Probleme virus
Alison
-
eZula Messages postés 3509 Statut Contributeur -
eZula Messages postés 3509 Statut Contributeur -
Bonjour,
j'ai un probleme avec mon pc... des que j'ouvre un lien google ca me bascule sur yahoo et souvent une fenetre apparait "internet a cessé de fonctionner"
merci par avance de votre aide...
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:53, on 23/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\PC-ALI~1\AppData\Local\Temp\b.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\BSmaxScript[7.1]\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Monopod] C:\Users\PC-ALI~1\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA52AC40-7AA2-4005-80DD-B613D894E7CC}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5DD3F3C-A76D-485F-A111-942A9B9F3AB5}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{AA52AC40-7AA2-4005-80DD-B613D894E7CC}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\Windows\system32\msihost.exe (file missing)
j'ai un probleme avec mon pc... des que j'ouvre un lien google ca me bascule sur yahoo et souvent une fenetre apparait "internet a cessé de fonctionner"
merci par avance de votre aide...
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:53, on 23/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\PC-ALI~1\AppData\Local\Temp\b.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\BSmaxScript[7.1]\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Monopod] C:\Users\PC-ALI~1\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA52AC40-7AA2-4005-80DD-B613D894E7CC}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5DD3F3C-A76D-485F-A111-942A9B9F3AB5}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{AA52AC40-7AA2-4005-80DD-B613D894E7CC}: NameServer = 85.255.112.127,85.255.112.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.127,85.255.112.196
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\Windows\system32\msihost.exe (file missing)
A voir également:
- Probleme virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
15 réponses
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Merci de ta reponse si rapide... :)
voici le rapport que tu m'as demandé
Rapport GenProc 2.615 [1] - 24/08/2009 à 12:43:50
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5) [Navigateur par défaut]
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- WORT http://pc-system.fr/ (dj QUIOU) sur le Bureau.
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** PC-Ali et Manue *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l'aide du bouton "Parcourir". Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d'être créé sur le Bureau. Sélectionne l'option 1 et valide par entrée.
# Etape 3/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 4/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 5/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport WORT_report.txt situé dans C:\Wort ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.615 24/08/2009 à 12:44:06
WareOut:le 24/08/2009 à 12:44:32
[HKEY_LOCAL_MACHINE\system\controlset001\services\tcpip\parameters\interfaces\{AA52AC40-7AA2-4005-80DD-B613D894E7CC}]
NameServer REG_SZ 85.255.112.127,85.255.112.196
DhcpNameServer REG_SZ 85.255.112.127,85.255.112.196
TDSS:le 24/08/2009 à 12:44:45 "C:\Windows\System32\ESQUL*.???"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 12:45:02 ~~
voici le rapport que tu m'as demandé
Rapport GenProc 2.615 [1] - 24/08/2009 à 12:43:50
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5) [Navigateur par défaut]
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- WORT http://pc-system.fr/ (dj QUIOU) sur le Bureau.
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** PC-Ali et Manue *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l'aide du bouton "Parcourir". Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d'être créé sur le Bureau. Sélectionne l'option 1 et valide par entrée.
# Etape 3/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 4/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 5/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport WORT_report.txt situé dans C:\Wort ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.615 24/08/2009 à 12:44:06
WareOut:le 24/08/2009 à 12:44:32
[HKEY_LOCAL_MACHINE\system\controlset001\services\tcpip\parameters\interfaces\{AA52AC40-7AA2-4005-80DD-B613D894E7CC}]
NameServer REG_SZ 85.255.112.127,85.255.112.196
DhcpNameServer REG_SZ 85.255.112.127,85.255.112.196
TDSS:le 24/08/2009 à 12:44:45 "C:\Windows\System32\ESQUL*.???"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 12:45:02 ~~
j'ai suivi ce qu'il ai dit de faire mais il m'est impossible de telecharger Combofix...
sinon il y a du mieux... mes pages ne se transforme plus en page yahoo... mais toujours ce satané "internet a cessé de fonctionner"
sinon il y a du mieux... mes pages ne se transforme plus en page yahoo... mais toujours ce satané "internet a cessé de fonctionner"
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ci dessous le rapport de WORT
===== Rapport WareOut Removal Tool =====
version 3.6.2
analyse effectuée le 24/08/2009 à 13:51:15,10
Résultats de l'analyse :
========================
~~~~ Recherche d'infections dans C:\ ~~~~
~~~~ Recherche d'infections dans C:\Program Files\ ~~~~
~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~
~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~
~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~
~~~~ Recherche d'infections dans C:\Users\PC-Ali et Manue\AppData\Roaming\ ~~~~
~~~~ Recherche d'infections dans C:\Users\PC-Ali et Manue\Bureau\ ~~~~
~~~~ Recherche de détournement de DNS ~~~~
~~~~ Recherche de Rootkits ~~~~
_______________________________________________________________________
driver loading error disk not found C:\
please note that you need administrator rights to perform deep scan
_______________________________________________________________________
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ
~~~~ Recherche d'infections dans C:\Users\PC-ALI~1\AppData\Local\Temp\ ~~~~
~~~~ Recherche d'infections dans C:\Users\PC-Ali et Manue\Start Menu\Programs\ ~~~~
~~~~ Nettoyage du registre ~~~~
~~~~ Tentative de réparation des entrées suivantes: ~~~~
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"
[HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]
~~~~ Vérification: ~~~~
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ
_________________________________
développé par http://pc-system.fr
_________________________________
===== Rapport WareOut Removal Tool =====
version 3.6.2
analyse effectuée le 24/08/2009 à 13:51:15,10
Résultats de l'analyse :
========================
~~~~ Recherche d'infections dans C:\ ~~~~
~~~~ Recherche d'infections dans C:\Program Files\ ~~~~
~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~
~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~
~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~
~~~~ Recherche d'infections dans C:\Users\PC-Ali et Manue\AppData\Roaming\ ~~~~
~~~~ Recherche d'infections dans C:\Users\PC-Ali et Manue\Bureau\ ~~~~
~~~~ Recherche de détournement de DNS ~~~~
~~~~ Recherche de Rootkits ~~~~
_______________________________________________________________________
driver loading error disk not found C:\
please note that you need administrator rights to perform deep scan
_______________________________________________________________________
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ
~~~~ Recherche d'infections dans C:\Users\PC-ALI~1\AppData\Local\Temp\ ~~~~
~~~~ Recherche d'infections dans C:\Users\PC-Ali et Manue\Start Menu\Programs\ ~~~~
~~~~ Nettoyage du registre ~~~~
~~~~ Tentative de réparation des entrées suivantes: ~~~~
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"
[HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]
~~~~ Vérification: ~~~~
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ
_________________________________
développé par http://pc-system.fr
_________________________________
à première vue, on a du mal à communiquer.
Combofix : essaye de le télécharger et de l'exécuter en mode sans échec avec prise en charge réseau
Combofix : essaye de le télécharger et de l'exécuter en mode sans échec avec prise en charge réseau
voici le rapport :) merci de ta patience
ComboFix 09-08-23.01 - PC-Ali et Manue 24/08/2009 14:30:55.1.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2813.2372 [GMT 2:00]
Running from: C:\Users\PC-Ali et Manue\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ESQULSERV.SYS
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-24 10:58:23 . 2009-08-24 10:59:47 0 d-----w- C:\WORT
2009-08-24 10:43:44 . 2009-08-24 10:43:48 0 d-----w- C:\Genproc
2009-08-24 06:12:08 . 2008-06-19 15:24:30 28544 ----a-w- C:\Windows\system32\drivers\pavboot.sys
2009-08-24 06:12:05 . 2009-08-24 06:12:05 0 d-----w- C:\Program Files\Panda Security
2009-08-24 05:15:38 . 2009-08-24 06:01:04 0 d-----w- C:\FindyKill
2009-08-24 05:11:18 . 2009-08-24 05:30:00 0 d-----w- C:\Program Files\Navilog1
2009-08-23 23:43:03 . 2009-08-23 23:43:03 0 ----a-w- C:\ntuser.dat
2009-08-23 18:50:39 . 2009-08-23 18:50:39 0 d-----w- C:\Program Files\Trend Micro
2009-08-23 16:26:15 . 2009-08-24 05:59:48 0 d-----w- C:\Windows\system32\HouseCall 6.6
2009-08-23 16:26:15 . 2009-08-23 16:26:15 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\HouseCall 6.6
2009-08-23 11:48:30 . 2009-08-23 11:48:30 0 dc-h--w- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-23 06:52:51 . 2009-08-23 06:52:51 56320 ----a-w- C:\Windows\system32\ESQULjrqetvtbotepwvckneorpseprymgvhiw.dll
2009-08-23 06:52:51 . 2009-08-23 06:52:50 84992 ----a-w- C:\Windows\system32\msihost.exe
2009-08-23 06:51:12 . 2009-08-23 06:51:06 28672 ---h--w- C:\Users\PC-Ali et Manue\beeca.exe
2009-08-22 06:48:36 . 2009-08-22 06:48:36 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Local\Apple Computer
2009-08-22 06:43:38 . 2009-08-22 06:43:39 163295 ----a-w- C:\Windows\Audio Converter Pro Uninstaller.exe
2009-08-22 06:43:37 . 2009-08-22 08:57:28 0 d-----w- C:\ProgramData\River Past G5
2009-08-22 06:43:37 . 2009-08-22 06:43:37 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\River Past G5
2009-08-22 06:43:37 . 2009-08-22 06:43:37 0 d-----w- C:\Program Files\Common Files\River Past
2009-08-22 06:43:36 . 2009-08-22 06:43:36 0 d-----w- C:\Program Files\River Past
2009-08-22 06:14:53 . 2009-08-22 06:14:55 0 d-----w- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-08-22 06:14:41 . 2009-08-22 06:14:42 0 d-----w- C:\Program Files\FLV Player
2009-08-20 22:10:27 . 2009-08-20 22:10:27 0 d-----w- C:\Windows\Sun
2009-08-13 16:06:59 . 2009-08-13 16:07:00 680 ----a-w- C:\Users\PC-Ali et Manue\AppData\Local\d3d9caps.dat
2009-08-13 05:14:47 . 2009-07-14 13:00:17 313344 ----a-w- C:\Windows\system32\wmpdxm.dll
2009-08-13 05:14:46 . 2009-07-14 12:58:44 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-08-13 05:14:45 . 2009-07-14 12:59:28 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-08-13 05:14:45 . 2009-07-14 10:59:56 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-08-13 05:14:39 . 2009-07-17 14:35:11 71680 ----a-w- C:\Windows\system32\atl.dll
2009-08-13 05:14:38 . 2009-06-10 12:12:29 160256 ----a-w- C:\Windows\system32\wkssvc.dll
2009-08-13 05:14:34 . 2009-06-04 12:34:04 2066432 ----a-w- C:\Windows\system32\mstscax.dll
2009-08-13 05:14:26 . 2009-06-10 12:07:30 91136 ----a-w- C:\Windows\system32\avifil32.dll
2009-07-26 14:04:28 . 2009-07-26 14:04:30 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\mIRC
2009-07-26 13:29:31 . 2009-08-24 11:50:07 0 d-----w- C:\Program Files\BSmaxScript[7.1]
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 16:20:04 . 2008-01-21 07:23:37 669566 ----a-w- C:\Windows\system32\perfh00C.dat
2009-08-23 16:20:04 . 2008-01-21 07:23:37 123556 ----a-w- C:\Windows\system32\perfc00C.dat
2009-08-23 07:17:00 . 2008-10-14 10:38:54 0 d-----w- C:\Program Files\Java
2009-08-14 15:12:24 . 2009-06-14 11:20:45 694 ----a-w- C:\Users\PC-Ali et Manue\AppData\Roaming\wklnhst.dat
2009-08-13 14:27:59 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-25 03:23:00 . 2009-06-14 07:17:51 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-07-20 12:07:06 . 2009-07-20 12:07:04 0 d-----w- C:\Program Files\ODS
2009-07-18 16:06:20 . 2009-07-29 08:16:38 827904 ----a-w- C:\Windows\system32\wininet.dll
2009-07-18 16:01:48 . 2009-07-29 08:16:36 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-07-18 09:46:14 . 2009-07-29 08:16:36 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-12 22:58:44 . 2009-07-12 22:58:44 0 d-----w- C:\Program Files\Clic
2009-07-12 22:58:39 . 2009-07-12 22:58:39 290816 ------w- C:\Windows\Setup1.exe
2009-07-12 22:58:36 . 2009-07-12 22:58:36 74752 ----a-w- C:\Windows\ST6UNST.EXE
2009-07-12 22:43:09 . 2009-07-12 22:43:09 0 d-----w- C:\ProgramData\AutoClic
2009-07-12 22:36:38 . 2009-07-12 22:36:38 0 d-----w- C:\Program Files\AutoClick
2009-07-06 13:32:19 . 2009-06-14 16:36:17 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\TeamViewer
2009-06-27 21:15:02 . 2009-06-27 21:15:02 0 d-----w- C:\ProgramData\IsolatedStorage
2009-06-15 15:24:24 . 2009-07-15 17:22:07 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-06-15 15:20:27 . 2009-07-15 17:22:06 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-06-15 15:20:00 . 2009-07-15 17:22:06 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-06-15 12:52:13 . 2009-07-15 17:22:06 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-06-14 14:55:59 . 2009-06-13 21:06:50 82720 ----a-w- C:\Users\PC-Ali et Manue\AppData\Local\GDIPFONTCACHEV1.DAT
.
ComboFix 09-08-23.01 - PC-Ali et Manue 24/08/2009 14:30:55.1.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2813.2372 [GMT 2:00]
Running from: C:\Users\PC-Ali et Manue\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ESQULSERV.SYS
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-24 10:58:23 . 2009-08-24 10:59:47 0 d-----w- C:\WORT
2009-08-24 10:43:44 . 2009-08-24 10:43:48 0 d-----w- C:\Genproc
2009-08-24 06:12:08 . 2008-06-19 15:24:30 28544 ----a-w- C:\Windows\system32\drivers\pavboot.sys
2009-08-24 06:12:05 . 2009-08-24 06:12:05 0 d-----w- C:\Program Files\Panda Security
2009-08-24 05:15:38 . 2009-08-24 06:01:04 0 d-----w- C:\FindyKill
2009-08-24 05:11:18 . 2009-08-24 05:30:00 0 d-----w- C:\Program Files\Navilog1
2009-08-23 23:43:03 . 2009-08-23 23:43:03 0 ----a-w- C:\ntuser.dat
2009-08-23 18:50:39 . 2009-08-23 18:50:39 0 d-----w- C:\Program Files\Trend Micro
2009-08-23 16:26:15 . 2009-08-24 05:59:48 0 d-----w- C:\Windows\system32\HouseCall 6.6
2009-08-23 16:26:15 . 2009-08-23 16:26:15 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\HouseCall 6.6
2009-08-23 11:48:30 . 2009-08-23 11:48:30 0 dc-h--w- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-23 06:52:51 . 2009-08-23 06:52:51 56320 ----a-w- C:\Windows\system32\ESQULjrqetvtbotepwvckneorpseprymgvhiw.dll
2009-08-23 06:52:51 . 2009-08-23 06:52:50 84992 ----a-w- C:\Windows\system32\msihost.exe
2009-08-23 06:51:12 . 2009-08-23 06:51:06 28672 ---h--w- C:\Users\PC-Ali et Manue\beeca.exe
2009-08-22 06:48:36 . 2009-08-22 06:48:36 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Local\Apple Computer
2009-08-22 06:43:38 . 2009-08-22 06:43:39 163295 ----a-w- C:\Windows\Audio Converter Pro Uninstaller.exe
2009-08-22 06:43:37 . 2009-08-22 08:57:28 0 d-----w- C:\ProgramData\River Past G5
2009-08-22 06:43:37 . 2009-08-22 06:43:37 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\River Past G5
2009-08-22 06:43:37 . 2009-08-22 06:43:37 0 d-----w- C:\Program Files\Common Files\River Past
2009-08-22 06:43:36 . 2009-08-22 06:43:36 0 d-----w- C:\Program Files\River Past
2009-08-22 06:14:53 . 2009-08-22 06:14:55 0 d-----w- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-08-22 06:14:41 . 2009-08-22 06:14:42 0 d-----w- C:\Program Files\FLV Player
2009-08-20 22:10:27 . 2009-08-20 22:10:27 0 d-----w- C:\Windows\Sun
2009-08-13 16:06:59 . 2009-08-13 16:07:00 680 ----a-w- C:\Users\PC-Ali et Manue\AppData\Local\d3d9caps.dat
2009-08-13 05:14:47 . 2009-07-14 13:00:17 313344 ----a-w- C:\Windows\system32\wmpdxm.dll
2009-08-13 05:14:46 . 2009-07-14 12:58:44 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-08-13 05:14:45 . 2009-07-14 12:59:28 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-08-13 05:14:45 . 2009-07-14 10:59:56 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-08-13 05:14:39 . 2009-07-17 14:35:11 71680 ----a-w- C:\Windows\system32\atl.dll
2009-08-13 05:14:38 . 2009-06-10 12:12:29 160256 ----a-w- C:\Windows\system32\wkssvc.dll
2009-08-13 05:14:34 . 2009-06-04 12:34:04 2066432 ----a-w- C:\Windows\system32\mstscax.dll
2009-08-13 05:14:26 . 2009-06-10 12:07:30 91136 ----a-w- C:\Windows\system32\avifil32.dll
2009-07-26 14:04:28 . 2009-07-26 14:04:30 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\mIRC
2009-07-26 13:29:31 . 2009-08-24 11:50:07 0 d-----w- C:\Program Files\BSmaxScript[7.1]
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 16:20:04 . 2008-01-21 07:23:37 669566 ----a-w- C:\Windows\system32\perfh00C.dat
2009-08-23 16:20:04 . 2008-01-21 07:23:37 123556 ----a-w- C:\Windows\system32\perfc00C.dat
2009-08-23 07:17:00 . 2008-10-14 10:38:54 0 d-----w- C:\Program Files\Java
2009-08-14 15:12:24 . 2009-06-14 11:20:45 694 ----a-w- C:\Users\PC-Ali et Manue\AppData\Roaming\wklnhst.dat
2009-08-13 14:27:59 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-25 03:23:00 . 2009-06-14 07:17:51 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-07-20 12:07:06 . 2009-07-20 12:07:04 0 d-----w- C:\Program Files\ODS
2009-07-18 16:06:20 . 2009-07-29 08:16:38 827904 ----a-w- C:\Windows\system32\wininet.dll
2009-07-18 16:01:48 . 2009-07-29 08:16:36 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-07-18 09:46:14 . 2009-07-29 08:16:36 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-12 22:58:44 . 2009-07-12 22:58:44 0 d-----w- C:\Program Files\Clic
2009-07-12 22:58:39 . 2009-07-12 22:58:39 290816 ------w- C:\Windows\Setup1.exe
2009-07-12 22:58:36 . 2009-07-12 22:58:36 74752 ----a-w- C:\Windows\ST6UNST.EXE
2009-07-12 22:43:09 . 2009-07-12 22:43:09 0 d-----w- C:\ProgramData\AutoClic
2009-07-12 22:36:38 . 2009-07-12 22:36:38 0 d-----w- C:\Program Files\AutoClick
2009-07-06 13:32:19 . 2009-06-14 16:36:17 0 d-----w- C:\Users\PC-Ali et Manue\AppData\Roaming\TeamViewer
2009-06-27 21:15:02 . 2009-06-27 21:15:02 0 d-----w- C:\ProgramData\IsolatedStorage
2009-06-15 15:24:24 . 2009-07-15 17:22:07 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-06-15 15:20:27 . 2009-07-15 17:22:06 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-06-15 15:20:00 . 2009-07-15 17:22:06 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-06-15 12:52:13 . 2009-07-15 17:22:06 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-06-14 14:55:59 . 2009-06-13 21:06:50 82720 ----a-w- C:\Users\PC-Ali et Manue\AppData\Local\GDIPFONTCACHEV1.DAT
.
le rapport est incomplet, dans la lancée, scanne ce fichier C:\Windows\system32\msihost.exe sur le site virustotal et poste le rapport
voici le rapport de virustotal
Fichier msihost.exe reçu le 2009.08.24 13:28:57 (UTC)
Situation actuelle: terminé
Résultat: 5/41 (12.20%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.24 -
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.24 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.23 -
Avast 4.8.1335.0 2009.08.23 -
AVG 8.5.0.406 2009.08.24 -
BitDefender 7.2 2009.08.24 -
CAT-QuickHeal 10.00 2009.08.24 -
ClamAV 0.94.1 2009.08.24 -
Comodo 2079 2009.08.24 -
DrWeb 5.0.0.12182 2009.08.24 -
eSafe 7.0.17.0 2009.08.23 -
eTrust-Vet 31.6.6697 2009.08.24 -
F-Prot 4.4.4.56 2009.08.23 -
F-Secure 8.0.14470.0 2009.08.24 -
Fortinet 3.120.0.0 2009.08.24 -
GData 19 2009.08.24 -
Ikarus T3.1.1.68.0 2009.08.24 -
Jiangmin 11.0.800 2009.08.23 -
K7AntiVirus 7.10.825 2009.08.22 -
Kaspersky 7.0.0.125 2009.08.24 -
McAfee 5718 2009.08.23 -
McAfee+Artemis 5718 2009.08.23 -
McAfee-GW-Edition 6.8.5 2009.08.24 -
Microsoft 1.4903 2009.08.24 Trojan:Win32/Alureon.gen!J
NOD32 4362 2009.08.24 a variant of Win32/Kryptik.AGD
Norman 2009.08.24 -
nProtect 2009.1.8.0 2009.08.24 -
Panda 10.0.0.14 2009.08.24 -
PCTools 4.4.2.0 2009.08.23 -
Prevx 3.0 2009.08.24 Medium Risk Malware
Rising 21.43.62.00 2009.08.24 -
Sophos 4.44.0 2009.08.24 Mal/TibsPk-A
Sunbelt 3.2.1858.2 2009.08.22 -
Symantec 1.4.4.12 2009.08.24 Packed.Generic.245
TheHacker 6.3.4.3.386 2009.08.22 -
TrendMicro 8.950.0.1094 2009.08.24 -
VBA32 3.12.10.9 2009.08.24 -
ViRobot 2009.8.24.1899 2009.08.24 -
VirusBuster 4.6.5.0 2009.08.23 -
Information additionnelle
File size: 84992 bytes
MD5 : 4a659f3cb9390a0f805a2a3154df7170
SHA1 : 011a5edbe0ef4f14be4de8e14a5ae4bee443f483
SHA256: ca09b126116c30628d587eee38961e5d59949fd6eae56c1b6b1ee0e9ecd261d9
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1B40
timedatestamp.....: 0x4657000D (Fri May 25 17:26:05 2007)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xC3A0 0xC400 7.68 6b4146b9262fd85b1a720ee25b679cc5
.data 0xE000 0x2B4 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rdata 0xF000 0x6FE4 0x7000 7.80 da16faea56a217a0ab221128bd599625
.kdata 0x16000 0x1A00 0x800 0.00 c99a74c555371a433d121f551d6c6398
.reloc 0x18000 0x822 0x800 6.12 46405220b91d2613d807959bba46847c
( 5 imports )
> advapi32.dll: OpenServiceA, SetServiceStatus, OpenProcessToken, QueryServiceStatus, GetSecurityDescriptorControl, RegOpenKeyW, RegCreateKeyExA, RegFlushKey, RegCreateKeyExW, AdjustTokenPrivileges, OpenSCManagerA, OpenServiceW, FreeSid, ChangeServiceConfig2A, RegDeleteKeyW, RegQueryInfoKeyW, RegEnumValueA
> gdi32.dll: GetWindowExtEx, CreateBrushIndirect, GetObjectType, CreateDIBSection, GetTextExtentPointW, CopyMetaFileW, SetDIBColorTable, SetBrushOrgEx, Rectangle, CreateBitmapIndirect, GetTextExtentPointA, GetCurrentObject, SetPixelV
> kernel32.dll: GlobalUnlock, SetPriorityClass, GetModuleHandleA, GetLastError, GetVersionExW, HeapDestroy, ExitProcess, VirtualAlloc, GetLocaleInfoA, GetCurrentThread, GetFileTime, ProcessIdToSessionId, HeapCreate, GetEnvironmentVariableA
> msvcrt.dll: _fsopen, _vsnwprintf, _unlock, fflush, __setusermatherr, fclose, __p__fmode, fputc, iswalpha, __set_app_type, _ltoa, _wcsicmp, _initterm, _exit
> version.dll: GetFileVersionInfoA, VerQueryValueA
( 0 exports )
TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 1536:6xHrbrIF+ZmN4WgULlBYszQ2yEcO75z2hkmOvgaqDY0zOnAeEb9:6xH/ElN4WHL/YNMl2GvgaqbOnw
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=68476310004860454CAE01A316A32E003AD8EE43
PEiD : -
RDS : NSRL Reference Data Set
-
Fichier msihost.exe reçu le 2009.08.24 13:28:57 (UTC)
Situation actuelle: terminé
Résultat: 5/41 (12.20%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.24 -
AhnLab-V3 5.0.0.2 2009.08.24 -
AntiVir 7.9.1.3 2009.08.24 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.23 -
Avast 4.8.1335.0 2009.08.23 -
AVG 8.5.0.406 2009.08.24 -
BitDefender 7.2 2009.08.24 -
CAT-QuickHeal 10.00 2009.08.24 -
ClamAV 0.94.1 2009.08.24 -
Comodo 2079 2009.08.24 -
DrWeb 5.0.0.12182 2009.08.24 -
eSafe 7.0.17.0 2009.08.23 -
eTrust-Vet 31.6.6697 2009.08.24 -
F-Prot 4.4.4.56 2009.08.23 -
F-Secure 8.0.14470.0 2009.08.24 -
Fortinet 3.120.0.0 2009.08.24 -
GData 19 2009.08.24 -
Ikarus T3.1.1.68.0 2009.08.24 -
Jiangmin 11.0.800 2009.08.23 -
K7AntiVirus 7.10.825 2009.08.22 -
Kaspersky 7.0.0.125 2009.08.24 -
McAfee 5718 2009.08.23 -
McAfee+Artemis 5718 2009.08.23 -
McAfee-GW-Edition 6.8.5 2009.08.24 -
Microsoft 1.4903 2009.08.24 Trojan:Win32/Alureon.gen!J
NOD32 4362 2009.08.24 a variant of Win32/Kryptik.AGD
Norman 2009.08.24 -
nProtect 2009.1.8.0 2009.08.24 -
Panda 10.0.0.14 2009.08.24 -
PCTools 4.4.2.0 2009.08.23 -
Prevx 3.0 2009.08.24 Medium Risk Malware
Rising 21.43.62.00 2009.08.24 -
Sophos 4.44.0 2009.08.24 Mal/TibsPk-A
Sunbelt 3.2.1858.2 2009.08.22 -
Symantec 1.4.4.12 2009.08.24 Packed.Generic.245
TheHacker 6.3.4.3.386 2009.08.22 -
TrendMicro 8.950.0.1094 2009.08.24 -
VBA32 3.12.10.9 2009.08.24 -
ViRobot 2009.8.24.1899 2009.08.24 -
VirusBuster 4.6.5.0 2009.08.23 -
Information additionnelle
File size: 84992 bytes
MD5 : 4a659f3cb9390a0f805a2a3154df7170
SHA1 : 011a5edbe0ef4f14be4de8e14a5ae4bee443f483
SHA256: ca09b126116c30628d587eee38961e5d59949fd6eae56c1b6b1ee0e9ecd261d9
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1B40
timedatestamp.....: 0x4657000D (Fri May 25 17:26:05 2007)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xC3A0 0xC400 7.68 6b4146b9262fd85b1a720ee25b679cc5
.data 0xE000 0x2B4 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rdata 0xF000 0x6FE4 0x7000 7.80 da16faea56a217a0ab221128bd599625
.kdata 0x16000 0x1A00 0x800 0.00 c99a74c555371a433d121f551d6c6398
.reloc 0x18000 0x822 0x800 6.12 46405220b91d2613d807959bba46847c
( 5 imports )
> advapi32.dll: OpenServiceA, SetServiceStatus, OpenProcessToken, QueryServiceStatus, GetSecurityDescriptorControl, RegOpenKeyW, RegCreateKeyExA, RegFlushKey, RegCreateKeyExW, AdjustTokenPrivileges, OpenSCManagerA, OpenServiceW, FreeSid, ChangeServiceConfig2A, RegDeleteKeyW, RegQueryInfoKeyW, RegEnumValueA
> gdi32.dll: GetWindowExtEx, CreateBrushIndirect, GetObjectType, CreateDIBSection, GetTextExtentPointW, CopyMetaFileW, SetDIBColorTable, SetBrushOrgEx, Rectangle, CreateBitmapIndirect, GetTextExtentPointA, GetCurrentObject, SetPixelV
> kernel32.dll: GlobalUnlock, SetPriorityClass, GetModuleHandleA, GetLastError, GetVersionExW, HeapDestroy, ExitProcess, VirtualAlloc, GetLocaleInfoA, GetCurrentThread, GetFileTime, ProcessIdToSessionId, HeapCreate, GetEnvironmentVariableA
> msvcrt.dll: _fsopen, _vsnwprintf, _unlock, fflush, __setusermatherr, fclose, __p__fmode, fputc, iswalpha, __set_app_type, _ltoa, _wcsicmp, _initterm, _exit
> version.dll: GetFileVersionInfoA, VerQueryValueA
( 0 exports )
TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 1536:6xHrbrIF+ZmN4WgULlBYszQ2yEcO75z2hkmOvgaqDY0zOnAeEb9:6xH/ElN4WHL/YNMl2GvgaqbOnw
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=68476310004860454CAE01A316A32E003AD8EE43
PEiD : -
RDS : NSRL Reference Data Set
-
voici le rapport de combofix
ComboFix 09-08-23.01 - PC-Ali et Manue 24/08/2009 18:21.2.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2813.2405 [GMT 2:00]
Running from: c:\users\PC-Ali et Manue\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-24 10:58 . 2009-08-24 10:59 -------- d-----w- C:\WORT
2009-08-24 10:43 . 2009-08-24 10:43 -------- d-----w- C:\Genproc
2009-08-24 06:12 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-24 06:12 . 2009-08-24 06:12 -------- d-----w- c:\program files\Panda Security
2009-08-24 05:15 . 2009-08-24 06:01 -------- d-----w- C:\FindyKill
2009-08-24 05:11 . 2009-08-24 05:30 -------- d-----w- c:\program files\Navilog1
2009-08-23 23:43 . 2009-08-23 23:43 0 ----a-w- C:\ntuser.dat
2009-08-23 18:50 . 2009-08-23 18:50 -------- d-----w- c:\program files\Trend Micro
2009-08-23 16:26 . 2009-08-24 13:18 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-23 16:26 . 2009-08-23 16:26 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\HouseCall 6.6
2009-08-23 11:48 . 2009-08-23 11:48 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-23 06:52 . 2009-08-23 06:52 56320 ----a-w- c:\windows\system32\ESQULjrqetvtbotepwvckneorpseprymgvhiw.dll
2009-08-23 06:52 . 2009-08-23 06:52 84992 ----a-w- c:\windows\system32\msihost.exe
2009-08-23 06:51 . 2009-08-23 06:51 28672 ---h--w- c:\users\PC-Ali et Manue\beeca.exe
2009-08-22 06:48 . 2009-08-22 06:48 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Local\Apple Computer
2009-08-22 06:43 . 2009-08-22 06:43 163295 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2009-08-22 06:43 . 2009-08-22 08:57 -------- d-----w- c:\programdata\River Past G5
2009-08-22 06:43 . 2009-08-22 06:43 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\River Past G5
2009-08-22 06:43 . 2009-08-22 06:43 -------- d-----w- c:\program files\Common Files\River Past
2009-08-22 06:43 . 2009-08-22 06:43 -------- d-----w- c:\program files\River Past
2009-08-22 06:14 . 2009-08-22 06:14 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-08-22 06:14 . 2009-08-22 06:14 -------- d-----w- c:\program files\FLV Player
2009-08-20 22:10 . 2009-08-20 22:10 -------- d-----w- c:\windows\Sun
2009-08-13 16:06 . 2009-08-13 16:07 680 ----a-w- c:\users\PC-Ali et Manue\AppData\Local\d3d9caps.dat
2009-08-13 05:14 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 05:14 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 05:14 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 05:14 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 05:14 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 05:14 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 05:14 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 05:14 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-07-26 14:04 . 2009-07-26 14:04 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\mIRC
2009-07-26 13:29 . 2009-08-24 16:18 -------- d-----w- c:\program files\BSmaxScript[7.1]
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 16:20 . 2008-01-21 07:23 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-23 16:20 . 2008-01-21 07:23 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-23 07:17 . 2008-10-14 10:38 -------- d-----w- c:\program files\Java
2009-08-14 15:12 . 2009-06-14 11:20 694 ----a-w- c:\users\PC-Ali et Manue\AppData\Roaming\wklnhst.dat
2009-08-13 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-25 03:23 . 2009-06-14 07:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 12:07 . 2009-07-20 12:07 -------- d-----w- c:\program files\ODS
2009-07-18 16:06 . 2009-07-29 08:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 08:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 08:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-12 22:58 . 2009-07-12 22:58 -------- d-----w- c:\program files\Clic
2009-07-12 22:58 . 2009-07-12 22:58 290816 ------w- c:\windows\Setup1.exe
2009-07-12 22:58 . 2009-07-12 22:58 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-07-12 22:43 . 2009-07-12 22:43 -------- d-----w- c:\programdata\AutoClic
2009-07-12 22:36 . 2009-07-12 22:36 -------- d-----w- c:\program files\AutoClick
2009-07-06 13:32 . 2009-06-14 16:36 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\TeamViewer
2009-06-27 21:15 . 2009-06-27 21:15 -------- d-----w- c:\programdata\IsolatedStorage
2009-06-15 15:24 . 2009-07-15 17:22 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 17:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 17:22 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 17:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-14 14:55 . 2009-06-13 21:06 82720 ----a-w- c:\users\PC-Ali et Manue\AppData\Local\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\PC-Ali et Manue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoClick.lnk - c:\program files\AutoClick\AutoClick.exe [2009-7-13 430080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E293652-8AF1-4083-BB74-C13C02EE32D2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A048CAA8-9196-4287-911F-655D023BD996}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FE8BC1C4-3B02-44CD-B9CA-E329C6F45F03}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3915C9EB-8EA5-49C8-90A6-3B3121D9C2A6}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7AD3FD2F-1937-402B-8DDB-8946B0D829BD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0CD5186D-39E4-4151-978F-4C542D47DA30}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4C876B4C-8998-446B-ABD4-EA74B6A83DB4}c:\\program files\\bsmaxscript[7.1]\\mirc.exe"= UDP:c:\program files\bsmaxscript[7.1]\mirc.exe:mIRC
"UDP Query User{95C3E55A-ACA8-4F44-A972-16BACD5FD04B}c:\\program files\\bsmaxscript[7.1]\\mirc.exe"= TCP:c:\program files\bsmaxscript[7.1]\mirc.exe:mIRC
"TCP Query User{18CDFD07-5C8F-4417-9EE5-2786A17371C7}c:\\users\\pc-ali et manue\\desktop\\enzo\\keygen.mirc.6.35.exe"= UDP:c:\users\pc-ali et manue\desktop\enzo\keygen.mirc.6.35.exe:keygen.mirc.6.35.exe
"UDP Query User{EC38F863-43A9-465A-9410-1BAFB817A6DD}c:\\users\\pc-ali et manue\\desktop\\enzo\\keygen.mirc.6.35.exe"= TCP:c:\users\pc-ali et manue\desktop\enzo\keygen.mirc.6.35.exe:keygen.mirc.6.35.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"= c:\program files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [13/06/2009 23:12 20384]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [14/10/2008 13:00 7168]
S0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [24/08/2009 08:12 28544]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14/06/2009 09:26 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14/06/2009 09:26 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14/06/2009 09:26 51792]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25/06/2009 09:22 185640]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [26/08/2008 15:26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [03/12/2007 17:03 126976]
S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe [23/08/2009 08:52 84992]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [13/06/2009 23:12 954368]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 09:58 77824]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\PC-Ali et Manue\AppData\Roaming\Mozilla\Firefox\Profiles\oj0jnfc1.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 18:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-08-24 18:27
ComboFix-quarantined-files.txt 2009-08-24 16:27
Pre-Run: 46 580 998 144 octets libres
Post-Run: 46 434 693 120 octets libres
221 --- E O F --- 2009-08-17 17:51
ComboFix 09-08-23.01 - PC-Ali et Manue 24/08/2009 18:21.2.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2813.2405 [GMT 2:00]
Running from: c:\users\PC-Ali et Manue\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-24 10:58 . 2009-08-24 10:59 -------- d-----w- C:\WORT
2009-08-24 10:43 . 2009-08-24 10:43 -------- d-----w- C:\Genproc
2009-08-24 06:12 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-24 06:12 . 2009-08-24 06:12 -------- d-----w- c:\program files\Panda Security
2009-08-24 05:15 . 2009-08-24 06:01 -------- d-----w- C:\FindyKill
2009-08-24 05:11 . 2009-08-24 05:30 -------- d-----w- c:\program files\Navilog1
2009-08-23 23:43 . 2009-08-23 23:43 0 ----a-w- C:\ntuser.dat
2009-08-23 18:50 . 2009-08-23 18:50 -------- d-----w- c:\program files\Trend Micro
2009-08-23 16:26 . 2009-08-24 13:18 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-23 16:26 . 2009-08-23 16:26 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\HouseCall 6.6
2009-08-23 11:48 . 2009-08-23 11:48 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-23 06:52 . 2009-08-23 06:52 56320 ----a-w- c:\windows\system32\ESQULjrqetvtbotepwvckneorpseprymgvhiw.dll
2009-08-23 06:52 . 2009-08-23 06:52 84992 ----a-w- c:\windows\system32\msihost.exe
2009-08-23 06:51 . 2009-08-23 06:51 28672 ---h--w- c:\users\PC-Ali et Manue\beeca.exe
2009-08-22 06:48 . 2009-08-22 06:48 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Local\Apple Computer
2009-08-22 06:43 . 2009-08-22 06:43 163295 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2009-08-22 06:43 . 2009-08-22 08:57 -------- d-----w- c:\programdata\River Past G5
2009-08-22 06:43 . 2009-08-22 06:43 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\River Past G5
2009-08-22 06:43 . 2009-08-22 06:43 -------- d-----w- c:\program files\Common Files\River Past
2009-08-22 06:43 . 2009-08-22 06:43 -------- d-----w- c:\program files\River Past
2009-08-22 06:14 . 2009-08-22 06:14 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-08-22 06:14 . 2009-08-22 06:14 -------- d-----w- c:\program files\FLV Player
2009-08-20 22:10 . 2009-08-20 22:10 -------- d-----w- c:\windows\Sun
2009-08-13 16:06 . 2009-08-13 16:07 680 ----a-w- c:\users\PC-Ali et Manue\AppData\Local\d3d9caps.dat
2009-08-13 05:14 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 05:14 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 05:14 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 05:14 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 05:14 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 05:14 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 05:14 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 05:14 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-07-26 14:04 . 2009-07-26 14:04 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\mIRC
2009-07-26 13:29 . 2009-08-24 16:18 -------- d-----w- c:\program files\BSmaxScript[7.1]
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 16:20 . 2008-01-21 07:23 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-23 16:20 . 2008-01-21 07:23 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-23 07:17 . 2008-10-14 10:38 -------- d-----w- c:\program files\Java
2009-08-14 15:12 . 2009-06-14 11:20 694 ----a-w- c:\users\PC-Ali et Manue\AppData\Roaming\wklnhst.dat
2009-08-13 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-25 03:23 . 2009-06-14 07:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 12:07 . 2009-07-20 12:07 -------- d-----w- c:\program files\ODS
2009-07-18 16:06 . 2009-07-29 08:16 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 08:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 08:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-12 22:58 . 2009-07-12 22:58 -------- d-----w- c:\program files\Clic
2009-07-12 22:58 . 2009-07-12 22:58 290816 ------w- c:\windows\Setup1.exe
2009-07-12 22:58 . 2009-07-12 22:58 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-07-12 22:43 . 2009-07-12 22:43 -------- d-----w- c:\programdata\AutoClic
2009-07-12 22:36 . 2009-07-12 22:36 -------- d-----w- c:\program files\AutoClick
2009-07-06 13:32 . 2009-06-14 16:36 -------- d-----w- c:\users\PC-Ali et Manue\AppData\Roaming\TeamViewer
2009-06-27 21:15 . 2009-06-27 21:15 -------- d-----w- c:\programdata\IsolatedStorage
2009-06-15 15:24 . 2009-07-15 17:22 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 17:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 17:22 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 17:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-14 14:55 . 2009-06-13 21:06 82720 ----a-w- c:\users\PC-Ali et Manue\AppData\Local\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\PC-Ali et Manue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoClick.lnk - c:\program files\AutoClick\AutoClick.exe [2009-7-13 430080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E293652-8AF1-4083-BB74-C13C02EE32D2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A048CAA8-9196-4287-911F-655D023BD996}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FE8BC1C4-3B02-44CD-B9CA-E329C6F45F03}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3915C9EB-8EA5-49C8-90A6-3B3121D9C2A6}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7AD3FD2F-1937-402B-8DDB-8946B0D829BD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0CD5186D-39E4-4151-978F-4C542D47DA30}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4C876B4C-8998-446B-ABD4-EA74B6A83DB4}c:\\program files\\bsmaxscript[7.1]\\mirc.exe"= UDP:c:\program files\bsmaxscript[7.1]\mirc.exe:mIRC
"UDP Query User{95C3E55A-ACA8-4F44-A972-16BACD5FD04B}c:\\program files\\bsmaxscript[7.1]\\mirc.exe"= TCP:c:\program files\bsmaxscript[7.1]\mirc.exe:mIRC
"TCP Query User{18CDFD07-5C8F-4417-9EE5-2786A17371C7}c:\\users\\pc-ali et manue\\desktop\\enzo\\keygen.mirc.6.35.exe"= UDP:c:\users\pc-ali et manue\desktop\enzo\keygen.mirc.6.35.exe:keygen.mirc.6.35.exe
"UDP Query User{EC38F863-43A9-465A-9410-1BAFB817A6DD}c:\\users\\pc-ali et manue\\desktop\\enzo\\keygen.mirc.6.35.exe"= TCP:c:\users\pc-ali et manue\desktop\enzo\keygen.mirc.6.35.exe:keygen.mirc.6.35.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"= c:\program files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [13/06/2009 23:12 20384]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [14/10/2008 13:00 7168]
S0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [24/08/2009 08:12 28544]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14/06/2009 09:26 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14/06/2009 09:26 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14/06/2009 09:26 51792]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25/06/2009 09:22 185640]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [26/08/2008 15:26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [03/12/2007 17:03 126976]
S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe [23/08/2009 08:52 84992]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [13/06/2009 23:12 954368]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 09:58 77824]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\PC-Ali et Manue\AppData\Roaming\Mozilla\Firefox\Profiles\oj0jnfc1.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 18:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-08-24 18:27
ComboFix-quarantined-files.txt 2009-08-24 16:27
Pre-Run: 46 580 998 144 octets libres
Post-Run: 46 434 693 120 octets libres
221 --- E O F --- 2009-08-17 17:51
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en italique :
Driver::
msihost
File::
c:\windows\system32\ESQULjrqetvtbotepwvckneorpseprymgvhiw.dll
c:\windows\system32\msihost.exe
c:\users\PC-Ali et Manue\beeca.exe
Enregistre ce fichier sous le nom CFScript
[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Driver::
msihost
File::
c:\windows\system32\ESQULjrqetvtbotepwvckneorpseprymgvhiw.dll
c:\windows\system32\msihost.exe
c:\users\PC-Ali et Manue\beeca.exe
Enregistre ce fichier sous le nom CFScript
[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
