[ROOTKIT] que faire
achou31
Messages postés
218
Statut
Membre
-
achou31 Messages postés 218 Statut Membre -
achou31 Messages postés 218 Statut Membre -
Bonjour,
voila mon analyse AVG anti Rootkit qui détecte la présence d un rootkit,
C:\WINDOWS\systeme32\drivers\a17t9ggb.SYS
Pour moi c est de l hébreux, que doit je faire, le supprimer? en effet AVG me prévient que cela pourrait induire des ennuis dans mon systeme
Votre avis
voila mon analyse AVG anti Rootkit qui détecte la présence d un rootkit,
C:\WINDOWS\systeme32\drivers\a17t9ggb.SYS
Pour moi c est de l hébreux, que doit je faire, le supprimer? en effet AVG me prévient que cela pourrait induire des ennuis dans mon systeme
Votre avis
A voir également:
- [ROOTKIT] que faire
- Rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Sophos anti rootkit - Télécharger - Antivirus & Antimalwares
- Avg anti rootkit - Télécharger - Antivirus & Antimalwares
- Panda anti-rootkit - Télécharger - Antivirus & Antimalwares
13 réponses
salut,
télécharge sophos anti rootkit et scan.
si tu as un rapport poste le ou dis nous les fichiers qu'il a trouvé.
@++
télécharge sophos anti rootkit et scan.
si tu as un rapport poste le ou dis nous les fichiers qu'il a trouvé.
@++
3 fichier on été trouver, tous sont inconnus, voila leur localisation:
C:/Documents and setting\achou\bureau\sophos-anti-rootkit_1.3_anglais_24143.exe
C:/WINDOWSTemp\a2archive\bytetocharbig5.class
C:/WINDOWS\ie7reg0025
je dois faure quoi?
C:/Documents and setting\achou\bureau\sophos-anti-rootkit_1.3_anglais_24143.exe
C:/WINDOWSTemp\a2archive\bytetocharbig5.class
C:/WINDOWS\ie7reg0025
je dois faure quoi?
salut,
désolé je dormais...
relance un scan avec sophos et supprime les 2 fichiers:
C:/WINDOWSTemp\a2archive\bytetocharbig5.class
C:/WINDOWS\ie7reg0025
fait ensuite un scan en ligne avec bitdefender et poste le rapport.
@++
désolé je dormais...
relance un scan avec sophos et supprime les 2 fichiers:
C:/WINDOWSTemp\a2archive\bytetocharbig5.class
C:/WINDOWS\ie7reg0025
fait ensuite un scan en ligne avec bitdefender et poste le rapport.
@++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merci pour ton aide, voila mon rapport du scan de bitdefender:
Statistiques
Temps
01:15:10
Fichiers
356774
Directoires
9292
Secteurs de boot
5
Archives
5998
Paquets programmes
15158
Résultats
Virus identifiés
1
Fichiers infectés
1
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
858941
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\WINDOWS\system32\ssttq.dll
Infecté par: DeepScan:Generic.Virtumod.101D988B
C:\WINDOWS\system32\ssttq.dll
Echec de la désinfection
C:\WINDOWS\system32\ssttq.dll
Echec de la suppression
c est dingue que kaspersky passe a coté non? Des conseils pour éviter ce genre de suprise?
Statistiques
Temps
01:15:10
Fichiers
356774
Directoires
9292
Secteurs de boot
5
Archives
5998
Paquets programmes
15158
Résultats
Virus identifiés
1
Fichiers infectés
1
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
858941
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\WINDOWS\system32\ssttq.dll
Infecté par: DeepScan:Generic.Virtumod.101D988B
C:\WINDOWS\system32\ssttq.dll
Echec de la désinfection
C:\WINDOWS\system32\ssttq.dll
Echec de la suppression
c est dingue que kaspersky passe a coté non? Des conseils pour éviter ce genre de suprise?
voila les différents rapports:
VBG
[10/30/2007, 17:46:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\achou\Bureau\VirtumundoBeGone.exe" )
[10/30/2007, 17:46:33] - Detected System Information:
[10/30/2007, 17:46:33] - Windows Version: 5.1.2600, Service Pack 2
[10/30/2007, 17:46:33] - Current Username: achou (Admin)
[10/30/2007, 17:46:33] - Windows is in NORMAL mode.
[10/30/2007, 17:46:33] - Searching for Browser Helper Objects:
[10/30/2007, 17:46:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/30/2007, 17:46:33] - BHO 2: {45B36AEB-CE4E-4C97-9715-B0058050EF83} ()
[10/30/2007, 17:46:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:46:33] - Checking for HKLM\...\Winlogon\Notify\ssttq
[10/30/2007, 17:46:33] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
[10/30/2007, 17:46:33] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/30/2007, 17:46:33] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/30/2007, 17:46:33] - BHO 5: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[10/30/2007, 17:46:33] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/30/2007, 17:46:33] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[10/30/2007, 17:46:33] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[10/30/2007, 17:46:33] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[10/30/2007, 17:46:33] - BHO 10: {D44F533C-A9D2-430A-B28C-FAA500525C52} ()
[10/30/2007, 17:46:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:46:33] - No filename found. Continuing.
[10/30/2007, 17:46:33] - Finished Searching Browser Helper Objects
[10/30/2007, 17:46:33] - Finishing up...
[10/30/2007, 17:46:33] - Nothing found! Exiting...
[10/30/2007, 17:47:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\achou\Bureau\VirtumundoBeGone.exe" )
[10/30/2007, 17:47:33] - Detected System Information:
[10/30/2007, 17:47:33] - Windows Version: 5.1.2600, Service Pack 2
[10/30/2007, 17:47:33] - Current Username: achou (Admin)
[10/30/2007, 17:47:33] - Windows is in NORMAL mode.
[10/30/2007, 17:47:33] - Searching for Browser Helper Objects:
[10/30/2007, 17:47:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/30/2007, 17:47:33] - BHO 2: {45B36AEB-CE4E-4C97-9715-B0058050EF83} ()
[10/30/2007, 17:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:47:33] - Checking for HKLM\...\Winlogon\Notify\ssttq
[10/30/2007, 17:47:33] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
[10/30/2007, 17:47:33] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/30/2007, 17:47:33] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/30/2007, 17:47:33] - BHO 5: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[10/30/2007, 17:47:33] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/30/2007, 17:47:33] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[10/30/2007, 17:47:33] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[10/30/2007, 17:47:33] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[10/30/2007, 17:47:33] - BHO 10: {D44F533C-A9D2-430A-B28C-FAA500525C52} ()
[10/30/2007, 17:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:47:33] - No filename found. Continuing.
[10/30/2007, 17:47:33] - Finished Searching Browser Helper Objects
[10/30/2007, 17:47:33] - Finishing up...
[10/30/2007, 17:47:33] - Nothing found! Exiting...
combofix
ComboFix 07-10-29.1 - achou 2007-10-30 18:17:59.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\achou\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\achou\Application Data\Hotbar_Icons
C:\Documents and Settings\achou\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\achou\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\achou\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht
C:\Documents and Settings\All Users\Bureau\internet.lnk
C:\WINDOWS\system32\t.txt
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))))))))
.
2007-10-30 17:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 17:26 <REP> d-------- C:\VundoFix Backups
2007-10-30 14:55 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys
2007-10-29 22:59 <REP> d-------- C:\Program Files\Sophos
2007-10-23 12:18 <REP> d-------- C:\Program Files\SAGEM
2007-10-23 12:18 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-10-19 15:00 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-10-18 23:07 <REP> dr-h----- C:\Documents and Settings\achou\Application Data\SecuROM
2007-10-18 23:03 <REP> d--h----- C:\Program Files\Zero G Registry
2007-10-18 23:03 <REP> d--h----- C:\Documents and Settings\achou\InstallAnywhere
2007-10-18 22:49 <REP> d-------- C:\Program Files\AdVantage
2007-10-18 22:48 <REP> d-------- C:\Program Files\DAEMON Tools
2007-09-30 18:59 <REP> d-------- C:\Program Files\SpywareBlaster
2007-09-30 16:46 <REP> d-------- C:\Program Files\a-squared Free
2007-09-24 13:53 <REP> d-------- C:\Program Files\Musetools
2007-09-21 13:49 <REP> d-------- C:\Program Files\Winamp
2007-09-14 14:03 <REP> d-------- C:\Program Files\Windows Defender
2007-09-14 13:47 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-09-12 18:16 <REP> d-------- C:\Program Files\MSXML 6.0
2007-09-12 17:56 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2007-09-12 17:56 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2007-09-12 17:55 2,184,192 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-09-12 17:55 2,139,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-09-12 17:55 2,061,440 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-09-12 17:55 2,019,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-09-12 17:50 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-09-12 17:50 26,112 --a------ C:\symlcsv1.exe
2007-09-12 17:38 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2007-09-12 17:38 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-09-12 17:38 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-09-12 13:30 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-12 13:30 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-12 13:30 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-12 13:30 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-09-07 13:35 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-07 13:35 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-07 13:35 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 11:45 <REP> d-------- C:\Documents and Settings\achou\Application Data\WeatherDPA
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 16:48 87,467,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-30 16:48 141,644 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-30 16:48 1,477,152 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-30 16:48 1,174,604 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-30 16:16 --------- d-----w C:\Program Files\eMule
2007-10-23 11:47 --------- d-----w C:\Program Files\Wanadoo
2007-10-19 14:00 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-19 13:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-19 12:45 --------- d-----w C:\Documents and Settings\achou\Application Data\Sports Interactive
2007-10-19 12:43 --------- d-----w C:\Program Files\Sports Interactive
2007-10-18 22:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-18 21:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-18 18:24 --------- d-----w C:\Program Files\Azureus
2007-10-18 18:24 --------- d-----w C:\Documents and Settings\achou\Application Data\Azureus
2007-10-14 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 23:17 --------- d-----w C:\Program Files\Micro Application
2007-10-14 16:15 --------- d-----w C:\Program Files\Navilog1
2007-09-12 16:32 --------- d-----w C:\Program Files\SetPoint
2007-09-10 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-08 18:37 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-08 18:37 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-03 16:52 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-09-03 16:52 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-12 10:12 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45B36AEB-CE4E-4C97-9715-B0058050EF83}]
C:\WINDOWS\system32\ssttq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D44F533C-A9D2-430A-B28C-FAA500525C52}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 15:00 C:\WINDOWS\stsystra.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 13:47]
"reset.bat"="C:\WINDOWS\system32\reset.bat" [2007-03-19 15:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 13:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2006-04-27 11:30 53248 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvspm]
yayvspm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SetPoint.lnk
backup=C:\WINDOWS\pss\SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
"C:\Program Files\AdVantage\AdVantage.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
"C:\Program Files\Hotbar\bin\10.0.342.0\Weather.exe" -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S1 SAVRKBootTasks;Boot Tasks Driver;\??\C:\WINDOWS\system32\SAVRKBootTasks.sys
S1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!\K!TVXP~1\DSDrv4.sys
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\6.tmp
S3 s616bus;Sony Ericsson Device 616 driver (WDM);C:\WINDOWS\system32\DRIVERS\s616bus.sys
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s616mdm.sys
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS);C:\WINDOWS\system32\DRIVERS\s616nd5.sys
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s616obex.sys
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM);C:\WINDOWS\system32\DRIVERS\s616unic.sys
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-26 15:19:11 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
"2007-10-30 17:18:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-30 16:05:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 18:20:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 18:20:36
.
--- E O F ---
scanner.exe(hijackthis)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:10, on 2007-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\achou\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070108
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {D44F533C-A9D2-430A-B28C-FAA500525C52} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [reset.bat] C:\WINDOWS\system32\reset.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?aabb4611b5f54b438ed4d6a0f9dd1045
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?aabb4611b5f54b438ed4d6a0f9dd1045
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
VBG
[10/30/2007, 17:46:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\achou\Bureau\VirtumundoBeGone.exe" )
[10/30/2007, 17:46:33] - Detected System Information:
[10/30/2007, 17:46:33] - Windows Version: 5.1.2600, Service Pack 2
[10/30/2007, 17:46:33] - Current Username: achou (Admin)
[10/30/2007, 17:46:33] - Windows is in NORMAL mode.
[10/30/2007, 17:46:33] - Searching for Browser Helper Objects:
[10/30/2007, 17:46:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/30/2007, 17:46:33] - BHO 2: {45B36AEB-CE4E-4C97-9715-B0058050EF83} ()
[10/30/2007, 17:46:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:46:33] - Checking for HKLM\...\Winlogon\Notify\ssttq
[10/30/2007, 17:46:33] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
[10/30/2007, 17:46:33] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/30/2007, 17:46:33] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/30/2007, 17:46:33] - BHO 5: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[10/30/2007, 17:46:33] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/30/2007, 17:46:33] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[10/30/2007, 17:46:33] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[10/30/2007, 17:46:33] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[10/30/2007, 17:46:33] - BHO 10: {D44F533C-A9D2-430A-B28C-FAA500525C52} ()
[10/30/2007, 17:46:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:46:33] - No filename found. Continuing.
[10/30/2007, 17:46:33] - Finished Searching Browser Helper Objects
[10/30/2007, 17:46:33] - Finishing up...
[10/30/2007, 17:46:33] - Nothing found! Exiting...
[10/30/2007, 17:47:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\achou\Bureau\VirtumundoBeGone.exe" )
[10/30/2007, 17:47:33] - Detected System Information:
[10/30/2007, 17:47:33] - Windows Version: 5.1.2600, Service Pack 2
[10/30/2007, 17:47:33] - Current Username: achou (Admin)
[10/30/2007, 17:47:33] - Windows is in NORMAL mode.
[10/30/2007, 17:47:33] - Searching for Browser Helper Objects:
[10/30/2007, 17:47:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/30/2007, 17:47:33] - BHO 2: {45B36AEB-CE4E-4C97-9715-B0058050EF83} ()
[10/30/2007, 17:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:47:33] - Checking for HKLM\...\Winlogon\Notify\ssttq
[10/30/2007, 17:47:33] - Key not found: HKLM\...\Winlogon\Notify\ssttq, continuing.
[10/30/2007, 17:47:33] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/30/2007, 17:47:33] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/30/2007, 17:47:33] - BHO 5: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[10/30/2007, 17:47:33] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/30/2007, 17:47:33] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[10/30/2007, 17:47:33] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[10/30/2007, 17:47:33] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[10/30/2007, 17:47:33] - BHO 10: {D44F533C-A9D2-430A-B28C-FAA500525C52} ()
[10/30/2007, 17:47:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 17:47:33] - No filename found. Continuing.
[10/30/2007, 17:47:33] - Finished Searching Browser Helper Objects
[10/30/2007, 17:47:33] - Finishing up...
[10/30/2007, 17:47:33] - Nothing found! Exiting...
combofix
ComboFix 07-10-29.1 - achou 2007-10-30 18:17:59.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\achou\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\achou\Application Data\Hotbar_Icons
C:\Documents and Settings\achou\Application Data\Hotbar_Icons\meetic.ico
C:\Documents and Settings\achou\Application Data\Hotbar_Icons\Registryrepair.ico
C:\Documents and Settings\achou\Application Data\Hotbar_Icons\wallpapere1.ico
C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht
C:\Documents and Settings\All Users\Bureau\internet.lnk
C:\WINDOWS\system32\t.txt
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))))))))
.
2007-10-30 17:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 17:26 <REP> d-------- C:\VundoFix Backups
2007-10-30 14:55 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys
2007-10-29 22:59 <REP> d-------- C:\Program Files\Sophos
2007-10-23 12:18 <REP> d-------- C:\Program Files\SAGEM
2007-10-23 12:18 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-10-19 15:00 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-10-18 23:07 <REP> dr-h----- C:\Documents and Settings\achou\Application Data\SecuROM
2007-10-18 23:03 <REP> d--h----- C:\Program Files\Zero G Registry
2007-10-18 23:03 <REP> d--h----- C:\Documents and Settings\achou\InstallAnywhere
2007-10-18 22:49 <REP> d-------- C:\Program Files\AdVantage
2007-10-18 22:48 <REP> d-------- C:\Program Files\DAEMON Tools
2007-09-30 18:59 <REP> d-------- C:\Program Files\SpywareBlaster
2007-09-30 16:46 <REP> d-------- C:\Program Files\a-squared Free
2007-09-24 13:53 <REP> d-------- C:\Program Files\Musetools
2007-09-21 13:49 <REP> d-------- C:\Program Files\Winamp
2007-09-14 14:03 <REP> d-------- C:\Program Files\Windows Defender
2007-09-14 13:47 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-09-12 18:16 <REP> d-------- C:\Program Files\MSXML 6.0
2007-09-12 17:56 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2007-09-12 17:56 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2007-09-12 17:55 2,184,192 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-09-12 17:55 2,139,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-09-12 17:55 2,061,440 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-09-12 17:55 2,019,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-09-12 17:50 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-09-12 17:50 26,112 --a------ C:\symlcsv1.exe
2007-09-12 17:38 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2007-09-12 17:38 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-09-12 17:38 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-09-12 13:30 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-12 13:30 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-12 13:30 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-12 13:30 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-09-07 13:35 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-07 13:35 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-07 13:35 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 11:45 <REP> d-------- C:\Documents and Settings\achou\Application Data\WeatherDPA
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 16:48 87,467,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-30 16:48 141,644 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-30 16:48 1,477,152 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-30 16:48 1,174,604 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-30 16:16 --------- d-----w C:\Program Files\eMule
2007-10-23 11:47 --------- d-----w C:\Program Files\Wanadoo
2007-10-19 14:00 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-19 13:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-19 12:45 --------- d-----w C:\Documents and Settings\achou\Application Data\Sports Interactive
2007-10-19 12:43 --------- d-----w C:\Program Files\Sports Interactive
2007-10-18 22:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-18 21:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-18 18:24 --------- d-----w C:\Program Files\Azureus
2007-10-18 18:24 --------- d-----w C:\Documents and Settings\achou\Application Data\Azureus
2007-10-14 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 23:17 --------- d-----w C:\Program Files\Micro Application
2007-10-14 16:15 --------- d-----w C:\Program Files\Navilog1
2007-09-12 16:32 --------- d-----w C:\Program Files\SetPoint
2007-09-10 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-08 18:37 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-08 18:37 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-03 16:52 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-09-03 16:52 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-12 10:12 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45B36AEB-CE4E-4C97-9715-B0058050EF83}]
C:\WINDOWS\system32\ssttq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D44F533C-A9D2-430A-B28C-FAA500525C52}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 15:00 C:\WINDOWS\stsystra.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 13:47]
"reset.bat"="C:\WINDOWS\system32\reset.bat" [2007-03-19 15:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 13:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2006-04-27 11:30 53248 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWlgn.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvspm]
yayvspm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SetPoint.lnk
backup=C:\WINDOWS\pss\SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
"C:\Program Files\AdVantage\AdVantage.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
"C:\Program Files\Hotbar\bin\10.0.342.0\Weather.exe" -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S1 SAVRKBootTasks;Boot Tasks Driver;\??\C:\WINDOWS\system32\SAVRKBootTasks.sys
S1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!\K!TVXP~1\DSDrv4.sys
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\6.tmp
S3 s616bus;Sony Ericsson Device 616 driver (WDM);C:\WINDOWS\system32\DRIVERS\s616bus.sys
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s616mdm.sys
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS);C:\WINDOWS\system32\DRIVERS\s616nd5.sys
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s616obex.sys
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM);C:\WINDOWS\system32\DRIVERS\s616unic.sys
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-26 15:19:11 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
"2007-10-30 17:18:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-30 16:05:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 18:20:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 18:20:36
.
--- E O F ---
scanner.exe(hijackthis)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:10, on 2007-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\achou\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/fr/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070108
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {D44F533C-A9D2-430A-B28C-FAA500525C52} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [reset.bat] C:\WINDOWS\system32\reset.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?aabb4611b5f54b438ed4d6a0f9dd1045
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?aabb4611b5f54b438ed4d6a0f9dd1045
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
bein j ai un probleme récurent de lenteur je ne sais pas d ou ca peut venir, jai demander a plusieurs personnes, aucune solution n a été trouvés, peut etre que tu pourras m aider :
Lorsque je vais dans le poste de travail ou mes documents, jai constamment des messages d erreurs qui apparaissent, voici 3 exemples de ceux rencontrer:
1
Explorer.exe - Image incorrect
L application ou la dll c:\progFiles\fichiercommuns\microsoftshared\Windows Livelogin.dll n est pas une image windows valide
2
Explorer.exe - Image incorrect
L application ou la dll c:\progFiles\fichiercommuns\microsoftshared\encartawebcompanion\2007\ENCWCBAR n est pas une image windows valide
3
Explorer.exe - Image incorrect
L application ou la dll c:\progF..............................................\msnlb.dll n est pas une image windows valide
Lorsque je navigue sur internet je n ai aucun probléme, des lors que j 'entre dans mon disque dur ou dans mes documents, les problemes commencent, en effet, mon système plante assez régulièrement, il est d une incroyable lenteur et l écran se bloque quelques minutes puis repart c est assez énervant.
Voila la config de mon PC:
Windows XP SP2
intel core 2 CPU 6400@2.13 Ghz
2048 mo
on m a dis de faire une verif du disque dur, ca a été fait mais le probleme est toujours la, une idée??
Lorsque je vais dans le poste de travail ou mes documents, jai constamment des messages d erreurs qui apparaissent, voici 3 exemples de ceux rencontrer:
1
Explorer.exe - Image incorrect
L application ou la dll c:\progFiles\fichiercommuns\microsoftshared\Windows Livelogin.dll n est pas une image windows valide
2
Explorer.exe - Image incorrect
L application ou la dll c:\progFiles\fichiercommuns\microsoftshared\encartawebcompanion\2007\ENCWCBAR n est pas une image windows valide
3
Explorer.exe - Image incorrect
L application ou la dll c:\progF..............................................\msnlb.dll n est pas une image windows valide
Lorsque je navigue sur internet je n ai aucun probléme, des lors que j 'entre dans mon disque dur ou dans mes documents, les problemes commencent, en effet, mon système plante assez régulièrement, il est d une incroyable lenteur et l écran se bloque quelques minutes puis repart c est assez énervant.
Voila la config de mon PC:
Windows XP SP2
intel core 2 CPU 6400@2.13 Ghz
2048 mo
on m a dis de faire une verif du disque dur, ca a été fait mais le probleme est toujours la, une idée??
