Sujet Précédent Sujet Suivant

Trojan smp/lx

JINGLE62 -  
 JINGLE62 -
Bonjour,
j'ai attrapé un virus , j'ai fait un log avec hijack voila ce que ca donne :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:43, on 08/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\odbn0.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\servicelayer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\wdmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\MBOTIVEAU\Application Data\nvwrfont50\nvwrfont50.exe
C:\Documents and Settings\MBOTIVEAU\Application Data\f4.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\MBOTIVEAU\Mes documents\FxNetsky.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\MBOTIVEAU\Application Data\nvwrfont50\nvwrfont50.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Program Files\CoSine Communications\IPSec Dial Client\vpn -deactivate
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [CardDetector] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [odbny0] C:\WINDOWS\odbn0.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [servicelayer] C:\WINDOWS\servicelayer.exe
O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [localxmlruntime] rundll32.exe "C:\Documents and Settings\MBOTIVEAU\Local Settings\Application Data\localxmlruntime\localxmlruntime.dll", DllInit
O4 - HKCU\..\Run: [nvwrfont50] C:\Documents and Settings\MBOTIVEAU\Application Data\nvwrfont50\nvwrfont50.exe
O4 - HKCU\..\Run: [Win32load] C:\Documents and Settings\MBOTIVEAU\Application Data\f4.exe -lds
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Intellex Event Handler.lnk = C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
O4 - Global Startup: SoftRemote.lnk = C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com
O15 - Trusted Zone: http://*.buy-is2010.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.is-software-download25.com
O15 - Trusted Zone: http://*.is10-soft-download.com
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O16 - DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} (InstaFred Control) - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Fra/InstFred.ocx
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://86.66.8.205/NELX.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Contrôle d'AcDcToday) - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Fra/AcDcToday.ocx
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://86.66.8.205/MLWebCacheCleaner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Fra/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5565C614-3483-413A-A79A-300DD5EE29FD}: NameServer = 85.255.112.148,85.255.112.108
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E882BF4-5C92-46A6-868D-90BB8235CDB1}: NameServer = 85.255.112.148,85.255.112.108
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA684ACE-207D-47A0-A047-9CB67C0DDB22}: NameServer = 85.255.112.148,85.255.112.108
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.148,85.255.112.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.148,85.255.112.108
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
A voir également:

19 réponses

Réponse 1 / 19
Utilisateur anonyme
 
• Bonjour

• Télécharge et installe : Malwarebyte’s Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici.(poste le rapport, même si rien n'est détecté.)
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 2 / 19
JINGLE62 Messages postés 1 Statut Membre
 
bonjour,

je n'arive pas a telecharger ce logiciel !

help
0
Réponse 3 / 19
Utilisateur anonyme
 
Rends toi ici - Proxy 1: Anonymouse
et copie/colles ceci. https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html
0
Réponse 4 / 19
JINGLE62
 
Re,

impossible de telehcarger avec cette manipulation cela m'indique que le logiciel est trop volumineux pour faire de la sorte

cdt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Utilisateur anonyme
 
On va faire avec un autre programma
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte. (important en cas de problème)
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
0
Réponse 6 / 19
JINGLE62
 
ComboFix 10-02-07.07 - RCROQUELOIS 08/02/2010 12:58:10.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.895.179 [GMT 1:00]
Lancé depuis: c:\documents and settings\MBOTIVEAU\Bureau\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
.
[i] ADS - svchost.exe: deleted 88 bytes in 2 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\iegggyg_nav.dat
c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\localxmlruntime\localxmlruntime.dll
c:\recycler\S-1-5-21-1167477302-2446335624-1433709782-500
c:\recycler\S-1-5-21-117609710-706699826-839522115-500
c:\windows\odbn0.exe
c:\windows\servicelayer.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\gxvxccount
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\setup.ini
c:\windows\system32\smss32.exe
c:\windows\system32\winlogon32.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\wdmon.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Service_gxvxcserv.sys

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-08 au 2010-02-08 ))))))))))))))))))))))))))))))))))))
.

2010-02-08 12:09 . 2010-02-08 12:09 114688 ----a-w- c:\windows\system32\chg.exe
2010-02-08 08:39 . 2010-02-08 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-08 08:39 . 2010-02-08 08:39 -------- d-----w- c:\program files\CCleaner
2010-02-08 07:50 . 2010-02-08 07:55 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-02-08 07:23 . 2010-02-08 07:23 -------- d-----w- c:\program files\Trend Micro
2010-02-07 21:57 . 2010-02-08 12:05 -------- d-----w- c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\localxmlruntime
2010-02-07 21:57 . 2010-02-07 21:57 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\nvwrfont50
2010-01-17 20:08 . 2010-01-18 01:56 -------- d-----w- C:\Netgear
2010-01-17 19:40 . 2006-03-10 21:31 44224 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2010-01-12 21:43 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 12:11 . 2007-09-03 16:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-02-08 11:50 . 2009-11-06 23:12 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\HPAppData
2010-02-08 10:30 . 2009-12-26 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-08 08:39 . 2009-08-07 23:56 -------- d-----w- c:\program files\Yahoo!
2010-02-08 01:16 . 2009-12-26 21:01 -------- d-----w- c:\program files\Spyware Terminator
2010-02-08 01:14 . 2010-02-07 21:58 17408 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
2010-02-08 01:14 . 2010-02-07 21:58 17408 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
2010-02-08 01:11 . 2010-02-07 19:47 53248 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\nvwrfont50\nvwrfont50.exe
2010-02-07 23:45 . 2009-12-26 21:01 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\Spyware Terminator
2010-01-26 17:36 . 2007-09-10 15:46 101544 ----a-w- c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 12:59 . 2007-09-03 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 12:55 . 2007-09-03 16:48 -------- d-----w- c:\program files\Microsoft Works
2010-01-18 02:04 . 2004-08-05 08:00 14336 ----a-w- c:\windows\system32\svchost.exe
2010-01-17 22:26 . 2007-09-03 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:34 . 2009-01-19 17:18 -------- d-----w- c:\program files\Air France TravelDesk
2010-01-10 13:51 . 2009-03-04 22:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 19:25 . 2010-01-08 19:25 -------- d-----w- c:\program files\Mio Technology
2010-01-05 14:06 . 2007-09-30 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-05 09:56 . 2004-08-05 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 22:59 . 2007-09-30 12:03 101544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 16:27 . 2004-08-17 08:20 89314 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-30 16:27 . 2004-08-17 08:20 525456 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-26 21:01 . 2009-12-26 21:01 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-12-26 21:01 . 2009-12-26 21:01 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-12-26 21:01 . 2009-12-26 21:01 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-26 20:32 . 2009-08-07 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 20:31 . 2009-08-07 23:51 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-26 20:31 . 2009-08-07 23:51 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-26 20:30 . 2009-08-07 23:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 15:58 . 2004-08-05 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 00:45 . 2009-11-06 20:29 167740 ----a-w- c:\windows\hpoins30.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-26 3037696]
"nvwrfont50"="c:\documents and settings\MBOTIVEAU\Application Data\nvwrfont50\nvwrfont50.exe" [2010-02-08 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BEWDeactivateSafenet"="c:\program files\CoSine Communications\IPSec Dial Client\vpn -deactivate" [X]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-25 77824]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-05-14 124928]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 66656]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-31 124128]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 98304]
"CamserviceDeluxe2"="c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920]
"AdslTaskBar"="stmctrl.dll" [2006-09-25 151552]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-10-16 102400]
"CardDetector"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-10-18 241664]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" [2007-10-30 102400]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2007-10-24 562608]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-02-10 26112]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\MBOTIVEAU\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-9-10 82026]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-3 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Intellex Event Handler.lnk - c:\program files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2007-2-14 790528]
SoftRemote.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2007-9-10 73780]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Equant\\Dialer\\dialer.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NetworkClient.exe"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NtlxEventhandler.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\MBOTIVEAU\\Application Data\\f4.exe"=
"c:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\CoSine Communications\IPSec Dial Client\vpn.exe"= c:\program files\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [10/09/2007 08:25 136760]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26/12/2009 22:01 142592]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [08/02/2010 08:50 1858144]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 09:00 14336]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 09:00 14336]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [10/09/2007 08:25 536634]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [25/06/2007 02:25 540448]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [10/09/2007 08:25 36188]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [29/01/2009 14:24 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [29/01/2009 14:24 51968]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/09/2006 17:58 36608]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [24/10/2007 01:09 19376]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [10/09/2007 08:24 20352]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [04/03/2009 23:00 16896]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [10/02/2008 17:36 36256]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [22/03/2008 22:58 94720]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;c:\windows\system32\drivers\GtVUsb.sys [10/09/2007 08:23 5120]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [31/03/2004 14:45 169192]
S3 TaurusUsb;Siemens ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [13/08/2008 16:00 684490]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2007-09-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-09-10 14:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Fra/InstFred.ocx
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://86.66.8.205/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://86.66.8.205/MLWebCacheCleaner.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-localxmlruntime - c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\localxmlruntime\localxmlruntime.dll
HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
ActiveSetup-ccc-core-static - msiexec

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 13:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1988)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\bin\FRA\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\bin\FRA\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\NetAdmin.dll

- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Equant\Dialer\EACSvrMngr.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\windows\system32\rundll32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\mqsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\OrangeHSS\systray\systrayapp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2010-02-08 13:19:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-08 12:19

Avant-CF: 70 995 865 600 octets libres
Après-CF: 70 902 124 544 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 82FF222CFC6392EBCEB702C8D193FC64
0
Utilisateur anonyme
 
Tu peux essayer de télécharger Malawaresbytes.?
0
Réponse 7 / 19
Mr.karim Messages postés 97 Statut Membre 8
 
techreger new
avira antivirus

http://wallpapers-live.blogspot.com/2010/02/avira-antivirus-premuim-key-to-31-16.html
0
Réponse 8 / 19
JINGLE62
 
ok c'est bon je l'ai telecharger ouffff
0
Réponse 9 / 19
JINGLE62
 
re,

voila la resultat

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3707
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

08/02/2010 15:53:42
mbam-log-2010-02-08 (15-53-42).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 256787
Temps écoulé: 1 hour(s), 17 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\MBOTIVEAU\Application Data\Sun\Java\Deployment\cache\6.0\57\1f861839-728f1a3b (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\servicelayer.exe.vir (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\wdmon.exe.vir (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0247764.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0247765.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0247766.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0247767.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0247768.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0248012.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP632\A0248021.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
0
Réponse 10 / 19
Utilisateur anonyme
 
• Télécharge [https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html ZHPDiag ( de Nicolas coolman ).
• Laisse toi guider lors de l'installation
• Il se lancera automatiquement à la fin de l'installation
• Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
• Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
• Héberge le rapport ZHPDiag.txt sur le site cijoint.fr, puis copie/colle le lien fournit dans ta prochaine réponse sur le forum
0
Réponse 11 / 19
JINGLE62
 
re,
ci-dessous le fichier

merci

http://www.cijoint.fr/cjlink.php?file=cj201002/cijDTD16IE.txt
0
Réponse 12 / 19
Utilisateur anonyme
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour jingle62, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier jingle62.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau et pas ailleurs.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

0
Réponse 13 / 19
JINGLE62
 
voila le resultat apres la manipulation que tu m'a demandé :

ComboFix 10-02-08.01 - RCROQUELOIS 08/02/2010 20:25:40.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.895.233 [GMT 1:00]
Lancé depuis: c:\documents and settings\MBOTIVEAU\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\MBOTIVEAU\Bureau\CFScript.txt
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}

FILE ::
"c:\documents and settings\mbotiveau\application data\nvwrfont50\nvwrfont50.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mbotiveau\application data\nvwrfont50\nvwrfont50.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-08 au 2010-02-08 ))))))))))))))))))))))))))))))))))))
.

2010-02-08 16:53 . 2010-02-08 16:56 -------- d-----w- c:\program files\ZHPDiag
2010-02-08 13:24 . 2010-02-08 13:24 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\Malwarebytes
2010-02-08 13:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 13:24 . 2010-02-08 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-08 13:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 13:24 . 2010-02-08 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 08:39 . 2010-02-08 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-08 08:39 . 2010-02-08 08:39 -------- d-----w- c:\program files\CCleaner
2010-02-08 07:50 . 2010-02-08 07:55 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-02-08 07:23 . 2010-02-08 07:23 -------- d-----w- c:\program files\Trend Micro
2010-02-07 21:57 . 2010-02-08 19:32 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\nvwrfont50
2010-02-07 21:57 . 2010-02-08 12:05 -------- d-----w- c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\localxmlruntime
2010-01-17 20:08 . 2010-01-18 01:56 -------- d-----w- C:\Netgear
2010-01-17 19:40 . 2006-03-10 21:31 44224 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2010-01-12 21:43 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 19:39 . 2007-09-03 16:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-02-08 19:07 . 2010-02-08 19:07 6868368 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip7_52.exe
2010-02-08 19:05 . 2009-11-06 23:12 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\HPAppData
2010-02-08 10:30 . 2009-12-26 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-08 08:39 . 2009-08-07 23:56 -------- d-----w- c:\program files\Yahoo!
2010-02-08 01:16 . 2009-12-26 21:01 -------- d-----w- c:\program files\Spyware Terminator
2010-02-08 01:14 . 2010-02-07 21:58 17408 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
2010-02-08 01:14 . 2010-02-07 21:58 17408 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
2010-02-07 23:45 . 2009-12-26 21:01 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\Spyware Terminator
2010-01-26 17:36 . 2007-09-10 15:46 101544 ----a-w- c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 12:59 . 2007-09-03 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 12:55 . 2007-09-03 16:48 -------- d-----w- c:\program files\Microsoft Works
2010-01-18 02:04 . 2004-08-05 08:00 14336 ------w- c:\windows\system32\svchost.exe
2010-01-17 22:26 . 2007-09-03 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:34 . 2009-01-19 17:18 -------- d-----w- c:\program files\Air France TravelDesk
2010-01-10 13:51 . 2009-03-04 22:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 19:25 . 2010-01-08 19:25 -------- d-----w- c:\program files\Mio Technology
2010-01-05 14:06 . 2007-09-30 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-05 09:56 . 2004-08-05 08:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 22:59 . 2007-09-30 12:03 101544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 16:27 . 2004-08-17 08:20 89314 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-30 16:27 . 2004-08-17 08:20 525456 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-26 21:01 . 2009-12-26 21:01 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-12-26 21:01 . 2009-12-26 21:01 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-12-26 21:01 . 2009-12-26 21:01 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-26 20:32 . 2009-08-07 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 20:31 . 2009-08-07 23:51 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-26 20:31 . 2009-08-07 23:51 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-26 20:30 . 2009-08-07 23:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 00:45 . 2009-11-06 20:29 167740 ----a-w- c:\windows\hpoins30.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-26 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BEWDeactivateSafenet"="c:\program files\CoSine Communications\IPSec Dial Client\vpn -deactivate" [X]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-25 77824]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-05-14 124928]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 66656]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-31 124128]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 98304]
"CamserviceDeluxe2"="c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920]
"AdslTaskBar"="stmctrl.dll" [2006-09-25 151552]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-10-16 102400]
"CardDetector"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-10-18 241664]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" [2007-10-30 102400]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2007-10-24 562608]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-02-10 26112]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\MBOTIVEAU\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-9-10 82026]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-3 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Intellex Event Handler.lnk - c:\program files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2007-2-14 790528]
SoftRemote.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2007-9-10 73780]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Equant\\Dialer\\dialer.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NetworkClient.exe"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NtlxEventhandler.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\MBOTIVEAU\\Application Data\\f4.exe"=
"c:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\CoSine Communications\IPSec Dial Client\vpn.exe"= c:\program files\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [10/09/2007 08:25 136760]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26/12/2009 22:01 142592]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [08/02/2010 08:50 1858144]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 09:00 14336]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 09:00 14336]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [10/09/2007 08:25 536634]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [25/06/2007 02:25 540448]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [10/09/2007 08:25 36188]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [29/01/2009 14:24 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [29/01/2009 14:24 51968]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/09/2006 17:58 36608]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [24/10/2007 01:09 19376]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [10/09/2007 08:24 20352]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [04/03/2009 23:00 16896]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [10/02/2008 17:36 36256]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [22/03/2008 22:58 94720]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;c:\windows\system32\drivers\GtVUsb.sys [10/09/2007 08:23 5120]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [31/03/2004 14:45 169192]
S3 TaurusUsb;Siemens ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [13/08/2008 16:00 684490]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2007-09-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-09-10 14:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Fra/InstFred.ocx
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://86.66.8.205/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://86.66.8.205/MLWebCacheCleaner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 20:36
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1984)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\bin\FRA\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\bin\FRA\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\NetAdmin.dll

- - - - - - - > 'explorer.exe'(4592)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\msdtc.exe
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Equant\Dialer\EACSvrMngr.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\OrangeHSS\systray\systrayapp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2010-02-08 20:48:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-08 19:48
ComboFix2.txt 2010-02-08 12:19

Avant-CF: 70 821 175 296 octets libres
Après-CF: 70 917 787 648 octets libres

- - End Of File - - 0E525F336589A82C95DE955B2F4820C9
0
Réponse 14 / 19
Utilisateur anonyme
 
* aller dans "Démarrer" puis "Panneau de Configuration"
* choisir "Option des Dossiers"
* choisir l'onglet "Affichage"
* Dans "Paramètres avancés"
* Dans "Fichiers et dossiers"
* Dans "Fichiers et dossiers cachés"
* Cocher "Afficher les fichiers et dossiers cachés"
* Ne pas oublier de décocher la case "Masquer les fichiers protégés du système d'exploitation"
* Cliquer sur "Appliquer" puis "Ok".
Ensuite
• Rends toi sur le site https://www.virustotal.com/gui/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide :
c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
c:\windows\hpoins30.dat
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.
Tu fais les deux fichier.a++
0
Réponse 15 / 19
JINGLE62
 
1er fichier :
c:\documents and settings\MBOTIVEAU\Application Data\f4.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.08 -
AhnLab-V3 5.0.0.2 2010.02.08 -
AntiVir 7.9.1.160 2010.02.08 -
Antiy-AVL 2.0.3.7 2010.02.08 -
Authentium 5.2.0.5 2010.02.08 -
Avast 4.8.1351.0 2010.02.08 Win32:MalOb-AJ
AVG 9.0.0.730 2010.02.08 SHeur2.CKFX
BitDefender 7.2 2010.02.08 -
CAT-QuickHeal 10.00 2010.02.08 (Suspicious) - DNAScan
ClamAV 0.96.0.0-git 2010.02.08 -
Comodo 3865 2010.02.08 -
DrWeb 5.0.1.12222 2010.02.08 -
eSafe 7.0.17.0 2010.02.07 -
eTrust-Vet 35.2.7290 2010.02.08 -
F-Prot 4.5.1.85 2010.02.08 -
F-Secure 9.0.15370.0 2010.02.08 -
Fortinet 4.0.14.0 2010.02.08 -
GData 19 2010.02.08 Win32:MalOb-AJ
Ikarus T3.1.1.80.0 2010.02.08 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.969 2010.02.08 -
Kaspersky 7.0.0.125 2010.02.08 -
McAfee 5886 2010.02.08 -
McAfee+Artemis 5886 2010.02.08 Artemis!67042991B3CB
McAfee-GW-Edition 6.8.5 2010.02.08 -
Microsoft 1.5406 2010.02.08 -
NOD32 4849 2010.02.08 a variant of Win32/Kryptik.CGL
Norman 6.04.03 2010.02.08 -
nProtect 2009.1.8.0 2010.02.08 -
Panda 10.0.2.2 2010.02.07 -
PCTools 7.0.3.5 2010.02.08 -
Prevx 3.0 2010.02.08 Medium Risk Malware
Rising 22.34.00.04 2010.02.08 Packer.Win32.Agent.bk
Sophos 4.50.0 2010.02.08 Mal/EncPk-NP
Sunbelt 3.2.1858.2 2010.02.08 VirTool.Win32.Obfuscator.hg!a (v)
TheHacker 6.5.1.1.183 2010.02.08 -
TrendMicro 9.120.0.1004 2010.02.08 TROJ_FAKEAL.SMDO
VBA32 3.12.12.1 2010.02.08 -
ViRobot 2010.2.8.2176 2010.02.08 -
VirusBuster 5.0.21.0 2010.02.08 -
Information additionnelle
File size: 17408 bytes
MD5...: 67042991b3cbb6f25d1aac82ddcc7b72
SHA1..: ad716d4583f169fd11b1aaed84fe9febf08fc72c
SHA256: 78be4e33b107d2a11fa3b4277c47e6657b23bdc36809131d9829180600af0985
ssdeep: 384:oEWOP97bivA+F9CckjIA5nkZ9ULC8Zxc3FijS+MJg9:o/3F9sqZwZxgGSFU

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2982
timedatestamp.....: 0x42160841 (Fri Feb 18 15:22:41 2005)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b05 0x1c00 6.25 04c972f9f60704cd9e2f532c8a875a34
.rdata 0x3000 0x5535 0x1a00 6.16 53790da007935d2ab0c5bcb09a804ed2
.idata 0x9000 0x429 0x600 0.00 53e979547d8c2ea86560ac45de08ae25
.data 0xa000 0x1d52 0x200 0.86 9a4a7a74c9e22b45d75cac1027e7c078
.rsrc 0xc000 0x1b2 0x200 4.45 278d8337aa35c32463e4edd03dc1ab9e

( 8 imports )
> KERNEL32.DLL: GetModuleFileNameA, GetCommandLineA, RaiseException, lstrcmpW, ReadFile, GetConsoleOutputCP, GetCurrentThread, InitializeCriticalSection, CloseHandle, HeapAlloc, GetFileAttributesA, Sleep, WaitForSingleObject, VirtualFree, SetStdHandle, LoadLibraryA, LCMapStringA, ExitProcess, GetProcessHeap, LoadLibraryExW, FreeResource, GetModuleHandleA, ResetEvent, GetLastError, FindFirstFileW, GetStringTypeW, QueryPerformanceCounter, GetFileType, GetACP, TerminateProcess, GetStdHandle, FindResourceW, GetSystemInfo, GetCurrentThreadId, ReleaseSemaphore, lstrcmpiW, SetEndOfFile, GetCurrentProcessId, GetProcAddress, GetTickCount, GetFileAttributesW, GetVersion, GetFileSize, MoveFileA, GetVolumeInformationW, FreeLibrary, lstrlenW, SetUnhandledExceptionFilter, GetThreadLocale, CreateMutexW, GetStartupInfoA, GlobalLock, SetFilePointer, LoadResource, GetCurrentProcess, GetLocaleInfoA, HeapSize, GetSystemDirectoryA, VirtualQuery, EnterCriticalSection, HeapDestroy, GetOEMCP, FindResourceA, ReleaseMutex, FileTimeToLocalFileTime, GlobalDeleteAtom, RtlUnwind, HeapReAlloc, CreateFileA, WideCharToMultiByte, GetDriveTypeW, FreeEnvironmentStringsA, GetSystemTimeAsFileTime, CreateThread, InterlockedExchange, HeapFree, SetConsoleCP, GetCPInfo, CreateFileMappingW, VirtualProtect, CreateEventW, OutputDebugStringA, SetLastError, SizeofResource, LeaveCriticalSection, GlobalFree, TlsAlloc, GetTempPathA, TlsFree, GetVersionExA, GetWindowsDirectoryW
> USER32.DLL: GetMenuItemCount, FindWindowA, GetFocus, RegisterClassExW, PeekMessageW, IsWindowEnabled, MoveWindow, GetDlgItem, GetWindowDC, GetDC, KillTimer, SystemParametersInfoW, GetMessageTime, ReleaseDC, RegisterWindowMessageW, SetCursor, IsWindow, CharUpperW, GetWindowTextW, LoadImageW, RedrawWindow, DrawTextA, LoadCursorA, GetScrollInfo, InvalidateRect, PeekMessageA, MessageBoxA, ClientToScreen, GetActiveWindow, DispatchMessageW, GetWindowLongA, PostMessageW, ReleaseCapture, CreateWindowExW, LoadStringA, CharNextW, GetSystemMetrics, SetForegroundWindow, SetWindowLongW, DialogBoxParamW
> GDI32.DLL: CreateCompatibleBitmap, SetViewportOrgEx, GetDeviceCaps, Escape, SetBkColor, SetWindowOrgEx, CreateSolidBrush, SetBkMode
> ADVAPI32.DLL: RegOpenKeyExA, RegDeleteValueW, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegOpenKeyExW, RegDeleteKeyW, RegCreateKeyExW, RegQueryInfoKeyA, RegQueryValueExW
> MSVCRT.DLL: _XcptFilter, wcsrchr, _onexit, __dllonexit, malloc, exit, __getmainargs, memcpy
> OLE32.DLL: CoTaskMemAlloc, CLSIDFromProgID, GetDocumentBitStg
> LZ32.DLL: LZOpenFileW, LZSeek, LZInit, LZStart
> VERSION.DLL: VerQueryValueA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=987CA8D600C1DC0544C500E62FBBE200AA185040' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=987CA8D600C1DC0544C500E62FBBE200AA185040</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

2eme fichier : c:\windows\hpoins30.dat

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.08 -
AhnLab-V3 5.0.0.2 2010.02.08 -
AntiVir 7.9.1.160 2010.02.08 -
Antiy-AVL 2.0.3.7 2010.02.08 -
Authentium 5.2.0.5 2010.02.08 -
Avast 4.8.1351.0 2010.02.08 -
AVG 9.0.0.730 2010.02.08 -
BitDefender 7.2 2010.02.08 -
CAT-QuickHeal 10.00 2010.02.08 -
ClamAV 0.96.0.0-git 2010.02.08 -
Comodo 3865 2010.02.08 -
DrWeb 5.0.1.12222 2010.02.08 -
eSafe 7.0.17.0 2010.02.07 -
eTrust-Vet 35.2.7290 2010.02.08 -
F-Prot 4.5.1.85 2010.02.08 -
F-Secure 9.0.15370.0 2010.02.08 -
Fortinet 4.0.14.0 2010.02.08 -
GData 19 2010.02.08 -
Ikarus T3.1.1.80.0 2010.02.08 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.969 2010.02.08 -
Kaspersky 7.0.0.125 2010.02.08 -
McAfee 5886 2010.02.08 -
McAfee+Artemis 5886 2010.02.08 -
McAfee-GW-Edition 6.8.5 2010.02.08 -
Microsoft 1.5406 2010.02.08 -
NOD32 4849 2010.02.08 -
Norman 6.04.03 2010.02.08 -
nProtect 2009.1.8.0 2010.02.08 -
Panda 10.0.2.2 2010.02.07 -
PCTools 7.0.3.5 2010.02.08 -
Prevx 3.0 2010.02.08 -
Rising 22.34.00.04 2010.02.08 -
Sophos 4.50.0 2010.02.08 -
Sunbelt 3.2.1858.2 2010.02.08 -
TheHacker 6.5.1.1.183 2010.02.08 -
TrendMicro 9.120.0.1004 2010.02.08 -
VBA32 3.12.12.1 2010.02.08 -
ViRobot 2010.2.8.2176 2010.02.08 -
VirusBuster 5.0.21.0 2010.02.08 -
Information additionnelle
File size: 167740 bytes
MD5...: d9bcc2c13e22aef13c53c196ae5db672
SHA1..: 7103464c3e3602f43a07ea694624c69db287214a
SHA256: 40b2f6e3272101114602181da1aec7437fc85cb982837888742b1e5ffc5afd9c
ssdeep: 3072:aCupyVDnFjMEBMdHVacYbn+dJ03O4xO7Hwlki+pioi6TryxHzY:axVacYbn
+OFlkJpdTPQs

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

voila merci beaucoup de ton aide
0
Réponse 16 / 19
Utilisateur anonyme
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour jingle62, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier JINGLE62.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau et pas ailleurs.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

0
Réponse 17 / 19
JINGLE62
 
voila le resultat :

ComboFix 10-02-08.01 - RCROQUELOIS 08/02/2010 23:12:59.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.895.248 [GMT 1:00]
Lancé depuis: c:\documents and settings\MBOTIVEAU\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\MBOTIVEAU\Bureau\CFScript.txt
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}

FILE ::
"c:\documents and settings\mbotiveau\application data\nvwrfont50\nvwrfont50.exe"
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-08 au 2010-02-08 ))))))))))))))))))))))))))))))))))))
.

2010-02-08 16:53 . 2010-02-08 16:56 -------- d-----w- c:\program files\ZHPDiag
2010-02-08 13:24 . 2010-02-08 13:24 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\Malwarebytes
2010-02-08 13:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 13:24 . 2010-02-08 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-08 13:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 13:24 . 2010-02-08 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 08:39 . 2010-02-08 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-08 08:39 . 2010-02-08 08:39 -------- d-----w- c:\program files\CCleaner
2010-02-08 07:50 . 2010-02-08 07:55 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-02-08 07:23 . 2010-02-08 07:23 -------- d-----w- c:\program files\Trend Micro
2010-02-07 21:57 . 2010-02-08 19:32 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\nvwrfont50
2010-02-07 21:57 . 2010-02-08 12:05 -------- d-----w- c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\localxmlruntime
2010-01-17 20:08 . 2010-01-18 01:56 -------- d-----w- C:\Netgear
2010-01-17 19:40 . 2006-03-10 21:31 44224 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2010-01-12 21:43 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 22:30 . 2007-09-03 16:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-02-08 20:17 . 2009-11-06 23:12 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\HPAppData
2010-02-08 19:07 . 2010-02-08 19:07 6868368 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip7_52.exe
2010-02-08 10:30 . 2009-12-26 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-08 08:39 . 2009-08-07 23:56 -------- d-----w- c:\program files\Yahoo!
2010-02-08 01:16 . 2009-12-26 21:01 -------- d-----w- c:\program files\Spyware Terminator
2010-02-08 01:14 . 2010-02-07 21:58 17408 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
2010-02-08 01:14 . 2010-02-07 21:58 17408 ----a-w- c:\documents and settings\MBOTIVEAU\Application Data\f4.exe
2010-02-07 23:45 . 2009-12-26 21:01 -------- d-----w- c:\documents and settings\MBOTIVEAU\Application Data\Spyware Terminator
2010-01-26 17:36 . 2007-09-10 15:46 101544 ----a-w- c:\documents and settings\MBOTIVEAU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 12:59 . 2007-09-03 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 12:55 . 2007-09-03 16:48 -------- d-----w- c:\program files\Microsoft Works
2010-01-18 02:04 . 2004-08-05 08:00 14336 ------w- c:\windows\system32\svchost.exe
2010-01-17 22:26 . 2007-09-03 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:34 . 2009-01-19 17:18 -------- d-----w- c:\program files\Air France TravelDesk
2010-01-10 13:51 . 2009-03-04 22:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 19:25 . 2010-01-08 19:25 -------- d-----w- c:\program files\Mio Technology
2010-01-05 14:06 . 2007-09-30 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-05 09:56 . 2004-08-05 08:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2004-08-05 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2004-08-05 08:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 22:59 . 2007-09-30 12:03 101544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 16:27 . 2004-08-17 08:20 89314 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-30 16:27 . 2004-08-17 08:20 525456 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-26 21:01 . 2009-12-26 21:01 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-12-26 21:01 . 2009-12-26 21:01 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-12-26 21:01 . 2009-12-26 21:01 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-26 20:32 . 2009-08-07 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 20:31 . 2009-08-07 23:51 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-26 20:31 . 2009-08-07 23:51 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-26 20:30 . 2009-08-07 23:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 15:58 . 2004-08-05 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 00:45 . 2009-11-06 20:29 167740 ----a-w- c:\windows\hpoins30.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-26 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BEWDeactivateSafenet"="c:\program files\CoSine Communications\IPSec Dial Client\vpn -deactivate" [X]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-25 77824]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-05-14 124928]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 66656]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-31 124128]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 98304]
"CamserviceDeluxe2"="c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920]
"AdslTaskBar"="stmctrl.dll" [2006-09-25 151552]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-10-16 102400]
"CardDetector"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-10-18 241664]
"BEWINTERNET-FR-DMESessionManager"="c:\program files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe" [2007-10-30 102400]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2007-10-24 562608]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-02-10 26112]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\MBOTIVEAU\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-9-10 82026]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-9-3 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Intellex Event Handler.lnk - c:\program files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2007-2-14 790528]
SoftRemote.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2007-9-10 73780]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Equant\\Dialer\\dialer.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NetworkClient.exe"=
"c:\\Program Files\\Sensormatic\\NetworkClient\\Bin\\NtlxEventhandler.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\MBOTIVEAU\\Application Data\\f4.exe"=
"c:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\CoSine Communications\IPSec Dial Client\vpn.exe"= c:\program files\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [10/09/2007 08:25 136760]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26/12/2009 22:01 142592]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [08/02/2010 08:50 1858144]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 09:00 14336]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 09:00 14336]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [10/09/2007 08:25 536634]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [25/06/2007 02:25 540448]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [10/09/2007 08:25 36188]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [29/01/2009 14:24 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [29/01/2009 14:24 51968]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/09/2006 17:58 36608]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [24/10/2007 01:09 19376]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [10/09/2007 08:24 20352]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [04/03/2009 23:00 16896]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [10/02/2008 17:36 36256]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [22/03/2008 22:58 94720]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;c:\windows\system32\drivers\GtVUsb.sys [10/09/2007 08:23 5120]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [31/03/2004 14:45 169192]
S3 TaurusUsb;Siemens ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [13/08/2008 16:00 684490]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2007-09-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-09-10 14:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Program%20Files/AutoCAD%20LT%202000i%20Fra/InstFred.ocx
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://86.66.8.205/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://86.66.8.205/MLWebCacheCleaner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 23:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1988)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\bin\FRA\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\bin\FRA\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\program files\Hewlett-Packard\IAM\bin\FRA\NetAdmin.dll

- - - - - - - > 'explorer.exe'(4156)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\msdtc.exe
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Equant\Dialer\EACSvrMngr.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\OrangeHSS\systray\systrayapp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2010-02-08 23:35:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-08 22:35
ComboFix2.txt 2010-02-08 19:48
ComboFix3.txt 2010-02-08 12:19

Avant-CF: 70 904 803 328 octets libres
Après-CF: 70 893 744 128 octets libres

- - End Of File - - 8FD16749AF8D149CDB7FCBA16CFBE8E6
0
Réponse 18 / 19
Utilisateur anonyme
 
Tu as fait le script du post 13 deux fois.Maintenant tu dois faire le script du post 17.(Ce n'est pas le même.)a++
0
Réponse 19 / 19
JINGLE62
 
bonsoir,

je vais réessayer la manipulation mais j'avais bien utiliser JINGLE62 pour cette derniere manipulation et non pas jingle62.

je ne pourais faire de nouveau la manipulation que vendredi soir désolé de l'attente.

bonne semaine

cdt
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses