gérer les onduleurs sous Windows.
Le processus ups n'est en aucun cas un Virus résident, un ver, un cheval de Troie, un spyware, ni un AdWare.
Il s'agit d'un processus système pouvant être arrêté.
a+
Non...
Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
*****
PUIS:
Un nouveau RSIT tout neuf stpLogtxt uniquement...
a+
Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
*****
PUIS:
Un nouveau RSIT tout neuf stpLogtxt uniquement...
a+
