Virus dans C:\WINDOWS\system32\ geedc.dll
Résolu/Fermé
thomasdeb
-
4 déc. 2007 à 18:34
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 5 déc. 2007 à 23:26
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 5 déc. 2007 à 23:26
A voir également:
- Virus dans C:\WINDOWS\system32\ geedc.dll
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Faux message virus iphone - Forum iPhone
- Comment savoir si j'ai attrapé un virus sur mon téléphone ? ✓ - Forum iPhone
18 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
4 déc. 2007 à 19:38
4 déc. 2007 à 19:38
salut thomasdeb,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Merci! Voila le rapport :
ComboFix 07-12-02.6 - CARREFOUR 2007-12-04 19:50:30.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.327 [GMT 1:00]
Running from: C:\Documents and Settings\CARREFOUR\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\Yazzle1848OinUninstaller.exe
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini2
C:\WINDOWS\system32\jkkiggg.dll
C:\WINDOWS\system32\nnnkihe.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\vturssq.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_IPRIP
-------\Iprip
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.
2007-12-04 19:16 . 2007-12-04 19:16 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-04 18:04 . 2007-12-04 18:04 9 --a------ C:\WINDOWS\system32\1e7f8303
2007-12-04 17:49 . 2007-12-04 17:49 331,872 --------- C:\WINDOWS\system32\geedc.dll
2007-12-02 17:38 . 2007-12-02 17:38 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\FileMaker
2007-12-02 17:38 . 2007-12-02 17:38 215 --a------ C:\WINDOWS\STRYBORD.INI
2007-12-02 17:36 . 2007-12-02 17:42 <REP> d-------- C:\Program Files\Storyboard tools
2007-12-02 17:34 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2007-11-26 20:35 . 2007-11-26 20:42 300,364 --a------ C:\WINDOWS\system32\geebc.dll
2007-11-24 13:42 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\MOVAVI
2007-11-24 13:41 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\ConvertMovie 5.0
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\AVS4YOU
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:16 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:15 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-24 13:15 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-24 13:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-24 13:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-11-24 13:15 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-24 13:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-11-24 13:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-11-24 13:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-11-24 13:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-11-24 13:00 . 2007-11-24 13:04 <REP> d-------- C:\Program Files\Video Convert Master
2007-11-24 13:00 . 2002-11-25 17:53 425,984 --a------ C:\WINDOWS\system32\xvid.dll
2007-11-24 13:00 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-24 13:00 . 2003-06-05 17:30 316,640 --a------ C:\WINDOWS\system32\WMSysPr9.prx
2007-11-24 13:00 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-24 13:00 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-24 12:28 . 2007-11-24 12:37 <REP> d-------- C:\divx
2007-11-24 11:59 . 2007-11-24 11:59 <REP> d-------- C:\Temp
2007-11-24 11:40 . 2007-11-24 11:40 <REP> d-------- C:\Program Files\Micro Application
2007-11-24 11:23 . 2007-11-24 11:23 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\TVU Networks
2007-11-20 21:02 . 2007-11-24 15:56 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-11-20 21:02 . 2007-11-24 15:57 3 --a------ C:\WINDOWS\Twain001.Mtx
2007-11-20 21:02 . 2007-11-20 21:02 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-11-20 20:55 . 2007-11-20 20:55 <REP> d-------- C:\Program Files\Vstplugins
2007-11-20 19:18 . 2007-11-20 19:18 <REP> d-------- C:\MIKA
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-19 22:37 . 2002-05-23 11:57 1,295,495 -ra------ C:\Installation de Macromedia Studio MX.exe
2007-11-19 21:18 . 2007-11-19 21:18 <REP> d-------- C:\VundoFix Backups
2007-11-19 21:07 . 2007-12-04 19:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-19 21:07 . 2007-11-19 21:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 21:07 . 2007-11-19 21:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 21:07 . 2007-11-19 21:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-18 16:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-17 20:24 . 2007-11-18 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 20:19 . 2007-11-17 20:19 <REP> d-------- C:\Program Files\Bonjour
2007-11-17 17:41 . 2007-11-17 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-11-17 12:55 . 2007-11-17 12:58 461,969,208 --a------ C:\ADBEPHSPCS3_WWF.exe
2007-11-16 20:57 . 2007-11-16 20:57 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-16 20:48 . 2007-11-16 20:48 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Talkback
2007-11-16 20:48 . 2007-11-16 20:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-10 16:47 . 2007-11-10 16:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-11-10 15:52 . 2007-11-10 15:52 <REP> d-------- C:\Program Files\Stardock
2007-11-10 15:52 . 2007-05-26 12:34 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-11-05 21:35 . 2007-11-27 17:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-04 16:48 . 2007-11-04 16:48 <REP> d-------- C:\Program Files\CCleaner
2007-11-04 15:37 . 2007-11-04 15:37 <REP> d-------- C:\Program Files\Network Stumbler
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 14:47 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\dvdcss
2007-11-20 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-11-20 19:54 --------- d-----w C:\Program Files\Sony
2007-11-18 15:05 --------- d-----w C:\Program Files\Java
2007-11-17 19:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-15 15:26 56,984 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\GDIPFONTCACHEV1.DAT
2007-11-14 16:37 --------- d-----w C:\Program Files\LimeWire
2007-11-03 17:27 --------- d--h--r C:\Documents and Settings\CARREFOUR\Application Data\SecuROM
2007-11-03 17:22 --------- d-----w C:\Program Files\Sports Interactive
2007-11-02 15:34 --------- d-----w C:\Program Files\aMSN
2007-11-02 13:28 --------- d-----w C:\Program Files\Windows Live
2007-11-02 13:28 --------- d-----w C:\Program Files\MSN Messenger
2007-11-02 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-02 13:27 3,966,288 ----a-w C:\MsgPlusLive-423.exe
2007-10-29 20:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-28 16:29 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\SecondLife
2007-10-28 15:45 1,271,557 ----a-w C:\wrar371fr.exe
2007-10-27 10:33 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sports Interactive
2007-10-27 10:11 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-15 18:48 --------- d-----w C:\Program Files\activePDF
2007-10-15 17:46 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-10-15 17:45 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sony
2007-10-15 17:42 --------- d-----w C:\Program Files\Sony Setup
2007-05-09 15:33 4 --shatr C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
2006-10-27 10:24 234 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\wklnhst.dat
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-10-15 13:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260F0CE0-DDB8-4B9A-BC54-41E9D851BE3B}]
2007-12-04 17:49 331872 --------- C:\WINDOWS\system32\geedc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:04]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geedc.dll
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-17 12:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-04 18:41:22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{963202E6-12AC-49F5-83B8-F18820163D45}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 19:58:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-04 20:02:09 - machine was rebooted
.
--- E O F ---
ComboFix 07-12-02.6 - CARREFOUR 2007-12-04 19:50:30.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.327 [GMT 1:00]
Running from: C:\Documents and Settings\CARREFOUR\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\Yazzle1848OinUninstaller.exe
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini2
C:\WINDOWS\system32\jkkiggg.dll
C:\WINDOWS\system32\nnnkihe.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\vturssq.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_IPRIP
-------\Iprip
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.
2007-12-04 19:16 . 2007-12-04 19:16 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-04 18:04 . 2007-12-04 18:04 9 --a------ C:\WINDOWS\system32\1e7f8303
2007-12-04 17:49 . 2007-12-04 17:49 331,872 --------- C:\WINDOWS\system32\geedc.dll
2007-12-02 17:38 . 2007-12-02 17:38 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\FileMaker
2007-12-02 17:38 . 2007-12-02 17:38 215 --a------ C:\WINDOWS\STRYBORD.INI
2007-12-02 17:36 . 2007-12-02 17:42 <REP> d-------- C:\Program Files\Storyboard tools
2007-12-02 17:34 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2007-11-26 20:35 . 2007-11-26 20:42 300,364 --a------ C:\WINDOWS\system32\geebc.dll
2007-11-24 13:42 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\MOVAVI
2007-11-24 13:41 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\ConvertMovie 5.0
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\AVS4YOU
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:16 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:15 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-24 13:15 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-24 13:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-24 13:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-11-24 13:15 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-24 13:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-11-24 13:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-11-24 13:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-11-24 13:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-11-24 13:00 . 2007-11-24 13:04 <REP> d-------- C:\Program Files\Video Convert Master
2007-11-24 13:00 . 2002-11-25 17:53 425,984 --a------ C:\WINDOWS\system32\xvid.dll
2007-11-24 13:00 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-24 13:00 . 2003-06-05 17:30 316,640 --a------ C:\WINDOWS\system32\WMSysPr9.prx
2007-11-24 13:00 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-24 13:00 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-24 12:28 . 2007-11-24 12:37 <REP> d-------- C:\divx
2007-11-24 11:59 . 2007-11-24 11:59 <REP> d-------- C:\Temp
2007-11-24 11:40 . 2007-11-24 11:40 <REP> d-------- C:\Program Files\Micro Application
2007-11-24 11:23 . 2007-11-24 11:23 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\TVU Networks
2007-11-20 21:02 . 2007-11-24 15:56 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-11-20 21:02 . 2007-11-24 15:57 3 --a------ C:\WINDOWS\Twain001.Mtx
2007-11-20 21:02 . 2007-11-20 21:02 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-11-20 20:55 . 2007-11-20 20:55 <REP> d-------- C:\Program Files\Vstplugins
2007-11-20 19:18 . 2007-11-20 19:18 <REP> d-------- C:\MIKA
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-19 22:37 . 2002-05-23 11:57 1,295,495 -ra------ C:\Installation de Macromedia Studio MX.exe
2007-11-19 21:18 . 2007-11-19 21:18 <REP> d-------- C:\VundoFix Backups
2007-11-19 21:07 . 2007-12-04 19:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-19 21:07 . 2007-11-19 21:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 21:07 . 2007-11-19 21:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 21:07 . 2007-11-19 21:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-18 16:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-17 20:24 . 2007-11-18 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 20:19 . 2007-11-17 20:19 <REP> d-------- C:\Program Files\Bonjour
2007-11-17 17:41 . 2007-11-17 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-11-17 12:55 . 2007-11-17 12:58 461,969,208 --a------ C:\ADBEPHSPCS3_WWF.exe
2007-11-16 20:57 . 2007-11-16 20:57 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-16 20:48 . 2007-11-16 20:48 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Talkback
2007-11-16 20:48 . 2007-11-16 20:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-10 16:47 . 2007-11-10 16:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-11-10 15:52 . 2007-11-10 15:52 <REP> d-------- C:\Program Files\Stardock
2007-11-10 15:52 . 2007-05-26 12:34 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-11-05 21:35 . 2007-11-27 17:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-04 16:48 . 2007-11-04 16:48 <REP> d-------- C:\Program Files\CCleaner
2007-11-04 15:37 . 2007-11-04 15:37 <REP> d-------- C:\Program Files\Network Stumbler
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 14:47 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\dvdcss
2007-11-20 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-11-20 19:54 --------- d-----w C:\Program Files\Sony
2007-11-18 15:05 --------- d-----w C:\Program Files\Java
2007-11-17 19:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-15 15:26 56,984 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\GDIPFONTCACHEV1.DAT
2007-11-14 16:37 --------- d-----w C:\Program Files\LimeWire
2007-11-03 17:27 --------- d--h--r C:\Documents and Settings\CARREFOUR\Application Data\SecuROM
2007-11-03 17:22 --------- d-----w C:\Program Files\Sports Interactive
2007-11-02 15:34 --------- d-----w C:\Program Files\aMSN
2007-11-02 13:28 --------- d-----w C:\Program Files\Windows Live
2007-11-02 13:28 --------- d-----w C:\Program Files\MSN Messenger
2007-11-02 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-02 13:27 3,966,288 ----a-w C:\MsgPlusLive-423.exe
2007-10-29 20:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-28 16:29 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\SecondLife
2007-10-28 15:45 1,271,557 ----a-w C:\wrar371fr.exe
2007-10-27 10:33 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sports Interactive
2007-10-27 10:11 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-15 18:48 --------- d-----w C:\Program Files\activePDF
2007-10-15 17:46 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-10-15 17:45 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sony
2007-10-15 17:42 --------- d-----w C:\Program Files\Sony Setup
2007-05-09 15:33 4 --shatr C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
2006-10-27 10:24 234 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\wklnhst.dat
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-10-15 13:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260F0CE0-DDB8-4B9A-BC54-41E9D851BE3B}]
2007-12-04 17:49 331872 --------- C:\WINDOWS\system32\geedc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:04]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geedc.dll
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-17 12:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-04 18:41:22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{963202E6-12AC-49F5-83B8-F18820163D45}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 19:58:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-04 20:02:09 - machine was rebooted
.
--- E O F ---
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
4 déc. 2007 à 20:51
4 déc. 2007 à 20:51
re,
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\1e7f8303
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\uninst.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260F0CE0-DDB8-4B9A-BC54-41E9D851BE3B}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
hijack this :
Télécharge HijackThis ici :
-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Tutoriel d´installation (images) :
-> http://pchelpbordeaux.free.fr/tuto.html
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\1e7f8303
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\uninst.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260F0CE0-DDB8-4B9A-BC54-41E9D851BE3B}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
hijack this :
Télécharge HijackThis ici :
-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Tutoriel d´installation (images) :
-> http://pchelpbordeaux.free.fr/tuto.html
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
Voila le rapport Combofix :
ComboFix 07-12-02.6 - CARREFOUR 2007-12-04 20:59:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\CARREFOUR\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\CARREFOUR\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\1e7f8303
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1e7f8303
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\uninst.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.
2007-12-04 20:20 . 2007-12-04 21:02 6,557 --ahs---- C:\WINDOWS\system32\cdeeg.ini2
2007-12-04 20:20 . 2007-12-04 21:04 6,557 --ahs---- C:\WINDOWS\system32\cdeeg.ini
2007-12-04 19:16 . 2007-12-04 19:16 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-02 17:38 . 2007-12-02 17:38 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\FileMaker
2007-12-02 17:38 . 2007-12-02 17:38 215 --a------ C:\WINDOWS\STRYBORD.INI
2007-12-02 17:36 . 2007-12-02 17:42 <REP> d-------- C:\Program Files\Storyboard tools
2007-11-26 20:35 . 2007-11-26 20:42 300,364 --a------ C:\WINDOWS\system32\geebc.dll
2007-11-24 13:42 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\MOVAVI
2007-11-24 13:41 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\ConvertMovie 5.0
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\AVS4YOU
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:16 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:15 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-24 13:15 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-24 13:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-24 13:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-11-24 13:15 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-24 13:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-11-24 13:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-11-24 13:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-11-24 13:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-11-24 13:00 . 2007-11-24 13:04 <REP> d-------- C:\Program Files\Video Convert Master
2007-11-24 13:00 . 2002-11-25 17:53 425,984 --a------ C:\WINDOWS\system32\xvid.dll
2007-11-24 13:00 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-24 13:00 . 2003-06-05 17:30 316,640 --a------ C:\WINDOWS\system32\WMSysPr9.prx
2007-11-24 13:00 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-24 13:00 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-24 12:28 . 2007-11-24 12:37 <REP> d-------- C:\divx
2007-11-24 11:59 . 2007-11-24 11:59 <REP> d-------- C:\Temp
2007-11-24 11:40 . 2007-11-24 11:40 <REP> d-------- C:\Program Files\Micro Application
2007-11-24 11:23 . 2007-11-24 11:23 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\TVU Networks
2007-11-20 21:02 . 2007-11-24 15:56 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-11-20 21:02 . 2007-11-24 15:57 3 --a------ C:\WINDOWS\Twain001.Mtx
2007-11-20 21:02 . 2007-11-20 21:02 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-11-20 20:55 . 2007-11-20 20:55 <REP> d-------- C:\Program Files\Vstplugins
2007-11-20 19:18 . 2007-11-20 19:18 <REP> d-------- C:\MIKA
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-19 22:37 . 2002-05-23 11:57 1,295,495 -ra------ C:\Installation de Macromedia Studio MX.exe
2007-11-19 21:18 . 2007-11-19 21:18 <REP> d-------- C:\VundoFix Backups
2007-11-19 21:07 . 2007-12-04 19:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-19 21:07 . 2007-11-19 21:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 21:07 . 2007-11-19 21:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 21:07 . 2007-11-19 21:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-18 16:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-17 20:24 . 2007-11-18 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 20:19 . 2007-11-17 20:19 <REP> d-------- C:\Program Files\Bonjour
2007-11-17 17:41 . 2007-11-17 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-11-17 12:55 . 2007-11-17 12:58 461,969,208 --a------ C:\ADBEPHSPCS3_WWF.exe
2007-11-16 20:57 . 2007-11-16 20:57 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-16 20:48 . 2007-11-16 20:48 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Talkback
2007-11-16 20:48 . 2007-11-16 20:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-10 16:47 . 2007-11-10 16:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-11-10 15:52 . 2007-11-10 15:52 <REP> d-------- C:\Program Files\Stardock
2007-11-10 15:52 . 2007-05-26 12:34 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-11-05 21:35 . 2007-11-27 17:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-04 16:48 . 2007-11-04 16:48 <REP> d-------- C:\Program Files\CCleaner
2007-11-04 15:37 . 2007-11-04 15:37 <REP> d-------- C:\Program Files\Network Stumbler
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 14:47 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\dvdcss
2007-11-20 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-11-20 19:54 --------- d-----w C:\Program Files\Sony
2007-11-18 15:05 --------- d-----w C:\Program Files\Java
2007-11-17 19:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-15 15:26 56,984 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\GDIPFONTCACHEV1.DAT
2007-11-14 16:37 --------- d-----w C:\Program Files\LimeWire
2007-11-03 17:27 --------- d--h--r C:\Documents and Settings\CARREFOUR\Application Data\SecuROM
2007-11-03 17:22 --------- d-----w C:\Program Files\Sports Interactive
2007-11-02 15:34 --------- d-----w C:\Program Files\aMSN
2007-11-02 13:28 --------- d-----w C:\Program Files\Windows Live
2007-11-02 13:28 --------- d-----w C:\Program Files\MSN Messenger
2007-11-02 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-02 13:27 3,966,288 ----a-w C:\MsgPlusLive-423.exe
2007-10-29 20:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-28 16:29 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\SecondLife
2007-10-28 15:45 1,271,557 ----a-w C:\wrar371fr.exe
2007-10-27 10:33 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sports Interactive
2007-10-27 10:11 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-15 18:48 --------- d-----w C:\Program Files\activePDF
2007-10-15 17:46 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-10-15 17:45 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sony
2007-10-15 17:42 --------- d-----w C:\Program Files\Sony Setup
2007-05-09 15:33 4 --shatr C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
2006-10-27 10:24 234 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\wklnhst.dat
2006-10-15 13:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:04]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-17 12:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-04 19:18:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{963202E6-12AC-49F5-83B8-F18820163D45}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 21:07:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-04 21:10:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-04 20:02
.
--- E O F ---
Et maintenant le Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:29, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CARREF~1\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sport.be/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYBE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://about.proquest.com/products-services/ebooks/ebooks-main.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
ComboFix 07-12-02.6 - CARREFOUR 2007-12-04 20:59:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\CARREFOUR\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\CARREFOUR\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\1e7f8303
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1e7f8303
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\uninst.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.
2007-12-04 20:20 . 2007-12-04 21:02 6,557 --ahs---- C:\WINDOWS\system32\cdeeg.ini2
2007-12-04 20:20 . 2007-12-04 21:04 6,557 --ahs---- C:\WINDOWS\system32\cdeeg.ini
2007-12-04 19:16 . 2007-12-04 19:16 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-02 17:38 . 2007-12-02 17:38 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\FileMaker
2007-12-02 17:38 . 2007-12-02 17:38 215 --a------ C:\WINDOWS\STRYBORD.INI
2007-12-02 17:36 . 2007-12-02 17:42 <REP> d-------- C:\Program Files\Storyboard tools
2007-11-26 20:35 . 2007-11-26 20:42 300,364 --a------ C:\WINDOWS\system32\geebc.dll
2007-11-24 13:42 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\MOVAVI
2007-11-24 13:41 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\ConvertMovie 5.0
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\AVS4YOU
2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:16 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:15 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-24 13:15 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-24 13:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-24 13:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-11-24 13:15 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-24 13:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-11-24 13:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-11-24 13:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-11-24 13:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-11-24 13:00 . 2007-11-24 13:04 <REP> d-------- C:\Program Files\Video Convert Master
2007-11-24 13:00 . 2002-11-25 17:53 425,984 --a------ C:\WINDOWS\system32\xvid.dll
2007-11-24 13:00 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-24 13:00 . 2003-06-05 17:30 316,640 --a------ C:\WINDOWS\system32\WMSysPr9.prx
2007-11-24 13:00 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-24 13:00 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-24 12:28 . 2007-11-24 12:37 <REP> d-------- C:\divx
2007-11-24 11:59 . 2007-11-24 11:59 <REP> d-------- C:\Temp
2007-11-24 11:40 . 2007-11-24 11:40 <REP> d-------- C:\Program Files\Micro Application
2007-11-24 11:23 . 2007-11-24 11:23 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\TVU Networks
2007-11-20 21:02 . 2007-11-24 15:56 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-11-20 21:02 . 2007-11-24 15:57 3 --a------ C:\WINDOWS\Twain001.Mtx
2007-11-20 21:02 . 2007-11-20 21:02 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-11-20 20:55 . 2007-11-20 20:55 <REP> d-------- C:\Program Files\Vstplugins
2007-11-20 19:18 . 2007-11-20 19:18 <REP> d-------- C:\MIKA
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-19 22:37 . 2002-05-23 11:57 1,295,495 -ra------ C:\Installation de Macromedia Studio MX.exe
2007-11-19 21:18 . 2007-11-19 21:18 <REP> d-------- C:\VundoFix Backups
2007-11-19 21:07 . 2007-12-04 19:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-19 21:07 . 2007-11-19 21:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 21:07 . 2007-11-19 21:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 21:07 . 2007-11-19 21:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-18 16:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-17 20:24 . 2007-11-18 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 20:19 . 2007-11-17 20:19 <REP> d-------- C:\Program Files\Bonjour
2007-11-17 17:41 . 2007-11-17 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-11-17 12:55 . 2007-11-17 12:58 461,969,208 --a------ C:\ADBEPHSPCS3_WWF.exe
2007-11-16 20:57 . 2007-11-16 20:57 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-16 20:48 . 2007-11-16 20:48 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Talkback
2007-11-16 20:48 . 2007-11-16 20:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-10 16:47 . 2007-11-10 16:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-11-10 15:52 . 2007-11-10 15:52 <REP> d-------- C:\Program Files\Stardock
2007-11-10 15:52 . 2007-05-26 12:34 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-11-05 21:35 . 2007-11-27 17:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-04 16:48 . 2007-11-04 16:48 <REP> d-------- C:\Program Files\CCleaner
2007-11-04 15:37 . 2007-11-04 15:37 <REP> d-------- C:\Program Files\Network Stumbler
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 14:47 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\dvdcss
2007-11-20 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-11-20 19:54 --------- d-----w C:\Program Files\Sony
2007-11-18 15:05 --------- d-----w C:\Program Files\Java
2007-11-17 19:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-15 15:26 56,984 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\GDIPFONTCACHEV1.DAT
2007-11-14 16:37 --------- d-----w C:\Program Files\LimeWire
2007-11-03 17:27 --------- d--h--r C:\Documents and Settings\CARREFOUR\Application Data\SecuROM
2007-11-03 17:22 --------- d-----w C:\Program Files\Sports Interactive
2007-11-02 15:34 --------- d-----w C:\Program Files\aMSN
2007-11-02 13:28 --------- d-----w C:\Program Files\Windows Live
2007-11-02 13:28 --------- d-----w C:\Program Files\MSN Messenger
2007-11-02 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-02 13:27 3,966,288 ----a-w C:\MsgPlusLive-423.exe
2007-10-29 20:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-28 16:29 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\SecondLife
2007-10-28 15:45 1,271,557 ----a-w C:\wrar371fr.exe
2007-10-27 10:33 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sports Interactive
2007-10-27 10:11 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-15 18:48 --------- d-----w C:\Program Files\activePDF
2007-10-15 17:46 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-10-15 17:45 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sony
2007-10-15 17:42 --------- d-----w C:\Program Files\Sony Setup
2007-05-09 15:33 4 --shatr C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
2006-10-27 10:24 234 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\wklnhst.dat
2006-10-15 13:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:04]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-17 12:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-04 19:18:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{963202E6-12AC-49F5-83B8-F18820163D45}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 21:07:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-04 21:10:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-04 20:02
.
--- E O F ---
Et maintenant le Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:29, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CARREF~1\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sport.be/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYBE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://about.proquest.com/products-services/ebooks/ebooks-main.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
4 déc. 2007 à 21:25
4 déc. 2007 à 21:25
re,
a l´aide hijack this coche les lignes ci dessous
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYBE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
installe un par feu
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
et fais un scan complet avec antivir et post le rapport ici :
une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
@+
a l´aide hijack this coche les lignes ci dessous
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYBE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
installe un par feu
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
et fais un scan complet avec antivir et post le rapport ici :
une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
@+
david1970
Messages postés
55
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
5 janvier 2008
4 déc. 2007 à 21:30
4 déc. 2007 à 21:30
bonsoir g!rly dis moi quel est le meilleur antivirus au monde merci
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
4 déc. 2007 à 21:45
4 déc. 2007 à 21:45
david,
il n´y a pas de meilleur antivir...
moi perso j´aime bien antivir, de plus il est gratuit...
il n´y a pas de meilleur antivir...
moi perso j´aime bien antivir, de plus il est gratuit...
david1970
Messages postés
55
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
5 janvier 2008
4 déc. 2007 à 21:47
4 déc. 2007 à 21:47
mais antivir na pas pare-feu
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
4 déc. 2007 à 22:09
4 déc. 2007 à 22:09
oui mais comme tu voie ci dessus je conseil kerio ou zone alarm
moi perso j´ai antivir et kerio plus des antispyware residents...
moi perso j´ai antivir et kerio plus des antispyware residents...
david1970
Messages postés
55
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
5 janvier 2008
4 déc. 2007 à 22:13
4 déc. 2007 à 22:13
on ma dit que ya des antivirus avec pare-feu integret
J'ai installé Zone Alarm et j'ai fait ce que ti m'avais demandé dans hijack this.
Maintenant je fais le scan dans antivir mais ca va prendre quelques temps donc je ne sais pas si je saurai poster le rapport encore ce soir mais sinon il sera la demain des que je peux...
Un grand merci en tout cas a++
Maintenant je fais le scan dans antivir mais ca va prendre quelques temps donc je ne sais pas si je saurai poster le rapport encore ce soir mais sinon il sera la demain des que je peux...
Un grand merci en tout cas a++
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
4 déc. 2007 à 22:31
4 déc. 2007 à 22:31
thomasdeb,
de rien,
je regarderais le rapport demain
bonne fin de soirée ;-)
@+
de rien,
je regarderais le rapport demain
bonne fin de soirée ;-)
@+
Bonsoir g!rly,
J'ai fait tout ce que tu m'as demandé et j'ai fait l'analyse Antivir. Je suis désolé pour le retard mais l'analyse a pris beaucoup de temps. Je te met le rapport Antivir comme demandé :
AntiVir PersonalEdition Classic
Report file date: mercredi 5 décembre 2007 19:40
Scanning for 960575 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC170492831317
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 7/09/2007 10:48:42
AVSCAN.DLL : 7.0.6.0 49192 Bytes 7/09/2007 10:48:42
LUKE.DLL : 7.0.5.3 147496 Bytes 7/09/2007 10:48:43
LUKERES.DLL : 7.0.6.1 10280 Bytes 7/09/2007 10:48:43
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:41:37
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 16:41:52
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 19:31:48
ANTIVIR3.VDF : 7.0.1.44 70144 Bytes 4/12/2007 19:28:19
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 7/11/2007 18:06:48
AVWINLL.DLL : 1.0.0.7 14376 Bytes 21/04/2007 19:47:13
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/09/2007 10:48:42
AVREP.DLL : 7.0.0.1 155688 Bytes 21/04/2007 19:47:16
AVPACK32.DLL : 7.3.0.15 360488 Bytes 4/08/2007 09:46:39
AVREG.DLL : 7.0.1.6 30760 Bytes 7/09/2007 10:48:42
AVARKT.DLL : 1.0.0.20 278568 Bytes 7/09/2007 10:48:40
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/09/2007 10:48:42
NETNT.DLL : 7.0.0.0 7720 Bytes 21/04/2007 19:47:15
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/09/2007 10:48:32
RCTEXT.DLL : 7.0.62.0 86056 Bytes 7/09/2007 10:48:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/09/2007 10:48:43
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: mercredi 5 décembre 2007 19:40
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\catchme2007-12-04_210640.71.zip
[0] Archive type: ZIP
--> geedc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\geedc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP251\A0143544.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was deleted!
C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP254\A0143621.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: mercredi 5 décembre 2007 22:20
Used time: 2:40:13 min
The scan has been done completely.
14775 Scanning directories
747423 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
747419 Files not concerned
9864 Archives were scanned
2 Warnings
31 Notes
Je ne sais pas si je dois encore faire quelque chose ou pas. Un grand merci en tout cas...
A+++
J'ai fait tout ce que tu m'as demandé et j'ai fait l'analyse Antivir. Je suis désolé pour le retard mais l'analyse a pris beaucoup de temps. Je te met le rapport Antivir comme demandé :
AntiVir PersonalEdition Classic
Report file date: mercredi 5 décembre 2007 19:40
Scanning for 960575 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC170492831317
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 7/09/2007 10:48:42
AVSCAN.DLL : 7.0.6.0 49192 Bytes 7/09/2007 10:48:42
LUKE.DLL : 7.0.5.3 147496 Bytes 7/09/2007 10:48:43
LUKERES.DLL : 7.0.6.1 10280 Bytes 7/09/2007 10:48:43
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:41:37
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 16:41:52
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 19:31:48
ANTIVIR3.VDF : 7.0.1.44 70144 Bytes 4/12/2007 19:28:19
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 7/11/2007 18:06:48
AVWINLL.DLL : 1.0.0.7 14376 Bytes 21/04/2007 19:47:13
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/09/2007 10:48:42
AVREP.DLL : 7.0.0.1 155688 Bytes 21/04/2007 19:47:16
AVPACK32.DLL : 7.3.0.15 360488 Bytes 4/08/2007 09:46:39
AVREG.DLL : 7.0.1.6 30760 Bytes 7/09/2007 10:48:42
AVARKT.DLL : 1.0.0.20 278568 Bytes 7/09/2007 10:48:40
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/09/2007 10:48:42
NETNT.DLL : 7.0.0.0 7720 Bytes 21/04/2007 19:47:15
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/09/2007 10:48:32
RCTEXT.DLL : 7.0.62.0 86056 Bytes 7/09/2007 10:48:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/09/2007 10:48:43
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: mercredi 5 décembre 2007 19:40
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\catchme2007-12-04_210640.71.zip
[0] Archive type: ZIP
--> geedc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\geedc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP251\A0143544.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was deleted!
C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP254\A0143621.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: mercredi 5 décembre 2007 22:20
Used time: 2:40:13 min
The scan has been done completely.
14775 Scanning directories
747423 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
747419 Files not concerned
9864 Archives were scanned
2 Warnings
31 Notes
Je ne sais pas si je dois encore faire quelque chose ou pas. Un grand merci en tout cas...
A+++
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
5 déc. 2007 à 22:35
5 déc. 2007 à 22:35
salut thomas
fais ceci :
Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.
et tu peux supprimer tous les outils que nous avons utilisé
dis moi quoi
@+
fais ceci :
Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.
et tu peux supprimer tous les outils que nous avons utilisé
dis moi quoi
@+
Voilà j'ai fait tout cela. Je ne dois pas créer un nouveau point de restauration ? Et dans mon lecteur C, j'ai un dossier qui s'est crée quand j'ai installé Combofix je pense qui s'appelle Qoobox, avec notamment à l'intérieur le fichier CFScript, je le supprime aussi ?
Je n'ai plus eu d'alertes de virus. Merci!
Je n'ai plus eu d'alertes de virus. Merci!
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
5 déc. 2007 à 23:21
5 déc. 2007 à 23:21
re,
bah en faite la manip que je t´ai ecrit sur le point de restauration cré un nouveau point propre
oui supprime le fichier qoobox
de rien ;-)
@+
bah en faite la manip que je t´ai ecrit sur le point de restauration cré un nouveau point propre
oui supprime le fichier qoobox
de rien ;-)
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
5 déc. 2007 à 23:26
5 déc. 2007 à 23:26
ok
bonne soirée ;-)
bonne continuation
bye`
bonne soirée ;-)
bonne continuation
bye`
