Sujet Précédent Sujet Suivant

[Virus] pws, plus pb iedw et bruit sonore

Fermé
KC-coach - 2 févr. 2007 à 17:57
 KC-coch - 3 févr. 2007 à 16:31
Bonjour,

J'au eu une attaque de virus, en otre: New malware.n, PWS zengtu,new malware.j, PWS-legMir.dll.

J'ai effectué mc afee, avg, avast, spy swepper, cc cleaner, atf cleaner.

Maintenant je pense qu'il me reste un petit soucis, c'est iedw... + bruit sonore.
donc j'ai fait un log hijackthis.
Je peu avoir un avis. Je sais pas si c'est ma version internet explorer qui deconne ou un virus qui est encore là? merci



Logfile of HijackThis v1.99.1
Scan saved at 17:24:29, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6009\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 60.169.1.178 hyap98.com
O1 - Hosts: 60.169.1.178 www.hyap98.com
O1 - Hosts: 60.169.1.178 82087871.com
O1 - Hosts: 60.169.1.178 www.82087871.com
O1 - Hosts: 60.169.1.178 y1599.com
O1 - Hosts: 60.169.1.178 www.y1599.com
O1 - Hosts: 60.169.1.178 47555.cn
O1 - Hosts: 60.169.1.178 nc.47555.cn
O1 - Hosts: 60.169.1.178 cn.47555.cn
O1 - Hosts: 60.169.1.178 crsky.47555.cn
O1 - Hosts: 60.169.1.178 www.47555.cn
O1 - Hosts: 60.169.1.178 kirinkwy.com.cn
O1 - Hosts: 60.169.1.178 www.kirinkwy.com.cn
O1 - Hosts: 60.169.1.178 goujiao.e34.163ns.com
O1 - Hosts: 60.169.1.178 sybaby2.c67.zgsj.com
O1 - Hosts: 60.169.1.178 jygame88.com
O1 - Hosts: 60.169.1.178 sybaby3.a33.zgsj.com
O1 - Hosts: 60.169.1.178 baibu.com
O1 - Hosts: 60.169.1.178 www.baidu.com
O1 - Hosts: 60.169.1.178 www.yy520ly.cn
O1 - Hosts: 60.169.1.178 huiyuan.hz09.9iis.com
O1 - Hosts: 60.169.1.178 www.888muma.com
O1 - Hosts: 60.169.1.178 urlmon.isxv.com
O1 - Hosts: 60.169.1.178 www.feifeicqq.com
O1 - Hosts: 60.169.1.178 wow.wow88.cn
O1 - Hosts: 60.169.1.178 bbs.v369v.com
O1 - Hosts: 60.169.1.178 www.58aa.cn
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6009\SiteAdv.exe"
O4 - HKLM\..\Run: [upxdnd] C:\DOCUME~1\Karine\LOCALS~1\Temp\upxdnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0238681170425170) (0238681170425170mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023868~1.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

6 réponses

Réponse 1 / 6
Utilisateur anonyme
2 févr. 2007 à 18:07
Salut

¤ Télécharge Hoster
http://www.funkytoad.com/download/hoster.zip

Dézippe le sur ton bureau, double clic sur hoster.exe
Sur la droite clic sur "Restore Microsoft's Hosts file"
Puis ferme le programme.


¤ Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/
0
Réponse 2 / 6
KC-coach
2 févr. 2007 à 21:22
J'ai suivi la procédure indiquée.
Voila le résultat:

BitDefender Online Scanner



Scan report generated at: Fri, Feb 02, 2007 - 21:16:11





Scan path: A:\;C:\;D:\;







Statistics

Time
00:46:32

Files
253475

Folders
4164

Boot Sectors
2

Archives
2813

Packed Files
27387




Results

Identified Viruses
2

Infected Files
28

Suspect Files
14

Warnings
0

Disinfected
0

Deleted Files
41




Engines Info

Virus Definitions
418073

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Internet Explorer\InfoMs.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\Program Files\Internet Explorer\InfoMs.sys
Disinfection failed

C:\Program Files\Internet Explorer\InfoMs.sys
Deleted

C:\Program Files\Internet Explorer\InfoMs.tdm
Suspected of: Generic.Malware.Fdldsp.F6476380

C:\Program Files\Internet Explorer\InfoMs.tdm
Disinfection failed

C:\Program Files\Internet Explorer\InfoMs.tdm
Delete failed

C:\Program Files\Internet Explorer\InfoMs.tp3
Suspected of: Generic.Malware.Fdldsp.F6476380

C:\Program Files\Internet Explorer\InfoMs.tp3
Disinfection failed

C:\Program Files\Internet Explorer\InfoMs.tp3
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP201\A0025342.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP201\A0025342.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP201\A0025342.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025381.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025381.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025381.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025394.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025394.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025394.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025402.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025402.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025402.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025429.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025429.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025429.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025439.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025439.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025439.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025445.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025445.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025445.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025455.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025455.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025455.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025459.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025459.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025459.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025473.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025473.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025473.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025484.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025484.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025484.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025496.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025496.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025496.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025647.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025647.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025647.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025745.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025745.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025745.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025758.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025758.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025758.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025769.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025769.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\A0025769.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\snapshot\MFEX-1.DAT
Suspected of: Generic.Malware.Fdldsp.F6476380

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\snapshot\MFEX-1.DAT
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP202\snapshot\MFEX-1.DAT
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0025786.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0025786.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0025786.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026069.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026069.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026069.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026072.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026072.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026072.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026079.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026079.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026079.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026092.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026092.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026092.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026096.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026096.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026096.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026539.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026539.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026539.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026574.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026574.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026574.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026584.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026584.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026584.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026720.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026720.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026720.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026732.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026732.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026732.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026742.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026742.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026742.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026764.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026764.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP203\A0026764.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026777.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026777.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026777.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026790.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026790.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026790.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026794.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026794.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026794.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026802.dll
Infected with: Trojan.PSW.Lmir.AA

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026802.dll
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0026802.dll
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0029062.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0029062.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0029062.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0030077.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0030077.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0030077.sys
Deleted

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0030120.sys
Suspected of: Generic.Malware.SFBdld.E1AB97DD

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0030120.sys
Disinfection failed

C:\System Volume Information\_restore{35FAE571-BFFD-44BB-A2D9-E40AB7B6C6DD}\RP204\A0030120.sys
Deleted

C:\WINDOWS\system32\twunk32.exe
Infected with: Trojan.PWS.Lmir.AII

C:\WINDOWS\system32\twunk32.exe
Disinfection failed

C:\WINDOWS\system32\twunk32.exe
Deleted

C:\WINDOWS\system32\wsttrs.dll
Infected with: Trojan.PSW.Lmir.AA

C:\WINDOWS\system32\wsttrs.dll
Disinfection failed

C:\WINDOWS\system32\wsttrs.dll
Deleted

en attendant ton verdict!!!! merci
0
Réponse 3 / 6
Utilisateur anonyme
2 févr. 2007 à 23:21
Salut

Télécharge http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Dézippe le contenu de l'archive sur ton bureau et double-clic sur avenger.exe
Clic sur "Ok". Sélectionne "Load Script from File" et clic sur l'icône en forme de dossier.
-Sélectionne le fichier remove.txt qui est sur ton bureau. Clic sur le feu vert pour lancer le script
Clic sur "Oui" et accepte de redémarrer ton PC
0
Réponse 4 / 6
KC-coach
3 févr. 2007 à 03:57
je n'ai pas de fichier remove.txt sur mon bureau. Doit il se créer à l'ouverture du programme?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Utilisateur anonyme
3 févr. 2007 à 12:50
Arf ! c'est pas ça j'voulais te demander :-/

Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/combofix.exe

Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "Y" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Tu peux jeter le programme dès que c'est fait.
0
Réponse 6 / 6
KC-coch
3 févr. 2007 à 16:31
Voila, j'ai fait ce que tu m'as dit. Le programme s'est executé, mon pc a redémarré et voi ci le report:




"K‚vin" - 07-02-03 15:49:16 Service Pack 2
ComboFix 07.02.03 - Running from: "C:\Documents and Settings\K‚vin\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Internet Explorer\InfoMs.sys
C:\Program Files\pcast
C:\Program Files\Internet Explorer\InfoMs.tdm


((((((((((((((((((((((((((((((( Files Created from 2007-01-03 to 2007-02-03 ))))))))))))))))))))))))))))))))))


2007-02-03 15:50 <REP> d-------- C:\WINDOWS\ERDNT
2007-02-03 11:37 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2007-02-02 20:28 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-02-02 20:14 <REP> d-------- C:\Program Files\XoftSpySE
2007-02-02 17:24 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-02-02 17:17 <REP> d-------- C:\Program Files\CCleaner
2007-02-02 17:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-02-02 15:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-02 15:58 <REP> d-------- C:\Program Files\Grisoft
2007-02-01 23:37 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-02-01 23:37 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-02-01 23:37 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-02-01 23:36 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-02-01 23:36 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-02-01 23:36 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-02-01 23:36 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-02-01 00:17 <REP> d-------- C:\DOCUME~1\Karine\Application Data\SiteAdvisor
2007-02-01 00:08 <REP> d-------- C:\SiteAdvisor
2007-01-31 23:50 <REP> d-------- C:\Program Files\SiteAdvisor
2007-01-31 23:50 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-01-31 23:50 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\SiteAdvisor
2007-01-31 23:50 <REP> d-------- C:\DOCUME~1\KVIN~1\Application Data\SiteAdvisor
2007-01-31 23:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SiteAdvisor
2007-01-31 23:49 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-01-31 23:48 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-01-31 23:48 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-01-31 23:48 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-01-31 23:48 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-01-31 23:48 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-01-31 23:48 107,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-01-31 23:48 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2007-01-31 23:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee
2007-01-31 23:18 <REP> d-------- C:\Program Files\Alwil Software
2007-01-30 22:26 12,875 --a------ C:\kltemp.exe
2007-01-30 22:26 <REP> d-------- C:\WINDOWS\uninstall
2007-01-08 00:29 <REP> d-------- C:\DOCUME~1\KVIN~1\Application Data\PPLive


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-03 15:52 -------- d-------- C:\Program Files\mcafee
2007-02-03 11:41 -------- d-------- C:\Program Files\freego
2007-02-03 03:46 -------- d-------- C:\Program Files\warcraft iii
2007-02-02 16:18 -------- d-------- C:\Documents and Settings\K‚vin\Application Data\siteadvisor
2007-01-31 23:52 -------- d-------- C:\Program Files\mcafee.com
2007-01-31 20:54 -------- d-------- C:\Documents and Settings\K‚vin\Application Data\skype
2007-01-31 20:43 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-01-31 20:37 -------- d-------- C:\Program Files\adsltv
2007-01-31 20:01 -------- d-------- C:\Program Files\winamp
2007-01-31 20:01 -------- d-------- C:\Program Files\teamspeak2_rc2
2007-01-31 20:00 -------- d-------- C:\Program Files\emule
2007-01-30 22:27 -------- d-------- C:\Program Files\zoom player
2007-01-30 22:27 -------- d-------- C:\Program Files\winpcap
2007-01-30 22:27 -------- d-------- C:\Program Files\tvants
2007-01-30 22:27 -------- d-------- C:\Program Files\sopcast
2007-01-30 22:27 -------- d-------- C:\Program Files\snapshot viewer
2007-01-30 22:27 -------- d-------- C:\Program Files\sld codec pack 1.5.3
2007-01-30 22:27 -------- d-------- C:\Program Files\quicktime
2007-01-30 22:27 -------- d-------- C:\Program Files\ppstream
2007-01-30 22:27 -------- d-------- C:\Program Files\msn messenger
2007-01-30 22:27 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 22:27 -------- d-------- C:\Program Files\mediacenter
2007-01-30 22:27 -------- d-------- C:\Program Files\divx
2007-01-30 22:26 -------- d-------- C:\Program Files\coolstreamingit
2007-01-25 21:57 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-25 21:57 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-25 21:57 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-25 21:57 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-14 00:07 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-01-13 12:39 -------- d-------- C:\Documents and Settings\K‚vin\Application Data\utorrent
2007-01-08 00:29 359936 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-08 00:29 -------- d-------- C:\Documents and Settings\K‚vin\Application Data\pplive
2007-01-08 00:28 -------- d-------- C:\Program Files\pplive tv
2006-12-30 22:23 -------- d-------- C:\Documents and Settings\K‚vin\Application Data\teamspeak2
2006-12-30 20:29 -------- d-------- C:\Program Files\konami
2006-12-10 20:22 -------- d-------- C:\Documents and Settings\K‚vin\Application Data\podcast
2006-11-13 13:23 278528 --a------ C:\WINDOWS\system32\podcastbarweb.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
"MskAgentexe"="\"C:\\Program Files\\McAfee\\MSK\\MskAgent.exe\""
"SiteAdvisor"="\"C:\\Program Files\\SiteAdvisor\\6020\\SiteAdv.exe\""
"upxdnd"="C:\\DOCUME~1\\Karine\\LOCALS~1\\Temp\\upxdnd.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Lancement rapide d'Adobe Reader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7d4wt4jm0ki0sk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="system"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartDoctor"
"hkey"="HKCU"
"command"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="? ????? ??Ÿ
?? ?? ????"
"hkey"="HKCU"
"command"="? ????? ??Ÿ
?? ?? ????"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhs2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mhs2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\mhs2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiceMt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Systemt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Systemt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="\"nwiz"
"hkey"="HKLM"
"command"="\"nwiz.exe\" /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\PSDrvCheck.exe\" -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speek]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\KVIN~1\\LOCALS~1\\Temp\\1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_0029171170499029MCINSTCLEANUP


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\XoftSpySE.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

? [1940]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-03 15:54:08


Merci et bon courage!!!!!!!!!!!
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Bruit Arc éléctrique genre pétard dans ma chambre, help !
MAO Technics -
Dsympatic -

5 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses