Virus Win32
minimatt13
Messages postés
7
Statut
Membre
-
eZula Messages postés 3509 Statut Contributeur -
eZula Messages postés 3509 Statut Contributeur -
Bonjour,
Voilà bientôt un mois que j'ai des virus pleins mon ordinateur et que je cherches sur internet comment y remédier, à chaque fois que je vais sur un page internet , cela me met de la pub pour un anti virus et ma connection se ralentit alors j'ai fait des scans avec mon anti virus ( F-Secure) et je n'arrive toujours pas à enlever ces maudits virus !
J'implore votre aide ^^
Cordialement,
Voilà bientôt un mois que j'ai des virus pleins mon ordinateur et que je cherches sur internet comment y remédier, à chaque fois que je vais sur un page internet , cela me met de la pub pour un anti virus et ma connection se ralentit alors j'ai fait des scans avec mon anti virus ( F-Secure) et je n'arrive toujours pas à enlever ces maudits virus !
J'implore votre aide ^^
Cordialement,
A voir également:
- Virus Win32
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
12 réponses
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Bonsoir, voici le rapport:
Rapport GenProc 2.640 [2] - 16/10/2009 à 22:25:04
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par défaut]
# Etape 1/ Télécharge :
- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Monique Thiery *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[2]" sur ton bureau).
# Etape 2/
Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport Yoog.txt situé sur le Bureau ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.640 16/10/2009 à 12:39:47
Toolbar:le 16/10/2009 à 12:42:19 "C:\Program Files\Dcads Games Collection"
Yoog:le 16/10/2009 à 12:42:39 "C:\Program Files\Dcads Games Collection "
# Détections [2] GenProc 2.640 16/10/2009 à 22:25:34
Yoog:le 16/10/2009 à 22:28:23 "C:\WINDOWS\System32\whoiscl.exe"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 22:30:27 ~~
Rapport GenProc 2.640 [2] - 16/10/2009 à 22:25:04
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par défaut]
# Etape 1/ Télécharge :
- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Monique Thiery *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[2]" sur ton bureau).
# Etape 2/
Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport Yoog.txt situé sur le Bureau ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.640 16/10/2009 à 12:39:47
Toolbar:le 16/10/2009 à 12:42:19 "C:\Program Files\Dcads Games Collection"
Yoog:le 16/10/2009 à 12:42:39 "C:\Program Files\Dcads Games Collection "
# Détections [2] GenProc 2.640 16/10/2009 à 22:25:34
Yoog:le 16/10/2009 à 22:28:23 "C:\WINDOWS\System32\whoiscl.exe"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 22:30:27 ~~
Bonjour,
Voici, dans un premier temps, le contenu du rapport Yoog:
Yoog_Fix 3.0.1 de Batch_Man | Monique Thiery (Compte limité)
Debut a 13:23 le 16/10/2009
Microsoft Windows XP Édition familiale(5.1.2600)
AMD Athlon(tm) 64 Processor 3500+
Ram : 1535,5 Mo
Fail-safe boot
Antivirus: Test version of AV+IS+PC 8.00 8.00 (Activated)
Pare-Feu: Test version of AV+IS+PC 8.00 8.00 (Activated)
Lancé de "C:\Documents and Settings\Monique Thiery\Bureau\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:190254 Mo/Free:3351 Mo)
D:\ [CD-Rom] (Total:244 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
Ensuite, voici le contenu du rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:10, on 17/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Monique Thiery\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Monique Thiery\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Monique Thiery\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MONIQU~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {0617F156-3C87-45BD-9989-F3DC09BB5617} - C:\WINDOWS\System32\dmscript32.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: (no name) - {c0350ecf-5e90-4d54-a401-9efff47d7fde} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SB954.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Win64] C:\WINDOWS\system32\1050\svchost.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Monique Thiery\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\WINDOWS\TEMP\E_S12F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Monique Thiery\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {32BD2316-7501-4123-ACED-DCB48D78D5C8} (Sonov Control) - http://sonovpds.ktsystemhosting.com/sonov.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7759148D-4C31-44AC-B199-D8079E4C1C72} (DxInfo Control) - http://www.shaiya.com/download/directx_info/DxInfo_sonov_signed.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\cryptdll32.dll
O20 - Winlogon Notify: e0e1d9d2670 - C:\WINDOWS\System32\cryptdll32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Pack Securite\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
Voici, dans un premier temps, le contenu du rapport Yoog:
Yoog_Fix 3.0.1 de Batch_Man | Monique Thiery (Compte limité)
Debut a 13:23 le 16/10/2009
Microsoft Windows XP Édition familiale(5.1.2600)
AMD Athlon(tm) 64 Processor 3500+
Ram : 1535,5 Mo
Fail-safe boot
Antivirus: Test version of AV+IS+PC 8.00 8.00 (Activated)
Pare-Feu: Test version of AV+IS+PC 8.00 8.00 (Activated)
Lancé de "C:\Documents and Settings\Monique Thiery\Bureau\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:190254 Mo/Free:3351 Mo)
D:\ [CD-Rom] (Total:244 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
Ensuite, voici le contenu du rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:10, on 17/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Monique Thiery\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Monique Thiery\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Monique Thiery\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MONIQU~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {0617F156-3C87-45BD-9989-F3DC09BB5617} - C:\WINDOWS\System32\dmscript32.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: (no name) - {c0350ecf-5e90-4d54-a401-9efff47d7fde} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SB954.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Win64] C:\WINDOWS\system32\1050\svchost.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Monique Thiery\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\WINDOWS\TEMP\E_S12F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Monique Thiery\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {32BD2316-7501-4123-ACED-DCB48D78D5C8} (Sonov Control) - http://sonovpds.ktsystemhosting.com/sonov.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7759148D-4C31-44AC-B199-D8079E4C1C72} (DxInfo Control) - http://www.shaiya.com/download/directx_info/DxInfo_sonov_signed.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\cryptdll32.dll
O20 - Winlogon Notify: e0e1d9d2670 - C:\WINDOWS\System32\cryptdll32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Pack Securite\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Donne toi accès à tous les fichiers. Ensuite, vas sur ce site https://www.virustotal.com/gui/
Colle dans la case à gauche de "parcourir" :
C:\WINDOWS\System32\dmscript32.dll
clique ensuite sur "Envoyer le fichier" puis patiente jusqu'à apparition du message "Situation actuelle: terminé " ; copie alors le rapport dans ta réponse.
Recommence avec ces chemins :
C:\WINDOWS\System32\cryptdll32.dll
C:\WINDOWS\System32\whoiscl.exe
Colle dans la case à gauche de "parcourir" :
C:\WINDOWS\System32\dmscript32.dll
clique ensuite sur "Envoyer le fichier" puis patiente jusqu'à apparition du message "Situation actuelle: terminé " ; copie alors le rapport dans ta réponse.
Recommence avec ces chemins :
C:\WINDOWS\System32\cryptdll32.dll
C:\WINDOWS\System32\whoiscl.exe
Pour C:\WINDOWS\System32\dmscript32.dll voici le résultat:
Fichier dmscript32.dll reçu le 2009.10.17 08:48:41 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.17 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 -
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 Packed.DelfCrypt
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2630 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 Suspicious File
eTrust-Vet None 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.17 -
Jiangmin 11.0.800 2009.10.17 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 -
McAfee-GW-Edition 6.8.5 2009.10.17 -
Microsoft 1.5101 2009.10.17 -
NOD32 4516 2009.10.17 a variant of Win32/Kryptik.AVM
Norman 6.03.02 2009.10.16 -
nProtect 2009.1.8.0 2009.10.17 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 -
Prevx 3.0 2009.10.17 High Risk Fraudulent Security Program
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.17 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.16 -
Information additionnelle
File size: 200192 bytes
MD5...: d2ab0762561c674614cb07d950ece3a4
SHA1..: c0571e52bf8e734530b98668119f1ef9c2e6e838
SHA256: abc8ad036b541692a1d4faa00f1eaacfbcb24288e51721484a6cbd3318ef64f6
ssdeep: 3072:oe48UZQQPlMvxS6uh7onMWGz+gntYDHv5f/VWuZqm61oi7hXlVLbg2eIv5X<br>Gr:Y8UxLsnihux/V3QFlXXL9v5XGr<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2d947<br>timedatestamp.....: 0x48c89609 (Thu Sep 11 03:52:41 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x2c99a 0x2ca00 7.99 d27d0fe00b06eee56afaec5c44785a50<br>DATA 0x2e000 0x34f81 0x600 3.94 0c15502337ed2b92da8fc328653ef57e<br>BSS 0x63000 0xece 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x64000 0x9db 0xa00 4.62 5371661268cdd05530ec6cadb7e20d36<br>.reloc 0x65000 0x2f9f 0x3000 6.80 6e4e0e90e6118a6b501194c23963bc9c<br><br>( 10 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc<br>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br>> dsound.dll: DirectSoundCreate<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=25917FE00087D2410E5C03B208F4500080F886D1' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=25917FE00087D2410E5C03B208F4500080F886D1</a>
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Pour C:\WINDOWS\System32\cryptdll32.dll voici le résultat:
Fichier cryptdll32.dll reçu le 2009.10.17 08:53:58 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.17 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 Packed.DelfCrypt
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2630 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 Suspicious File
eTrust-Vet 35.1.7072 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.17 -
Jiangmin 11.0.800 2009.10.17 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 -
McAfee-GW-Edition 6.8.5 2009.10.17 Trojan.Crypt.ZPACK.Gen
Microsoft 1.5101 2009.10.17 -
NOD32 4516 2009.10.17 a variant of Win32/Kryptik.AVM
Norman 6.03.02 2009.10.16 -
nProtect 2009.1.8.0 2009.10.17 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 -
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.17 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.16 -
Information additionnelle
File size: 119296 bytes
MD5...: bcfe08f6cb5be323473db8325b897f76
SHA1..: 4727f5fa359d2a5a0a5a549037a96aba0a3b3b5e
SHA256: 897312074e3bc37651899a7df5e3f26ae50a5711025485ea91ec1f2e56a77a8b
ssdeep: 1536:GmNpdtXPU2Ol4y5pcTg1ETDagFeJx9Erm6OeE+ZVnHNWfiXTTb5n8/8/Mbk<br>1UpwO:Lp3Um5TgubcJQ4xuHNy0q/8kb4qWQ<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1b398<br>timedatestamp.....: 0x48a5035c (Fri Aug 15 04:17:32 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x1a3e7 0x1a400 7.97 c3f86560f71dd9b9d1c0ccf888783e2b<br>DATA 0x1c000 0x3f47 0x600 3.92 86e3ce615c3109a1333da89dfde90977<br>BSS 0x20000 0xf02 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x21000 0x9c2 0xa00 4.68 593ecfff20924d94c11cee3b5e963920<br>.reloc 0x22000 0x19b2 0x1a00 6.72 f9638b090c641ad2cb5daf0030e20851<br><br>( 9 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc<br>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Et enfin pour C:\WINDOWS\System32\whoiscl.exe voici le résultat:
Fichier whoiscl.exe reçu le 2009.10.17 09:00:52 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.17 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 -
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 HackTool.DHO
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2630 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 Suspicious File
eTrust-Vet None 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.17 -
Jiangmin 11.0.800 2009.10.17 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 -
McAfee-GW-Edition 6.8.5 2009.10.17 -
Microsoft 1.5101 2009.10.17 -
NOD32 4516 2009.10.17 -
Norman 6.03.02 2009.10.16 W32/Fotomoto.B
nProtect 2009.1.8.0 2009.10.17 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 Adware.Fotomoto
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.17 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.16 -
Information additionnelle
File size: 10752 bytes
MD5...: a044ac0f6ca5d276d93aa724bbb9e4a4
SHA1..: 6636cd17fddb6cf3b2a74d3ce3c45b5b85d58470
SHA256: 2ed939094bebc2fc5700ae5c8c22b9c410ba0c25fe75186732ff4112636a4ec4
ssdeep: 192:g/xt7bj+UEwe4cdRXQIbpdhCHMeoi8OL0Wdigvji:YxtbVE12IdCHsWL0+lr<br>i<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x9cf0<br>timedatestamp.....: 0x46d5d627 (Wed Aug 29 20:25:11 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x8000 0x2000 0x2000 7.68 4455a9d5f597efad5ad0d73181d97ae0<br>.rsrc 0xa000 0x1000 0x600 3.00 2507ab474e304d6b6e1277ffa0f27a77<br><br>( 4 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess<br>> MSVCRT.dll: exit<br>> USER32.dll: PostMessageA<br>> WSOCK32.dll: -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
sigcheck:<br>publisher....: NirSoft<br>copyright....: Copyright (c) 2005 - 2007 Nir Sofer<br>product......: WhoisCL<br>description..: WhoisCL<br>original name: WhoisCL.exe<br>internal name: WhoisCL<br>file version.: 1.20<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Fichier dmscript32.dll reçu le 2009.10.17 08:48:41 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.17 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 -
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 Packed.DelfCrypt
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2630 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 Suspicious File
eTrust-Vet None 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.17 -
Jiangmin 11.0.800 2009.10.17 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 -
McAfee-GW-Edition 6.8.5 2009.10.17 -
Microsoft 1.5101 2009.10.17 -
NOD32 4516 2009.10.17 a variant of Win32/Kryptik.AVM
Norman 6.03.02 2009.10.16 -
nProtect 2009.1.8.0 2009.10.17 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 -
Prevx 3.0 2009.10.17 High Risk Fraudulent Security Program
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.17 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.16 -
Information additionnelle
File size: 200192 bytes
MD5...: d2ab0762561c674614cb07d950ece3a4
SHA1..: c0571e52bf8e734530b98668119f1ef9c2e6e838
SHA256: abc8ad036b541692a1d4faa00f1eaacfbcb24288e51721484a6cbd3318ef64f6
ssdeep: 3072:oe48UZQQPlMvxS6uh7onMWGz+gntYDHv5f/VWuZqm61oi7hXlVLbg2eIv5X<br>Gr:Y8UxLsnihux/V3QFlXXL9v5XGr<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x2d947<br>timedatestamp.....: 0x48c89609 (Thu Sep 11 03:52:41 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x2c99a 0x2ca00 7.99 d27d0fe00b06eee56afaec5c44785a50<br>DATA 0x2e000 0x34f81 0x600 3.94 0c15502337ed2b92da8fc328653ef57e<br>BSS 0x63000 0xece 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x64000 0x9db 0xa00 4.62 5371661268cdd05530ec6cadb7e20d36<br>.reloc 0x65000 0x2f9f 0x3000 6.80 6e4e0e90e6118a6b501194c23963bc9c<br><br>( 10 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc<br>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br>> dsound.dll: DirectSoundCreate<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=25917FE00087D2410E5C03B208F4500080F886D1' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=25917FE00087D2410E5C03B208F4500080F886D1</a>
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Pour C:\WINDOWS\System32\cryptdll32.dll voici le résultat:
Fichier cryptdll32.dll reçu le 2009.10.17 08:53:58 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.17 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 Packed.DelfCrypt
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2630 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 Suspicious File
eTrust-Vet 35.1.7072 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.17 -
Jiangmin 11.0.800 2009.10.17 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 -
McAfee-GW-Edition 6.8.5 2009.10.17 Trojan.Crypt.ZPACK.Gen
Microsoft 1.5101 2009.10.17 -
NOD32 4516 2009.10.17 a variant of Win32/Kryptik.AVM
Norman 6.03.02 2009.10.16 -
nProtect 2009.1.8.0 2009.10.17 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 -
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.17 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.16 -
Information additionnelle
File size: 119296 bytes
MD5...: bcfe08f6cb5be323473db8325b897f76
SHA1..: 4727f5fa359d2a5a0a5a549037a96aba0a3b3b5e
SHA256: 897312074e3bc37651899a7df5e3f26ae50a5711025485ea91ec1f2e56a77a8b
ssdeep: 1536:GmNpdtXPU2Ol4y5pcTg1ETDagFeJx9Erm6OeE+ZVnHNWfiXTTb5n8/8/Mbk<br>1UpwO:Lp3Um5TgubcJQ4xuHNy0q/8kb4qWQ<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1b398<br>timedatestamp.....: 0x48a5035c (Fri Aug 15 04:17:32 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x1a3e7 0x1a400 7.97 c3f86560f71dd9b9d1c0ccf888783e2b<br>DATA 0x1c000 0x3f47 0x600 3.92 86e3ce615c3109a1333da89dfde90977<br>BSS 0x20000 0xf02 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x21000 0x9c2 0xa00 4.68 593ecfff20924d94c11cee3b5e963920<br>.reloc 0x22000 0x19b2 0x1a00 6.72 f9638b090c641ad2cb5daf0030e20851<br><br>( 9 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc<br>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Et enfin pour C:\WINDOWS\System32\whoiscl.exe voici le résultat:
Fichier whoiscl.exe reçu le 2009.10.17 09:00:52 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.17 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 -
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 HackTool.DHO
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2630 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 Suspicious File
eTrust-Vet None 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.17 -
Jiangmin 11.0.800 2009.10.17 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 -
McAfee-GW-Edition 6.8.5 2009.10.17 -
Microsoft 1.5101 2009.10.17 -
NOD32 4516 2009.10.17 -
Norman 6.03.02 2009.10.16 W32/Fotomoto.B
nProtect 2009.1.8.0 2009.10.17 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 Adware.Fotomoto
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.17 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.16 -
Information additionnelle
File size: 10752 bytes
MD5...: a044ac0f6ca5d276d93aa724bbb9e4a4
SHA1..: 6636cd17fddb6cf3b2a74d3ce3c45b5b85d58470
SHA256: 2ed939094bebc2fc5700ae5c8c22b9c410ba0c25fe75186732ff4112636a4ec4
ssdeep: 192:g/xt7bj+UEwe4cdRXQIbpdhCHMeoi8OL0Wdigvji:YxtbVE12IdCHsWL0+lr<br>i<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x9cf0<br>timedatestamp.....: 0x46d5d627 (Wed Aug 29 20:25:11 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x8000 0x2000 0x2000 7.68 4455a9d5f597efad5ad0d73181d97ae0<br>.rsrc 0xa000 0x1000 0x600 3.00 2507ab474e304d6b6e1277ffa0f27a77<br><br>( 4 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess<br>> MSVCRT.dll: exit<br>> USER32.dll: PostMessageA<br>> WSOCK32.dll: -<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
sigcheck:<br>publisher....: NirSoft<br>copyright....: Copyright (c) 2005 - 2007 Nir Sofer<br>product......: WhoisCL<br>description..: WhoisCL<br>original name: WhoisCL.exe<br>internal name: WhoisCL<br>file version.: 1.20<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Voici le rapport:
ComboFix 09-10-16.09 - Monique Thiery 17/10/2009 11:33.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1535.927 [GMT 2:00]
Lancé depuis: c:\documents and settings\Monique Thiery\Mes documents\Téléchargements\ComboFix.exe
AV: Test version of AV+IS+PC 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Test version of AV+IS+PC 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MONIQU~1\LOCALS~1\Temp\40.tmp
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670C.manifest
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670O.manifest
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670P.manifest
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670S.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670C.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670O.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670P.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670S.manifest
c:\documents and settings\Monique Thiery\Local Settings\Temp\40.tmp
c:\program files\QUAD Utilities
c:\recycler\S-1-5-21-1045995329-434241175-2908802796-1003
c:\windows\GnuHashes.ini
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\7y42PQn5rK8hP.vbs
c:\windows\system32\8LiWXpKfQOsmCIx.vbs
c:\windows\system32\9rBtDIi.vbs
c:\windows\system32\DBGHELP32.DLL
c:\windows\system32\DMSCRIPT32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hekVU.vbs
c:\windows\system32\Ijl11.dll
c:\windows\system32\jzkirRR.vbs
c:\windows\system32\k7UumN9C7DDURYk.vbs
c:\windows\system32\lgfr3SF.vbs
c:\windows\system32\LocalService\313.crack.zip
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\Q7OJf7h.vbs
c:\windows\system32\qtrUPyn2j8uNn.vbs
c:\windows\system32\VOygw.vbs
c:\windows\system32\wdTfSycR2ndv0.vbs
c:\windows\system32\X3uhgcvzvlFd1a8.vbs
c:\windows\system32\ytn1GAvbtAcNn.vbs
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-17 au 2009-10-17 ))))))))))))))))))))))))))))))))))))
.
2009-10-17 07:00 . 2009-10-17 07:01 200192 ----a-w- c:\windows\system32\dgnet32.dll
2009-10-16 20:22 . 2009-10-16 20:22 200192 ----a-w- c:\windows\system32\dplayx32.dll
2009-10-16 11:52 . 2009-10-16 11:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-16 11:23 . 2009-10-16 11:24 -------- d-----w- C:\Yoog_Fix
2009-10-16 11:19 . 2009-10-16 11:19 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-10-16 11:13 . 2009-10-16 11:38 -------- d-----w- C:\ToolBar SD
2009-10-16 11:11 . 2009-10-16 11:11 -------- d-----w- c:\program files\CCleaner
2009-10-16 10:38 . 2009-10-17 08:02 -------- d-----w- C:\GenProc
2009-10-16 09:42 . 2009-10-16 09:42 200192 ----a-w- c:\windows\system32\devmgr32.dll
2009-10-11 16:14 . 2007-12-07 19:01 78848 ----a-w- c:\windows\system32\E_FD4BFBE.DLL
2009-10-11 16:14 . 2008-08-08 19:09 86528 ----a-w- c:\windows\system32\E_FLBFBE.DLL
2009-10-11 16:13 . 2009-10-11 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-10-11 16:12 . 2008-11-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2009-10-11 16:12 . 2006-08-25 17:00 9216 ----a-w- c:\windows\system32\escdev.dll
2009-10-07 14:59 . 2009-10-17 09:36 -------- d-sh--w- c:\windows\system32\LocalService
2009-09-20 15:14 . 2009-09-20 15:14 -------- d-sh--w- c:\documents and settings\Monique Thiery\PrivacIE
2009-09-20 11:51 . 2009-09-20 11:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-20 11:50 . 2009-09-20 11:50 -------- d-sh--w- c:\documents and settings\Monique Thiery\IETldCache
2009-09-20 11:44 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-20 11:44 . 2009-09-20 11:44 -------- d-----w- c:\windows\ie8updates
2009-09-20 11:43 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-20 11:43 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-20 11:42 . 2009-09-20 11:43 -------- dc-h--w- c:\windows\ie8
2009-09-20 11:33 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-19 14:19 . 2009-09-19 14:19 119296 ----a-w- c:\windows\system32\cryptdll32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 06:57 . 2007-06-22 22:27 -------- d-----w- c:\program files\Pack Securite
2009-10-16 01:10 . 2004-08-05 19:00 87858 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-16 01:10 . 2004-08-05 19:00 517346 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-15 18:46 . 2008-10-12 05:34 -------- d-----w- c:\program files\Metin2_France
2009-10-13 16:03 . 2009-10-13 16:03 4896 --sha-w- c:\windows\system32\241.tmp
2009-10-11 16:18 . 2007-06-23 07:45 -------- d-----w- c:\program files\epson
2009-10-10 10:00 . 2009-08-28 11:12 -------- d-----w- c:\program files\AionFR
2009-10-07 18:56 . 2009-08-24 14:41 -------- d-----w- c:\program files\NCSoft
2009-10-07 18:48 . 2008-06-24 21:28 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\OpenOffice.org2
2009-10-07 14:53 . 2008-01-27 20:57 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-07 13:37 . 2009-10-07 13:37 0 ----a-w- c:\windows\system32\5016.tmp
2009-10-02 21:18 . 2009-02-11 12:44 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\Skype
2009-10-02 19:48 . 2009-02-11 12:46 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\skypePM
2009-10-02 18:49 . 2008-09-18 15:15 -------- d-----w- c:\program files\World of Warcraft
2009-09-30 21:51 . 2009-09-30 01:51 523264 --sha-w- c:\windows\system32\1DF.tmp
2009-09-23 06:04 . 2009-09-23 06:04 0 ----a-w- c:\windows\system32\11C.tmp
2009-09-21 15:13 . 2009-09-21 15:13 0 ----a-w- c:\windows\system32\11A.tmp
2009-09-21 15:13 . 2009-09-21 15:13 0 ----a-w- c:\windows\system32\118.tmp
2009-09-20 11:50 . 2009-06-05 16:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-20 11:47 . 2007-06-22 21:38 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\LimeWire
2009-09-20 11:23 . 2009-05-16 12:55 -------- d-----w- c:\program files\Cain
2009-09-14 17:12 . 2007-06-22 13:11 -------- d-----w- c:\program files\Warcraft III
2009-09-13 09:54 . 2008-11-12 15:06 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\EPSON
2009-09-11 14:18 . 2004-08-05 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-05 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:21 . 2009-01-15 14:57 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\GetRightToGo
2009-09-02 12:19 . 2007-06-22 10:59 -------- d-----w- c:\program files\StarOffice7
2009-08-31 14:19 . 2009-08-31 14:16 -------- d-----w- c:\program files\NirSoft
2009-08-29 10:14 . 2009-08-29 10:12 -------- d-----w- c:\program files\LG PC Suite 2
2009-08-29 10:12 . 2007-06-25 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 07:56 . 2004-08-05 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:47 . 2007-06-22 13:14 68194 ----a-w- c:\windows\War3Unin.dat
2009-08-26 08:42 . 2008-08-15 21:12 -------- d-----w- c:\program files\Conduit
2009-08-26 08:01 . 2004-08-05 19:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 08:56 . 2009-01-31 15:56 -------- d-----w- c:\program files\RAR Password Cracker
2009-08-25 08:55 . 2009-01-31 08:16 -------- d-----w- c:\program files\VuPassword
2009-08-25 08:55 . 2008-12-12 21:19 -------- d-----w- c:\program files\WarRock
2009-08-25 08:50 . 2008-10-03 15:26 -------- d-----w- c:\program files\Dofus
2009-08-25 08:49 . 2009-05-03 17:23 -------- d-----w- c:\program files\DBZ Online
2009-08-23 06:00 . 2007-08-18 12:58 41432 -c--a-w- c:\documents and settings\Monique Thiery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 01:16 . 2009-08-22 01:16 -------- d-----w- c:\program files\MSBuild
2009-08-22 01:16 . 2009-08-22 01:16 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:00 . 2004-08-05 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2004-08-05 19:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2004-08-04 07:48 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-09-15 16:02 . 2008-09-15 16:02 1287872 ----a-w- c:\program files\WoW-2.3.0.7561-frFR-downloader.exe
2007-09-02 17:42 . 2007-09-02 17:42 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-07-22 09:51 . 2004-07-22 09:51 3432656 -c--a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 -c--a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 -c--a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 -c--a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 -c--a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 -c--a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 -c--a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"NCsoft Launcher"="c:\program files\ncsoft\launcher\NCLauncher.exe" [2009-10-16 38184]
"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2009-06-20 955712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SoftwareHelper"="c:\documents and settings\Monique Thiery\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"InstantTray"="c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-09-02 770048]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 1123840]
c:\documents and settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - c:\program files\StarOffice7\program\soffice.exe [2003-11-1 655360]
c:\documents and settings\Monique Thiery\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Monique Thiery\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-16 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-7-16 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\e0e1d9d2670]
2009-09-19 14:19 119296 ----a-w- c:\windows\system32\cryptdll32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [17/01/2009 10:45 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [23/06/2007 00:28 79904]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01/08/2003 14:47 29239]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\drivers\fshs.sys [17/01/2009 10:28 66720]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 14:50 188416]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [05/06/2009 18:11 55152]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03/08/2004 11:10 62976]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [23/06/2007 00:27 101496]
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [17/09/2004 11:56 381312]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Pack Securite\ORSP Client\fsorsp.exe [17/01/2009 10:28 55904]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 17:35 50704]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [23/06/2007 00:27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [23/06/2007 00:27 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-10-12 c:\windows\Tasks\Nettoyage de disque.job
- c:\windows\system32\cleanmgr.exe [2004-08-05 02:33]
2009-10-17 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-06-22 13:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {32BD2316-7501-4123-ACED-DCB48D78D5C8} - hxxp://sonovpds.ktsystemhosting.com/sonov.cab
DPF: {7759148D-4C31-44AC-B199-D8079E4C1C72} - hxxp://www.shaiya.com/download/directx_info/DxInfo_sonov_signed.cab
FF - ProfilePath - c:\documents and settings\Monique Thiery\Application Data\Mozilla\Firefox\Profiles\rggfn98l.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Neuf\TV_PC\VLC\npvlc.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0617F156-3C87-45BD-9989-F3DC09BB5617} - c:\windows\System32\dmscript32.dll
BHO-{c0350ecf-5e90-4d54-a401-9efff47d7fde} - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-Win64 - c:\windows\system32\1050\svchost.exe
HKLM-Run-EoEngine - (no file)
AddRemove-DcadsGames - c:\program files\Dcads Games Collection\uninstall.exe
AddRemove-HijackThis - c:\docume~1\MONIQU~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
AddRemove-RAM Cheat - c:\ram cheat\RAMCheat.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 11:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-179674201-3232385226-624995838-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E31815F7-B04C-8415-9361-197BFB97CFAD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najgfpgplamdpmggncnibhfcgnde"=hex:6a,61,6e,6a,69,6f,69,62,6a,62,66,66,63,66,
69,65,6b,6c,6b,6b,00,00
"malfhmmandbjglilflenhkcmih"=hex:6a,61,6e,6a,69,6f,69,62,6a,62,66,66,63,66,69,
65,6b,6c,6b,6b,00,28
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\System32\cryptdll32.dll
c:\program files\Pack Securite\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(1024)
c:\program files\Pack Securite\FSPS\program\fslsp.dll
c:\program files\Pack Securite\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(2328)
c:\program files\Macrogaming\SweetIM\mgAdaptersProxy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\cryptdll32.dll
c:\program files\Pack Securite\FSPS\program\fslsp.dll
c:\program files\pack securite\scanner-interface\fsgkiapi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(944)
c:\program files\Pack Securite\FWES\Program\fsdc32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Pack Securite\Anti-Virus\fsgk32st.exe
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Pack Securite\Anti-Virus\fsgk32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Pack Securite\Anti-Virus\fssm32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\documents and settings\Monique Thiery\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pack Securite\Common\FSLAUNCHER0.EXE
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-10-17 11:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-17 09:47
Avant-CF: 102 097 223 680 octets libres
Après-CF: 102 256 611 328 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
335 --- E O F --- 2009-10-16 01:11
ComboFix 09-10-16.09 - Monique Thiery 17/10/2009 11:33.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1535.927 [GMT 2:00]
Lancé depuis: c:\documents and settings\Monique Thiery\Mes documents\Téléchargements\ComboFix.exe
AV: Test version of AV+IS+PC 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Test version of AV+IS+PC 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MONIQU~1\LOCALS~1\Temp\40.tmp
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670C.manifest
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670O.manifest
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670P.manifest
c:\documents and settings\Administrateur\Application Data\0200000096a9a2d9670S.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670C.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670O.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670P.manifest
c:\documents and settings\Monique Thiery\Application Data\0200000096a9a2d9670S.manifest
c:\documents and settings\Monique Thiery\Local Settings\Temp\40.tmp
c:\program files\QUAD Utilities
c:\recycler\S-1-5-21-1045995329-434241175-2908802796-1003
c:\windows\GnuHashes.ini
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\7y42PQn5rK8hP.vbs
c:\windows\system32\8LiWXpKfQOsmCIx.vbs
c:\windows\system32\9rBtDIi.vbs
c:\windows\system32\DBGHELP32.DLL
c:\windows\system32\DMSCRIPT32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hekVU.vbs
c:\windows\system32\Ijl11.dll
c:\windows\system32\jzkirRR.vbs
c:\windows\system32\k7UumN9C7DDURYk.vbs
c:\windows\system32\lgfr3SF.vbs
c:\windows\system32\LocalService\313.crack.zip
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\Q7OJf7h.vbs
c:\windows\system32\qtrUPyn2j8uNn.vbs
c:\windows\system32\VOygw.vbs
c:\windows\system32\wdTfSycR2ndv0.vbs
c:\windows\system32\X3uhgcvzvlFd1a8.vbs
c:\windows\system32\ytn1GAvbtAcNn.vbs
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-17 au 2009-10-17 ))))))))))))))))))))))))))))))))))))
.
2009-10-17 07:00 . 2009-10-17 07:01 200192 ----a-w- c:\windows\system32\dgnet32.dll
2009-10-16 20:22 . 2009-10-16 20:22 200192 ----a-w- c:\windows\system32\dplayx32.dll
2009-10-16 11:52 . 2009-10-16 11:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-16 11:23 . 2009-10-16 11:24 -------- d-----w- C:\Yoog_Fix
2009-10-16 11:19 . 2009-10-16 11:19 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-10-16 11:13 . 2009-10-16 11:38 -------- d-----w- C:\ToolBar SD
2009-10-16 11:11 . 2009-10-16 11:11 -------- d-----w- c:\program files\CCleaner
2009-10-16 10:38 . 2009-10-17 08:02 -------- d-----w- C:\GenProc
2009-10-16 09:42 . 2009-10-16 09:42 200192 ----a-w- c:\windows\system32\devmgr32.dll
2009-10-11 16:14 . 2007-12-07 19:01 78848 ----a-w- c:\windows\system32\E_FD4BFBE.DLL
2009-10-11 16:14 . 2008-08-08 19:09 86528 ----a-w- c:\windows\system32\E_FLBFBE.DLL
2009-10-11 16:13 . 2009-10-11 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-10-11 16:12 . 2008-11-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2009-10-11 16:12 . 2006-08-25 17:00 9216 ----a-w- c:\windows\system32\escdev.dll
2009-10-07 14:59 . 2009-10-17 09:36 -------- d-sh--w- c:\windows\system32\LocalService
2009-09-20 15:14 . 2009-09-20 15:14 -------- d-sh--w- c:\documents and settings\Monique Thiery\PrivacIE
2009-09-20 11:51 . 2009-09-20 11:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-20 11:50 . 2009-09-20 11:50 -------- d-sh--w- c:\documents and settings\Monique Thiery\IETldCache
2009-09-20 11:44 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-20 11:44 . 2009-09-20 11:44 -------- d-----w- c:\windows\ie8updates
2009-09-20 11:43 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-20 11:43 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-20 11:42 . 2009-09-20 11:43 -------- dc-h--w- c:\windows\ie8
2009-09-20 11:33 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-19 14:19 . 2009-09-19 14:19 119296 ----a-w- c:\windows\system32\cryptdll32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 06:57 . 2007-06-22 22:27 -------- d-----w- c:\program files\Pack Securite
2009-10-16 01:10 . 2004-08-05 19:00 87858 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-16 01:10 . 2004-08-05 19:00 517346 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-15 18:46 . 2008-10-12 05:34 -------- d-----w- c:\program files\Metin2_France
2009-10-13 16:03 . 2009-10-13 16:03 4896 --sha-w- c:\windows\system32\241.tmp
2009-10-11 16:18 . 2007-06-23 07:45 -------- d-----w- c:\program files\epson
2009-10-10 10:00 . 2009-08-28 11:12 -------- d-----w- c:\program files\AionFR
2009-10-07 18:56 . 2009-08-24 14:41 -------- d-----w- c:\program files\NCSoft
2009-10-07 18:48 . 2008-06-24 21:28 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\OpenOffice.org2
2009-10-07 14:53 . 2008-01-27 20:57 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-07 13:37 . 2009-10-07 13:37 0 ----a-w- c:\windows\system32\5016.tmp
2009-10-02 21:18 . 2009-02-11 12:44 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\Skype
2009-10-02 19:48 . 2009-02-11 12:46 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\skypePM
2009-10-02 18:49 . 2008-09-18 15:15 -------- d-----w- c:\program files\World of Warcraft
2009-09-30 21:51 . 2009-09-30 01:51 523264 --sha-w- c:\windows\system32\1DF.tmp
2009-09-23 06:04 . 2009-09-23 06:04 0 ----a-w- c:\windows\system32\11C.tmp
2009-09-21 15:13 . 2009-09-21 15:13 0 ----a-w- c:\windows\system32\11A.tmp
2009-09-21 15:13 . 2009-09-21 15:13 0 ----a-w- c:\windows\system32\118.tmp
2009-09-20 11:50 . 2009-06-05 16:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-20 11:47 . 2007-06-22 21:38 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\LimeWire
2009-09-20 11:23 . 2009-05-16 12:55 -------- d-----w- c:\program files\Cain
2009-09-14 17:12 . 2007-06-22 13:11 -------- d-----w- c:\program files\Warcraft III
2009-09-13 09:54 . 2008-11-12 15:06 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\EPSON
2009-09-11 14:18 . 2004-08-05 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-05 19:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:21 . 2009-01-15 14:57 -------- d-----w- c:\documents and settings\Monique Thiery\Application Data\GetRightToGo
2009-09-02 12:19 . 2007-06-22 10:59 -------- d-----w- c:\program files\StarOffice7
2009-08-31 14:19 . 2009-08-31 14:16 -------- d-----w- c:\program files\NirSoft
2009-08-29 10:14 . 2009-08-29 10:12 -------- d-----w- c:\program files\LG PC Suite 2
2009-08-29 10:12 . 2007-06-25 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 07:56 . 2004-08-05 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:47 . 2007-06-22 13:14 68194 ----a-w- c:\windows\War3Unin.dat
2009-08-26 08:42 . 2008-08-15 21:12 -------- d-----w- c:\program files\Conduit
2009-08-26 08:01 . 2004-08-05 19:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 08:56 . 2009-01-31 15:56 -------- d-----w- c:\program files\RAR Password Cracker
2009-08-25 08:55 . 2009-01-31 08:16 -------- d-----w- c:\program files\VuPassword
2009-08-25 08:55 . 2008-12-12 21:19 -------- d-----w- c:\program files\WarRock
2009-08-25 08:50 . 2008-10-03 15:26 -------- d-----w- c:\program files\Dofus
2009-08-25 08:49 . 2009-05-03 17:23 -------- d-----w- c:\program files\DBZ Online
2009-08-23 06:00 . 2007-08-18 12:58 41432 -c--a-w- c:\documents and settings\Monique Thiery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 01:16 . 2009-08-22 01:16 -------- d-----w- c:\program files\MSBuild
2009-08-22 01:16 . 2009-08-22 01:16 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:00 . 2004-08-05 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2004-08-05 19:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2004-08-04 07:48 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-09-15 16:02 . 2008-09-15 16:02 1287872 ----a-w- c:\program files\WoW-2.3.0.7561-frFR-downloader.exe
2007-09-02 17:42 . 2007-09-02 17:42 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-07-22 09:51 . 2004-07-22 09:51 3432656 -c--a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 -c--a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 -c--a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 -c--a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 -c--a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 -c--a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 -c--a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"NCsoft Launcher"="c:\program files\ncsoft\launcher\NCLauncher.exe" [2009-10-16 38184]
"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2009-06-20 955712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SoftwareHelper"="c:\documents and settings\Monique Thiery\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"InstantTray"="c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-09-02 770048]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 1123840]
c:\documents and settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 7.lnk - c:\program files\StarOffice7\program\soffice.exe [2003-11-1 655360]
c:\documents and settings\Monique Thiery\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Monique Thiery\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-16 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-7-16 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\e0e1d9d2670]
2009-09-19 14:19 119296 ----a-w- c:\windows\system32\cryptdll32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [17/01/2009 10:45 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [23/06/2007 00:28 79904]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01/08/2003 14:47 29239]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\drivers\fshs.sys [17/01/2009 10:28 66720]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 14:50 188416]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [05/06/2009 18:11 55152]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03/08/2004 11:10 62976]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [23/06/2007 00:27 101496]
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [17/09/2004 11:56 381312]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Pack Securite\ORSP Client\fsorsp.exe [17/01/2009 10:28 55904]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 17:35 50704]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [23/06/2007 00:27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [23/06/2007 00:27 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2009-10-12 c:\windows\Tasks\Nettoyage de disque.job
- c:\windows\system32\cleanmgr.exe [2004-08-05 02:33]
2009-10-17 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-06-22 13:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {32BD2316-7501-4123-ACED-DCB48D78D5C8} - hxxp://sonovpds.ktsystemhosting.com/sonov.cab
DPF: {7759148D-4C31-44AC-B199-D8079E4C1C72} - hxxp://www.shaiya.com/download/directx_info/DxInfo_sonov_signed.cab
FF - ProfilePath - c:\documents and settings\Monique Thiery\Application Data\Mozilla\Firefox\Profiles\rggfn98l.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Neuf\TV_PC\VLC\npvlc.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0617F156-3C87-45BD-9989-F3DC09BB5617} - c:\windows\System32\dmscript32.dll
BHO-{c0350ecf-5e90-4d54-a401-9efff47d7fde} - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-Win64 - c:\windows\system32\1050\svchost.exe
HKLM-Run-EoEngine - (no file)
AddRemove-DcadsGames - c:\program files\Dcads Games Collection\uninstall.exe
AddRemove-HijackThis - c:\docume~1\MONIQU~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
AddRemove-RAM Cheat - c:\ram cheat\RAMCheat.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 11:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-179674201-3232385226-624995838-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E31815F7-B04C-8415-9361-197BFB97CFAD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najgfpgplamdpmggncnibhfcgnde"=hex:6a,61,6e,6a,69,6f,69,62,6a,62,66,66,63,66,
69,65,6b,6c,6b,6b,00,00
"malfhmmandbjglilflenhkcmih"=hex:6a,61,6e,6a,69,6f,69,62,6a,62,66,66,63,66,69,
65,6b,6c,6b,6b,00,28
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\System32\cryptdll32.dll
c:\program files\Pack Securite\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(1024)
c:\program files\Pack Securite\FSPS\program\fslsp.dll
c:\program files\Pack Securite\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(2328)
c:\program files\Macrogaming\SweetIM\mgAdaptersProxy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\cryptdll32.dll
c:\program files\Pack Securite\FSPS\program\fslsp.dll
c:\program files\pack securite\scanner-interface\fsgkiapi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(944)
c:\program files\Pack Securite\FWES\Program\fsdc32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Pack Securite\Anti-Virus\fsgk32st.exe
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Pack Securite\Anti-Virus\fsgk32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Pack Securite\Anti-Virus\fssm32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\documents and settings\Monique Thiery\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pack Securite\Common\FSLAUNCHER0.EXE
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-10-17 11:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-17 09:47
Avant-CF: 102 097 223 680 octets libres
Après-CF: 102 256 611 328 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
335 --- E O F --- 2009-10-16 01:11
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\System32\dmscript32.dll
C:\WINDOWS\System32\cryptdll32.dll
C:\WINDOWS\System32\whoiscl.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\e0e1d9d2670]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0617F156-3C87-45BD-9989-F3DC09BB5617}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Enregistre ce fichier sous le nom CFScript
[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
File::
C:\WINDOWS\System32\dmscript32.dll
C:\WINDOWS\System32\cryptdll32.dll
C:\WINDOWS\System32\whoiscl.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\e0e1d9d2670]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0617F156-3C87-45BD-9989-F3DC09BB5617}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Enregistre ce fichier sous le nom CFScript
[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
La manip ne fonctionne pas,la fenetre bleue s'affiche mais le message que tu m'as dicté ne s'affiche pas lui à la place cela me met comme si un scan complet aller se faire donc j'ai attendu pendant plus de 30 min et ça n'a pas bouger. Je dois partir je reviendrai sur le forum se soir, bonne journée.
