Interpretation rapport HIJACKTHIS
Résolu
graphem
Messages postés
61
Statut
Membre
-
graphem Messages postés 61 Statut Membre -
graphem Messages postés 61 Statut Membre -
Bonjour,
qui peut m'aider a interpreter ceci.
l'ordi de ma mere a un virus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:00, on 21/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msnmsgrss.exe
C:\WINDOWS\system32\wugjdw.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\mekd.exe
C:\Documents and Settings\All Users\Application Data\14794064\14794064.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\fouad\Bureau\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mwpq.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: (no name) - -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
O4 - HKLM\..\Run: [Windows Layer] wugjdw.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\mekd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [14794064] C:\Documents and Settings\All Users\Application Data\14794064\14794064.exe
O4 - HKLM\..\RunServices: [Windows Layer] wugjdw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Windows Layer] wugjdw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3??????? 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O24 - Desktop Component 0: (no name) - https://1map.com/fr/astwindscom
qui peut m'aider a interpreter ceci.
l'ordi de ma mere a un virus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:00, on 21/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msnmsgrss.exe
C:\WINDOWS\system32\wugjdw.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\mekd.exe
C:\Documents and Settings\All Users\Application Data\14794064\14794064.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\fouad\Bureau\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mwpq.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: (no name) - -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
O4 - HKLM\..\Run: [Windows Layer] wugjdw.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\mekd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [14794064] C:\Documents and Settings\All Users\Application Data\14794064\14794064.exe
O4 - HKLM\..\RunServices: [Windows Layer] wugjdw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Windows Layer] wugjdw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3??????? 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O24 - Desktop Component 0: (no name) - https://1map.com/fr/astwindscom
A voir également:
- Interpretation rapport HIJACKTHIS
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
24 réponses
voila le rapport OTM
J'ai installer avast mais je trouve que l'ordi est plus long
C'est a dire lorsque j'ouvre une fenêtre ou internet, la fenetre s'ouvre par sacade.
est ce du a la ram?
Merci de ton aide.
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named mekd.exe was found!
No active process named wugjdw.exe was found!
No active process named 14794064.exe was found!
No active process named kkietuh.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\msnmsgrss.exe not found.
C:\WINDOWS\system32\wugjdw.exe moved successfully.
File/Folder C:\WINDOWS\system32\spoolsvc.exe not found.
File/Folder C:\WINDOWS\system32\mekd.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\14794064\14794064.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\14794064 not found.
C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe moved successfully.
C:\WINDOWS\system32\eidxmfx.exe moved successfully.
File/Folder C:\WINDOWS\system32\sqzfaerj.exe not found.
C:\WINDOWS\system32\kkietuh.exe moved successfully.
C:\WINDOWS\system32\ttrjcoi.exe moved successfully.
C:\WINDOWS\system32\okwj.exe moved successfully.
C:\WINDOWS\system32\zeqmqfq.exe moved successfully.
C:\WINDOWS\system32\gehhhj.exe moved successfully.
C:\WINDOWS\system32\lqmy.exe moved successfully.
C:\WINDOWS\system32\otup.exe moved successfully.
C:\WINDOWS\system32\jpsj.exe moved successfully.
C:\WINDOWS\system32\avmtw.exe moved successfully.
C:\WINDOWS\system32\krlfo.exe moved successfully.
C:\WINDOWS\system32\iqwtlz.exe moved successfully.
C:\WINDOWS\system32\yeavc.exe moved successfully.
C:\WINDOWS\system32\xrqhs.exe moved successfully.
C:\WINDOWS\system32\cuijhb.exe moved successfully.
C:\WINDOWS\system32\ikbpd.exe moved successfully.
C:\WINDOWS\system32\pdhsucyn.exe moved successfully.
C:\WINDOWS\system32\rrvfzs.exe moved successfully.
C:\WINDOWS\system32\ajqhxts.exe moved successfully.
C:\WINDOWS\system32\aasubr.exe moved successfully.
C:\WINDOWS\system32\mwpq.exe moved successfully.
C:\WINDOWS\system32\rkbtgr.exe moved successfully.
C:\WINDOWS\system32\pzgvxig.exe moved successfully.
File/Folder C:\WINDOWS\system32\twex.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows UDP Control Center not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Layer not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Spooler SubSystem App deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\14794064 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Update Service deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Layer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: fouad
->Temp folder emptied: 118179 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 245996 bytes
->FireFox cache emptied: 2482468 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 3300448 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 16639 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,05 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07212009_184028
Files moved on Reboot...
Registry entries deleted on Reboot...
J'ai installer avast mais je trouve que l'ordi est plus long
C'est a dire lorsque j'ouvre une fenêtre ou internet, la fenetre s'ouvre par sacade.
est ce du a la ram?
Merci de ton aide.
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named mekd.exe was found!
No active process named wugjdw.exe was found!
No active process named 14794064.exe was found!
No active process named kkietuh.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\msnmsgrss.exe not found.
C:\WINDOWS\system32\wugjdw.exe moved successfully.
File/Folder C:\WINDOWS\system32\spoolsvc.exe not found.
File/Folder C:\WINDOWS\system32\mekd.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\14794064\14794064.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\14794064 not found.
C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe moved successfully.
C:\WINDOWS\system32\eidxmfx.exe moved successfully.
File/Folder C:\WINDOWS\system32\sqzfaerj.exe not found.
C:\WINDOWS\system32\kkietuh.exe moved successfully.
C:\WINDOWS\system32\ttrjcoi.exe moved successfully.
C:\WINDOWS\system32\okwj.exe moved successfully.
C:\WINDOWS\system32\zeqmqfq.exe moved successfully.
C:\WINDOWS\system32\gehhhj.exe moved successfully.
C:\WINDOWS\system32\lqmy.exe moved successfully.
C:\WINDOWS\system32\otup.exe moved successfully.
C:\WINDOWS\system32\jpsj.exe moved successfully.
C:\WINDOWS\system32\avmtw.exe moved successfully.
C:\WINDOWS\system32\krlfo.exe moved successfully.
C:\WINDOWS\system32\iqwtlz.exe moved successfully.
C:\WINDOWS\system32\yeavc.exe moved successfully.
C:\WINDOWS\system32\xrqhs.exe moved successfully.
C:\WINDOWS\system32\cuijhb.exe moved successfully.
C:\WINDOWS\system32\ikbpd.exe moved successfully.
C:\WINDOWS\system32\pdhsucyn.exe moved successfully.
C:\WINDOWS\system32\rrvfzs.exe moved successfully.
C:\WINDOWS\system32\ajqhxts.exe moved successfully.
C:\WINDOWS\system32\aasubr.exe moved successfully.
C:\WINDOWS\system32\mwpq.exe moved successfully.
C:\WINDOWS\system32\rkbtgr.exe moved successfully.
C:\WINDOWS\system32\pzgvxig.exe moved successfully.
File/Folder C:\WINDOWS\system32\twex.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows UDP Control Center not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Layer not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Spooler SubSystem App deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\14794064 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Update Service deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Layer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: fouad
->Temp folder emptied: 118179 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 245996 bytes
->FireFox cache emptied: 2482468 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 3300448 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 16639 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,05 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07212009_184028
Files moved on Reboot...
Registry entries deleted on Reboot...
ComboFix 09-07-20.05 - fouad 22/07/2009 20:28.2.1 - NTFSx86
Running from: J:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\abaca.exe
c:\docume~1\fouad\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\fouad\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\14794064\14794064
c:\documents and settings\All Users\Application Data\14794064\14794064.exe
c:\documents and settings\fouad\Application Data\bcrypt.html
C:\elast.exe
C:\last.exe
C:\lats.exe
c:\program files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
c:\program files\winantivirus pro 2006\history.db
c:\program files\WinPCap\rpcapd.exe
C:\rotten.exe
C:\tra.exe
c:\windows\Downloaded Program Files\HbInstIE.dll
c:\windows\Installer\13f229b.msi
c:\windows\Installer\179e4a.msi
c:\windows\Installer\292a8.msi
c:\windows\msnmsgrss.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\mekd.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qgmecju.exe
c:\windows\system32\spoolsvc.exe
c:\windows\system32\stera.job
c:\windows\system32\system32.exe
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.lll
c:\windows\system32\twex.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Legacy_SYSDRV32
-------\Service_Boonty Games
-------\Service_NPF
-------\Service_oreans32
-------\Service_sysdrv32
-------\Service_vspf
-------\Service_vspf_hk
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 17:49 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-22 17:49 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-22 17:49 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-22 17:49 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-22 17:49 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-22 17:49 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-22 17:49 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-22 17:49 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-22 17:48 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-21 15:26 . 2009-07-21 15:26 68608 ----a-w- c:\windows\system32\gxwz.exe
2009-07-21 15:20 . 2009-07-21 15:20 -------- dc----w- C:\_OTM
2009-07-21 15:12 . 2009-07-21 15:12 68608 ----a-w- c:\windows\system32\gvwvqi.exe
2009-07-21 14:47 . 2009-07-21 14:47 -------- d-----w- c:\documents and settings\fouad\Application Data\Malwarebytes
2009-07-21 14:47 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 14:47 . 2009-07-21 14:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 14:47 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:47 . 2009-07-21 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 14:31 . 2009-07-21 14:34 -------- dc----w- C:\rsit
2009-07-20 17:35 . 2009-07-20 17:36 -------- dc----w- C:\GenProc
2009-07-20 16:30 . 2009-07-20 16:30 -------- d-----w- c:\program files\Enigma Software Group
2009-07-18 21:57 . 2009-07-18 21:57 68608 ----a-w- c:\windows\system32\fidlk.exe
2009-06-25 16:05 . 2009-06-25 16:05 -------- d-----w- c:\program files\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 18:14 . 2004-08-31 10:38 -------- d-----w- c:\program files\EPSON
2009-07-22 18:14 . 2004-07-12 07:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 17:28 . 2006-05-09 09:35 -------- d-----w- c:\program files\Ahead
2009-07-21 16:40 . 2006-05-06 21:45 -------- d-s---w- c:\program files\Fichiers communs\Teknum Systems
2009-06-25 16:05 . 2007-06-15 21:36 -------- d-----w- c:\program files\Windows Live
2009-06-25 14:29 . 2009-05-13 13:52 741376 -c--a-w- c:\documents and settings\All Users\Application Data\Shim Cdrom Cast Surf\Mix Enc.exe
2009-06-25 14:27 . 2009-03-25 18:54 -------- dc----w- c:\documents and settings\All Users\Application Data\Shim Cdrom Cast Surf
2009-06-25 14:27 . 2009-04-30 11:20 -------- d-----w- c:\program files\Iminent
2009-06-16 14:40 . 2004-07-09 17:15 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-07-09 17:15 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:10 . 2003-05-30 07:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 17:13 . 2009-05-19 16:04 77312 -c--a-w- C:\boletin.exe
2009-05-19 16:48 . 2009-05-19 16:48 20494 -c--a-w- c:\windows\system32\xtsossnr.exe
2009-05-18 09:00 . 2009-05-18 09:00 119808 -c--a-w- C:\kavallx.exe
2009-05-07 15:33 . 2004-07-09 17:15 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2006-05-06 21:37 . 2006-05-06 21:37 56 -csh--r- c:\windows\system32\770FDBFAA7.sys
2006-05-06 21:37 . 2006-05-06 21:37 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\fouad\Menu D‚marrer\Programmes\D‚marrage\
LaunchU3.exe.lnk - c:\documents and settings\fouad\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-12-14 22486]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntivirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Messenger\\MsMsgs.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fidlk.exe"=
"c:\\WINDOWS\\system32\\gvwvqi.exe"=
"c:\\WINDOWS\\system32\\gxwz.exe"=
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-07-13 38160]
R3 PsShutdownSvc;PsShutdown;c:\windows\System32\PSSDNSVC.EXE [2004-07-22 65536]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV5B;SSHDRV5B;c:\windows\System32\drivers\SSHDRV5B.sys [2004-09-12 34816]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\IMBooster.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3??????? 4.05\MediaManager\grab.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 20:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-22 20:40
ComboFix-quarantined-files.txt 2009-07-22 18:40
Pre-Run: 62 588 088 320 octets libres
Post-Run: 62 618 161 152 octets libres
190 --- E O F --- 2009-07-22 18:22
Running from: J:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\abaca.exe
c:\docume~1\fouad\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\fouad\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\14794064\14794064
c:\documents and settings\All Users\Application Data\14794064\14794064.exe
c:\documents and settings\fouad\Application Data\bcrypt.html
C:\elast.exe
C:\last.exe
C:\lats.exe
c:\program files\Fichiers communs\WinAntiVirus Pro 2006\WapCHK.dll
c:\program files\winantivirus pro 2006\history.db
c:\program files\WinPCap\rpcapd.exe
C:\rotten.exe
C:\tra.exe
c:\windows\Downloaded Program Files\HbInstIE.dll
c:\windows\Installer\13f229b.msi
c:\windows\Installer\179e4a.msi
c:\windows\Installer\292a8.msi
c:\windows\msnmsgrss.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\mekd.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qgmecju.exe
c:\windows\system32\spoolsvc.exe
c:\windows\system32\stera.job
c:\windows\system32\system32.exe
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.lll
c:\windows\system32\twex.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Legacy_SYSDRV32
-------\Service_Boonty Games
-------\Service_NPF
-------\Service_oreans32
-------\Service_sysdrv32
-------\Service_vspf
-------\Service_vspf_hk
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 17:49 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-22 17:49 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-22 17:49 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-22 17:49 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-22 17:49 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-22 17:49 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-22 17:49 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-22 17:49 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-22 17:48 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-21 15:26 . 2009-07-21 15:26 68608 ----a-w- c:\windows\system32\gxwz.exe
2009-07-21 15:20 . 2009-07-21 15:20 -------- dc----w- C:\_OTM
2009-07-21 15:12 . 2009-07-21 15:12 68608 ----a-w- c:\windows\system32\gvwvqi.exe
2009-07-21 14:47 . 2009-07-21 14:47 -------- d-----w- c:\documents and settings\fouad\Application Data\Malwarebytes
2009-07-21 14:47 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 14:47 . 2009-07-21 14:47 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 14:47 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:47 . 2009-07-21 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 14:31 . 2009-07-21 14:34 -------- dc----w- C:\rsit
2009-07-20 17:35 . 2009-07-20 17:36 -------- dc----w- C:\GenProc
2009-07-20 16:30 . 2009-07-20 16:30 -------- d-----w- c:\program files\Enigma Software Group
2009-07-18 21:57 . 2009-07-18 21:57 68608 ----a-w- c:\windows\system32\fidlk.exe
2009-06-25 16:05 . 2009-06-25 16:05 -------- d-----w- c:\program files\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 18:14 . 2004-08-31 10:38 -------- d-----w- c:\program files\EPSON
2009-07-22 18:14 . 2004-07-12 07:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 17:28 . 2006-05-09 09:35 -------- d-----w- c:\program files\Ahead
2009-07-21 16:40 . 2006-05-06 21:45 -------- d-s---w- c:\program files\Fichiers communs\Teknum Systems
2009-06-25 16:05 . 2007-06-15 21:36 -------- d-----w- c:\program files\Windows Live
2009-06-25 14:29 . 2009-05-13 13:52 741376 -c--a-w- c:\documents and settings\All Users\Application Data\Shim Cdrom Cast Surf\Mix Enc.exe
2009-06-25 14:27 . 2009-03-25 18:54 -------- dc----w- c:\documents and settings\All Users\Application Data\Shim Cdrom Cast Surf
2009-06-25 14:27 . 2009-04-30 11:20 -------- d-----w- c:\program files\Iminent
2009-06-16 14:40 . 2004-07-09 17:15 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-07-09 17:15 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:10 . 2003-05-30 07:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 17:13 . 2009-05-19 16:04 77312 -c--a-w- C:\boletin.exe
2009-05-19 16:48 . 2009-05-19 16:48 20494 -c--a-w- c:\windows\system32\xtsossnr.exe
2009-05-18 09:00 . 2009-05-18 09:00 119808 -c--a-w- C:\kavallx.exe
2009-05-07 15:33 . 2004-07-09 17:15 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2006-05-06 21:37 . 2006-05-06 21:37 56 -csh--r- c:\windows\system32\770FDBFAA7.sys
2006-05-06 21:37 . 2006-05-06 21:37 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\fouad\Menu D‚marrer\Programmes\D‚marrage\
LaunchU3.exe.lnk - c:\documents and settings\fouad\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-12-14 22486]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntivirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Messenger\\MsMsgs.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fidlk.exe"=
"c:\\WINDOWS\\system32\\gvwvqi.exe"=
"c:\\WINDOWS\\system32\\gxwz.exe"=
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-07-13 38160]
R3 PsShutdownSvc;PsShutdown;c:\windows\System32\PSSDNSVC.EXE [2004-07-22 65536]
S1 aswSP;avast! Self Protection; [x]
S1 SSHDRV5B;SSHDRV5B;c:\windows\System32\drivers\SSHDRV5B.sys [2004-09-12 34816]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\IMBooster.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3??????? 4.05\MediaManager\grab.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 20:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-22 20:40
ComboFix-quarantined-files.txt 2009-07-22 18:40
Pre-Run: 62 588 088 320 octets libres
Post-Run: 62 618 161 152 octets libres
190 --- E O F --- 2009-07-22 18:22
voila le rapport otm
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\windows\system32\gxwz.exe moved successfully.
c:\windows\system32\gvwvqi.exe moved successfully.
c:\windows\system32\fidlk.exe moved successfully.
c:\program files\Microsoft\Search Enhancement Pack\Choice Guard moved successfully.
c:\program files\Microsoft\Search Enhancement Pack moved successfully.
c:\program files\Microsoft moved successfully.
C:\boletin.exe moved successfully.
C:\kavallx.exe moved successfully.
c:\windows\system32\xtsossnr.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntivirusOverride"|dword:0000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: fouad
File delete failed. C:\Documents and Settings\fouad\Local Settings\Temp\~DF4024.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 56129 bytes
->Temporary Internet Files folder emptied: 688140 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_62c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16639 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,82 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07232009_183159
Files moved on Reboot...
C:\Documents and Settings\fouad\Local Settings\Temp\~DF4024.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\windows\system32\gxwz.exe moved successfully.
c:\windows\system32\gvwvqi.exe moved successfully.
c:\windows\system32\fidlk.exe moved successfully.
c:\program files\Microsoft\Search Enhancement Pack\Choice Guard moved successfully.
c:\program files\Microsoft\Search Enhancement Pack moved successfully.
c:\program files\Microsoft moved successfully.
C:\boletin.exe moved successfully.
C:\kavallx.exe moved successfully.
c:\windows\system32\xtsossnr.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntivirusOverride"|dword:0000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: fouad
File delete failed. C:\Documents and Settings\fouad\Local Settings\Temp\~DF4024.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 56129 bytes
->Temporary Internet Files folder emptied: 688140 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_62c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16639 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,82 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07232009_183159
Files moved on Reboot...
C:\Documents and Settings\fouad\Local Settings\Temp\~DF4024.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!
Registry entries deleted on Reboot...
############################## | UsbFix V6.010 |
User : fouad (Administrateurs) # ZITOUNE
Update on 23/07/09 by Chiquitine29 & C_XX
Start at: 18:49:21 | 23/07/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
AMD Athlon(tm) XP 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 [ Enabled | Updated ]
C:\ -> Disque fixe local # 67,23 Go (58,33 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 1006,7 Mo (853,84 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.010 ! |
User : fouad (Administrateurs) # ZITOUNE
Update on 23/07/09 by Chiquitine29 & C_XX
Start at: 18:49:21 | 23/07/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
AMD Athlon(tm) XP 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 [ Enabled | Updated ]
C:\ -> Disque fixe local # 67,23 Go (58,33 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 1006,7 Mo (853,84 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.010 ! |
