Supprimer cheval de troie, logfile inséré
Lisa
-
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
L'ordinateur de ma responsable rame de facon incroyable, je suspecte donc de nombreux virus/chevaux de troie (entre autre pctsvc.exe) de s'etre installes.
J'ai téléchargé Hijackthis et fais un scan et logfile, mais comme je ne m'y connait pas plus que ca, j'aurais besoin de votre aide pour supprimer les bons processus.
Voici le logfile, merci par avance pour vos conseils:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:29, on 19/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Firebird\bin\fbguard.exe
C:\PROGRA~1\Firebird\bin\fbserver.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SSC\NSCTOP.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\CegidPMI\serveurgti.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\SAV\vptray.exe
C:\WINDOWS\system32\ScCertPropUI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\TEMP\2f8fd519.tmp
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\gestion\Bureau\anti cheval de troie.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=System, System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [ScCertPropUI] C:\WINDOWS\system32\ScCertPropUI.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [syncman] c:\documents and settings\gestion\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberstar.dom
O17 - HKLM\Software\..\Telephony: DomainName = cyberstar.dom
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC01F2-2091-4D45-8741-614DCF9C5033}: NameServer = 192.168.0.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberstar.dom
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Firebird Guardian - FirebirdSQL Project - C:\PROGRA~1\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - FirebirdSQL Project - C:\PROGRA~1\Firebird\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Serveur GTI (ServeurGTI) - GTI - C:\PROGRA~1\CegidPMI\serveurgti.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
L'ordinateur de ma responsable rame de facon incroyable, je suspecte donc de nombreux virus/chevaux de troie (entre autre pctsvc.exe) de s'etre installes.
J'ai téléchargé Hijackthis et fais un scan et logfile, mais comme je ne m'y connait pas plus que ca, j'aurais besoin de votre aide pour supprimer les bons processus.
Voici le logfile, merci par avance pour vos conseils:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:29, on 19/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Firebird\bin\fbguard.exe
C:\PROGRA~1\Firebird\bin\fbserver.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SSC\NSCTOP.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\CegidPMI\serveurgti.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\SAV\vptray.exe
C:\WINDOWS\system32\ScCertPropUI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\TEMP\2f8fd519.tmp
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\gestion\Bureau\anti cheval de troie.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=System, System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [ScCertPropUI] C:\WINDOWS\system32\ScCertPropUI.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [syncman] c:\documents and settings\gestion\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cyberstar.dom
O17 - HKLM\Software\..\Telephony: DomainName = cyberstar.dom
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC01F2-2091-4D45-8741-614DCF9C5033}: NameServer = 192.168.0.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cyberstar.dom
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Firebird Guardian - FirebirdSQL Project - C:\PROGRA~1\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - FirebirdSQL Project - C:\PROGRA~1\Firebird\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Serveur GTI (ServeurGTI) - GTI - C:\PROGRA~1\CegidPMI\serveurgti.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
A voir également:
- Supprimer cheval de troie, logfile inséré
- Supprimer rond bleu whatsapp - Guide
- Impossible de supprimer une page word - Guide
- Impossible de supprimer un fichier - Guide
- Supprimer pub youtube - Accueil - Streaming
- Supprimer application windows 10 - Guide
12 réponses
Salut,
Mouaip, Si c'est des vers réseaux, ça va être galère :\
Désinstalle Spyware Doctor, il sert à rien.
Installe Malwarebyte : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Fais un scan avec et poste le rapport ici.
T'as un tuto d'aide ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
~~
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Madness Rox \o/
Mouaip, Si c'est des vers réseaux, ça va être galère :\
Désinstalle Spyware Doctor, il sert à rien.
Installe Malwarebyte : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Fais un scan avec et poste le rapport ici.
T'as un tuto d'aide ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
~~
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Madness Rox \o/
Tout d'abord merci de répondre aussi rapidement.
Le rapport de malwarebyte :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4116
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19/05/2010 15:30:38
mbam-log-2010-05-19 (15-30-38).txt
Type d'examen: Examen complet (A:\|C:\|D:\|G:\|H:\|)
Elément(s) analysé(s): 242871
Temps écoulé: 1 heure(s), 18 minute(s), 21 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\WINDOWS\Temp\2c2309ba.tmp (Trojan.Downloader) -> No action taken.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\vma.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Temp\2c2309ba.tmp (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Winsudate\gibcom.dll.vir (Adware.Gibmedia) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Winsudate\gibidl.dll.vir (Adware.Gibmedia) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Winsudate\gibupt.exe.vir (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055827.dll (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055870.dll (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055871.dll (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055872.exe (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047763.exe (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047765.dll (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047772.dll (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047792.exe (Rogue.Eorezo) -> No action taken.
C:\Documents and Settings\gestion\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> No action taken.
C:\Documents and Settings\gestion\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken.
Le rapport de malwarebyte :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4116
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19/05/2010 15:30:38
mbam-log-2010-05-19 (15-30-38).txt
Type d'examen: Examen complet (A:\|C:\|D:\|G:\|H:\|)
Elément(s) analysé(s): 242871
Temps écoulé: 1 heure(s), 18 minute(s), 21 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\WINDOWS\Temp\2c2309ba.tmp (Trojan.Downloader) -> No action taken.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\vma.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Temp\2c2309ba.tmp (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Winsudate\gibcom.dll.vir (Adware.Gibmedia) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Winsudate\gibidl.dll.vir (Adware.Gibmedia) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Winsudate\gibupt.exe.vir (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055827.dll (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055870.dll (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055871.dll (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP424\A0055872.exe (Adware.Gibmedia) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047763.exe (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047765.dll (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047772.dll (Rogue.Eorezo) -> No action taken.
C:\System Volume Information\_restore{D44870F8-BB07-46F8-A47D-4CAF911022A6}\RP370\A0047792.exe (Rogue.Eorezo) -> No action taken.
C:\Documents and Settings\gestion\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> No action taken.
C:\Documents and Settings\gestion\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Log Combofix
ComboFix 10-05-17.05 - Gestion 19/05/2010 16:22:26.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.398 [GMT 2:00]
Lancé depuis: c:\documents and settings\gestion\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-19 au 2010-05-19 ))))))))))))))))))))))))))))))))))))
.
2010-05-19 11:55 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-19 11:55 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-19 11:30 . 2010-05-19 11:30 -------- d-----w- c:\documents and settings\gestion\Application Data\Malwarebytes
2010-05-19 11:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 11:29 . 2010-05-19 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-19 11:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 11:29 . 2010-05-19 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 08:05 . 2010-05-18 08:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-05-10 09:24 . 2010-05-10 09:24 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Identities
2010-05-10 09:24 . 2010-05-10 09:24 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2010-05-10 09:23 . 2010-05-10 09:23 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-05-07 14:19 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-03 05:30 . 2010-05-03 05:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-26 13:30 . 2010-04-26 13:30 -------- d-----w- c:\documents and settings\gestion\Local Settings\Application Data\Threat Expert
2010-04-26 12:29 . 2010-05-19 11:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-26 08:46 . 2010-05-01 22:01 -------- d-----w- c:\documents and settings\Administration\Local Settings\Application Data\atmclbCMP
2010-04-26 08:37 . 2010-04-26 08:37 -------- d-sh--w- c:\documents and settings\Administration\PrivacIE
2010-04-26 08:37 . 2010-04-26 09:23 -------- d-----w- c:\documents and settings\Administration\Local Settings\Application Data\Google
2010-04-26 08:34 . 2010-04-26 08:34 503808 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60509ff5-n\msvcp71.dll
2010-04-26 08:34 . 2010-04-26 08:34 499712 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60509ff5-n\jmc.dll
2010-04-26 08:34 . 2010-04-26 08:34 348160 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60509ff5-n\msvcr71.dll
2010-04-26 08:34 . 2010-04-26 08:34 61440 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a0bbd8b-n\decora-sse.dll
2010-04-26 08:34 . 2010-04-26 08:34 12800 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a0bbd8b-n\decora-d3d.dll
2010-04-26 08:29 . 2010-04-26 08:29 -------- d-----w- c:\documents and settings\Administration\Local Settings\Application Data\Identities
2010-04-26 08:29 . 2010-04-26 08:29 -------- d-----w- c:\documents and settings\Administration\Application Data\Windows Desktop Search
2010-04-26 08:19 . 2010-04-30 08:03 -------- d-----w- c:\documents and settings\gestion\Local Settings\Application Data\atmclbCMP
2010-04-26 07:22 . 2010-04-26 07:22 -------- d-----w- c:\documents and settings\gestion\Local Settings\Application Data\avG
2010-04-26 07:22 . 2010-04-26 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-26 07:21 . 2010-04-26 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-26 07:21 . 2010-04-26 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-04-26 07:21 . 2010-04-26 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-22 06:34 . 2010-04-22 06:34 -------- d-----w- c:\documents and settings\gestion\PageOver
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 12:39 . 2008-09-08 13:43 -------- d-----w- c:\program files\Maestria
2010-05-18 08:08 . 2008-10-23 11:59 -------- d-----w- c:\program files\SAV
2010-05-18 07:29 . 2008-08-26 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-17 12:40 . 2008-09-08 10:48 -------- d-----w- c:\program files\CegidPMI
2010-05-07 14:19 . 2008-05-22 16:17 -------- d-----w- c:\program files\Java
2010-05-06 12:32 . 2008-10-21 13:02 -------- d-----w- c:\program files\SagePaie
2010-04-26 08:46 . 2010-04-26 08:28 69648 ----a-w- c:\documents and settings\Administration\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-26 07:13 . 2010-04-26 07:13 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\kcmdte.dat
2010-04-26 07:11 . 2008-05-22 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2010-04-23 13:36 . 2010-01-15 10:53 -------- d-----w- c:\program files\UPS Widget
2010-04-23 13:35 . 2008-05-22 16:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 06:22 . 2006-01-26 20:35 94286 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-21 06:22 . 2006-01-26 20:35 535584 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-20 08:51 . 2010-04-20 08:51 12 ----a-w- c:\documents and settings\LocalService\Application Data\kcmdte.dat
2010-04-08 07:34 . 2008-05-22 16:17 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-08 07:33 . 2010-04-08 07:33 503808 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e56e1a9-n\msvcp71.dll
2010-04-08 07:33 . 2010-04-08 07:33 499712 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e56e1a9-n\jmc.dll
2010-04-08 07:33 . 2010-04-08 07:33 348160 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e56e1a9-n\msvcr71.dll
2010-04-08 07:33 . 2010-04-08 07:33 61440 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad1a8c3-n\decora-sse.dll
2010-04-08 07:33 . 2010-04-08 07:33 12800 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad1a8c3-n\decora-d3d.dll
2010-04-07 07:21 . 2010-04-02 07:56 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-02 08:50 . 2010-04-02 08:50 -------- d-----w- c:\documents and settings\gestion\Application Data\Windows Search
2010-04-02 08:01 . 2010-04-02 08:01 -------- d-----w- c:\documents and settings\gestion\Application Data\Windows Desktop Search
2010-03-30 12:50 . 2008-05-22 16:16 -------- d-----w- c:\program files\Lenovo
2010-03-30 12:50 . 2008-05-22 16:16 -------- d-----w- c:\program files\Fichiers communs\Lenovo
2010-03-17 07:16 . 2010-03-17 07:16 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.131\itstv.exe
2010-03-16 13:39 . 2010-03-16 13:39 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.130\itstv.exe
2010-03-15 07:44 . 2010-03-15 07:44 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.129\itstv.exe
2010-03-12 09:45 . 2010-03-12 09:45 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.126\itstv.exe
2010-03-11 12:52 . 2009-04-17 15:04 727 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll
2010-03-11 07:35 . 2010-03-11 07:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.125\itstv.exe
2010-03-10 07:51 . 2010-03-10 07:51 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.124\itstv.exe
2010-03-10 06:16 . 2006-01-26 20:35 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 07:35 . 2010-03-09 07:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.123\itstv.exe
2010-03-08 07:24 . 2010-03-08 07:24 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.122\itstv.exe
2010-03-04 09:37 . 2010-03-04 09:37 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.120\itstv.exe
2010-03-01 07:49 . 2010-03-01 07:49 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.118\itstv.exe
2010-02-26 22:40 . 2010-03-02 08:34 634616 ----a-w- c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-02-26 22:40 . 2010-03-02 08:34 799440 ----a-w- c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-25 06:17 . 2006-01-26 20:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-01-26 20:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 09:35 . 2010-02-24 09:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.113\itstv.exe
2010-02-23 09:41 . 2010-02-23 09:41 152576 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-23 09:41 . 2009-11-23 07:55 79488 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-23 08:35 . 2010-02-23 08:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.112\itstv.exe
2010-02-22 07:23 . 2010-02-22 07:23 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.111\itstv.exe
2010-02-19 07:52 . 2010-02-19 07:52 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.108\itstv.exe
2007-08-13 21:46 . 2008-05-22 16:17 10896 ----a-w- c:\program files\ThinkVantage Fingerprint Software
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-21 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-12-09 120096]
"TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"vptray"="c:\progra~1\SAV\vptray.exe" [2002-09-02 77824]
"ScCertPropUI"="c:\windows\system32\ScCertPropUI.exe" [2004-04-13 20480]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R2 ServeurGTI;Serveur GTI;c:\progra~1\CegidPMI\serveurgti.exe [08/09/2008 12:49 307200]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/07/2007 20:38 569344]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [19/12/2003 14:54 11264]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [19/12/2003 14:54 10368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 15:59 30336]
R3 VegAlpha;VegAlpha;c:\windows\system32\drivers\VegAlpha.sys [30/01/2009 15:33 88576]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2010 11:47 135664]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [19/12/2003 14:54 13312]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - kuxki
.
Contenu du dossier 'Tâches planifiées'
2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 09:47]
2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 09:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: gouv.fr\impots
Trusted Zone: gouv.fr\tva.dgi.minefi
TCP: {CAFC01F2-2091-4D45-8741-614DCF9C5033} = 192.168.0.200
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} - hxxps://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
FF - ProfilePath - c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st
FF - component: c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 16:36
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kuxki]
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1228)
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(2320)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
.
Heure de fin: 2010-05-19 16:43:24
ComboFix-quarantined-files.txt 2010-05-19 14:43
ComboFix2.txt 2010-05-19 12:10
Avant-CF: 128 639 078 400 octets libres
Après-CF: 128 594 821 120 octets libres
- - End Of File - - 04BFE7B1F36192D18ECCC6BDD8FEEB47
Merci
ComboFix 10-05-17.05 - Gestion 19/05/2010 16:22:26.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.398 [GMT 2:00]
Lancé depuis: c:\documents and settings\gestion\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-19 au 2010-05-19 ))))))))))))))))))))))))))))))))))))
.
2010-05-19 11:55 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-19 11:55 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-19 11:30 . 2010-05-19 11:30 -------- d-----w- c:\documents and settings\gestion\Application Data\Malwarebytes
2010-05-19 11:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 11:29 . 2010-05-19 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-19 11:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 11:29 . 2010-05-19 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 08:05 . 2010-05-18 08:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-05-10 09:24 . 2010-05-10 09:24 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Identities
2010-05-10 09:24 . 2010-05-10 09:24 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2010-05-10 09:23 . 2010-05-10 09:23 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-05-07 14:19 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-03 05:30 . 2010-05-03 05:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-26 13:30 . 2010-04-26 13:30 -------- d-----w- c:\documents and settings\gestion\Local Settings\Application Data\Threat Expert
2010-04-26 12:29 . 2010-05-19 11:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-26 08:46 . 2010-05-01 22:01 -------- d-----w- c:\documents and settings\Administration\Local Settings\Application Data\atmclbCMP
2010-04-26 08:37 . 2010-04-26 08:37 -------- d-sh--w- c:\documents and settings\Administration\PrivacIE
2010-04-26 08:37 . 2010-04-26 09:23 -------- d-----w- c:\documents and settings\Administration\Local Settings\Application Data\Google
2010-04-26 08:34 . 2010-04-26 08:34 503808 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60509ff5-n\msvcp71.dll
2010-04-26 08:34 . 2010-04-26 08:34 499712 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60509ff5-n\jmc.dll
2010-04-26 08:34 . 2010-04-26 08:34 348160 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60509ff5-n\msvcr71.dll
2010-04-26 08:34 . 2010-04-26 08:34 61440 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a0bbd8b-n\decora-sse.dll
2010-04-26 08:34 . 2010-04-26 08:34 12800 ----a-w- c:\documents and settings\Administration\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a0bbd8b-n\decora-d3d.dll
2010-04-26 08:29 . 2010-04-26 08:29 -------- d-----w- c:\documents and settings\Administration\Local Settings\Application Data\Identities
2010-04-26 08:29 . 2010-04-26 08:29 -------- d-----w- c:\documents and settings\Administration\Application Data\Windows Desktop Search
2010-04-26 08:19 . 2010-04-30 08:03 -------- d-----w- c:\documents and settings\gestion\Local Settings\Application Data\atmclbCMP
2010-04-26 07:22 . 2010-04-26 07:22 -------- d-----w- c:\documents and settings\gestion\Local Settings\Application Data\avG
2010-04-26 07:22 . 2010-04-26 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-26 07:21 . 2010-04-26 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-04-26 07:21 . 2010-04-26 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-04-26 07:21 . 2010-04-26 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-22 06:34 . 2010-04-22 06:34 -------- d-----w- c:\documents and settings\gestion\PageOver
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 12:39 . 2008-09-08 13:43 -------- d-----w- c:\program files\Maestria
2010-05-18 08:08 . 2008-10-23 11:59 -------- d-----w- c:\program files\SAV
2010-05-18 07:29 . 2008-08-26 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-17 12:40 . 2008-09-08 10:48 -------- d-----w- c:\program files\CegidPMI
2010-05-07 14:19 . 2008-05-22 16:17 -------- d-----w- c:\program files\Java
2010-05-06 12:32 . 2008-10-21 13:02 -------- d-----w- c:\program files\SagePaie
2010-04-26 08:46 . 2010-04-26 08:28 69648 ----a-w- c:\documents and settings\Administration\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-26 07:13 . 2010-04-26 07:13 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\kcmdte.dat
2010-04-26 07:11 . 2008-05-22 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2010-04-23 13:36 . 2010-01-15 10:53 -------- d-----w- c:\program files\UPS Widget
2010-04-23 13:35 . 2008-05-22 16:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 06:22 . 2006-01-26 20:35 94286 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-21 06:22 . 2006-01-26 20:35 535584 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-20 08:51 . 2010-04-20 08:51 12 ----a-w- c:\documents and settings\LocalService\Application Data\kcmdte.dat
2010-04-08 07:34 . 2008-05-22 16:17 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-08 07:33 . 2010-04-08 07:33 503808 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e56e1a9-n\msvcp71.dll
2010-04-08 07:33 . 2010-04-08 07:33 499712 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e56e1a9-n\jmc.dll
2010-04-08 07:33 . 2010-04-08 07:33 348160 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e56e1a9-n\msvcr71.dll
2010-04-08 07:33 . 2010-04-08 07:33 61440 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad1a8c3-n\decora-sse.dll
2010-04-08 07:33 . 2010-04-08 07:33 12800 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad1a8c3-n\decora-d3d.dll
2010-04-07 07:21 . 2010-04-02 07:56 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-02 08:50 . 2010-04-02 08:50 -------- d-----w- c:\documents and settings\gestion\Application Data\Windows Search
2010-04-02 08:01 . 2010-04-02 08:01 -------- d-----w- c:\documents and settings\gestion\Application Data\Windows Desktop Search
2010-03-30 12:50 . 2008-05-22 16:16 -------- d-----w- c:\program files\Lenovo
2010-03-30 12:50 . 2008-05-22 16:16 -------- d-----w- c:\program files\Fichiers communs\Lenovo
2010-03-17 07:16 . 2010-03-17 07:16 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.131\itstv.exe
2010-03-16 13:39 . 2010-03-16 13:39 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.130\itstv.exe
2010-03-15 07:44 . 2010-03-15 07:44 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.129\itstv.exe
2010-03-12 09:45 . 2010-03-12 09:45 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.126\itstv.exe
2010-03-11 12:52 . 2009-04-17 15:04 727 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll
2010-03-11 07:35 . 2010-03-11 07:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.125\itstv.exe
2010-03-10 07:51 . 2010-03-10 07:51 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.124\itstv.exe
2010-03-10 06:16 . 2006-01-26 20:35 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 07:35 . 2010-03-09 07:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.123\itstv.exe
2010-03-08 07:24 . 2010-03-08 07:24 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.122\itstv.exe
2010-03-04 09:37 . 2010-03-04 09:37 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.120\itstv.exe
2010-03-01 07:49 . 2010-03-01 07:49 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.118\itstv.exe
2010-02-26 22:40 . 2010-03-02 08:34 634616 ----a-w- c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-02-26 22:40 . 2010-03-02 08:34 799440 ----a-w- c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-25 06:17 . 2006-01-26 20:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-01-26 20:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 09:35 . 2010-02-24 09:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.113\itstv.exe
2010-02-23 09:41 . 2010-02-23 09:41 152576 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-23 09:41 . 2009-11-23 07:55 79488 ----a-w- c:\documents and settings\gestion\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-23 08:35 . 2010-02-23 08:35 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.112\itstv.exe
2010-02-22 07:23 . 2010-02-22 07:23 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.111\itstv.exe
2010-02-19 07:52 . 2010-02-19 07:52 20480 ----a-w- c:\documents and settings\gestion\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.108\itstv.exe
2007-08-13 21:46 . 2008-05-22 16:17 10896 ----a-w- c:\program files\ThinkVantage Fingerprint Software
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-21 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-12-09 120096]
"TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"vptray"="c:\progra~1\SAV\vptray.exe" [2002-09-02 77824]
"ScCertPropUI"="c:\windows\system32\ScCertPropUI.exe" [2004-04-13 20480]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R2 ServeurGTI;Serveur GTI;c:\progra~1\CegidPMI\serveurgti.exe [08/09/2008 12:49 307200]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/07/2007 20:38 569344]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [19/12/2003 14:54 11264]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [19/12/2003 14:54 10368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 15:59 30336]
R3 VegAlpha;VegAlpha;c:\windows\system32\drivers\VegAlpha.sys [30/01/2009 15:33 88576]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2010 11:47 135664]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [19/12/2003 14:54 13312]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - kuxki
.
Contenu du dossier 'Tâches planifiées'
2010-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 09:47]
2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 09:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: gouv.fr\impots
Trusted Zone: gouv.fr\tva.dgi.minefi
TCP: {CAFC01F2-2091-4D45-8741-614DCF9C5033} = 192.168.0.200
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} - hxxps://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
FF - ProfilePath - c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st
FF - component: c:\documents and settings\gestion\Application Data\Mozilla\Firefox\Profiles\d99imhb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 16:36
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kuxki]
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1228)
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(2320)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
.
Heure de fin: 2010-05-19 16:43:24
ComboFix-quarantined-files.txt 2010-05-19 14:43
ComboFix2.txt 2010-05-19 12:10
Avant-CF: 128 639 078 400 octets libres
Après-CF: 128 594 821 120 octets libres
- - End Of File - - 04BFE7B1F36192D18ECCC6BDD8FEEB47
Merci
Il y a bcp de choses qui ont disparus entre ton rapport HijackThis (le premier) et Malwarebyte/Combofix.
C'est bizarre.
Supprime ce dossier :
c:\documents and settings\Administration\Local Settings\Application Data\atmclbCMP
Télécharge GMER à partir de ce lien : http://www.gmer.net#files - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
[b]IMPORTANT:[/b] Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
Laisse tout coché.
Clic sur Scan
Lorsque le scan est terminé, clic sur "Copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
C'est bizarre.
Supprime ce dossier :
c:\documents and settings\Administration\Local Settings\Application Data\atmclbCMP
Télécharge GMER à partir de ce lien : http://www.gmer.net#files - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
[b]IMPORTANT:[/b] Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
Laisse tout coché.
Clic sur Scan
Lorsque le scan est terminé, clic sur "Copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Oui
Désolée, je n'ai pas pu me rendre au travail la fin de semaine dernière.
Je me remet à la désinfection demain.
Merci
Désolée, je n'ai pas pu me rendre au travail la fin de semaine dernière.
Je me remet à la désinfection demain.
Merci
