Sujet Précédent Sujet Suivant

Virus kavo.exe

Résolu/Fermé
hamza_bba - 19 janv. 2008 à 10:47
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 13 mai 2008 à 23:38
Bonjour,

peut quelq'un vous me donner des information de virus kavo.exe

merci

13 réponses

Réponse 1 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 avril 2008 à 17:21
ah ok
tres bien
bonne journée egalement
;-)
1
Réponse 2 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
19 janv. 2008 à 12:04
salut,
fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

ps : fais combofix avant hijack this et post les rapports

@+
0
Réponse 3 / 13
kava
18 févr. 2008 à 13:03
Il y deux différents type de ce virus
L'autre créer une fichier XAdeIect.com sur toutes les partitions et l'autre un fichier autode1ect.com
Tous deux créer une fichier kavo.exe, kavo.dll et kavo1.dll dans le dossier <System>

Tous créer un lien dans le registre :
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
kava
qui pointe vers le fichiers <System>\kavo.exe

Plus d'info :

https://www.symantec.com?uid=db46c476-af5d-4746-8288-a4b720511d0f
https://www.symantec.com?uid=410331b1-0407-441f-8645-065037ee0647

ou plus simple + patch
http://www.net-studio.org/application/autorun-g.php
0
Réponse 4 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
22 févr. 2008 à 05:34
Pas de réponse...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
phige
23 févr. 2008 à 17:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27, on 2008-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [RIP PopUp] C:\Program Files\RIP PopUp\nopopup.exe /startup
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CDF6C05-EA29-4A68-B702-9463B069854E}: NameServer = 196.3.81.5,196.3.81.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CDF6C05-EA29-4A68-B702-9463B069854E}: NameServer = 196.3.81.5,196.3.81.132
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CDF6C05-EA29-4A68-B702-9463B069854E}: NameServer = 196.3.81.5,196.3.81.132
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 6 / 13
phige
23 févr. 2008 à 18:05
ComboFix 08-02-23 - PG 2008-02-24 11:20:19.2 - NTFSx86
Endroit: C:\Documents and Settings\PG\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kavo.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
.

2008-02-22 18:03 . 2008-02-22 18:03 <REP> d-------- C:\Program Files\Trend Micro
2008-02-18 15:33 . 2008-01-31 15:00 113,906 -r-hs---- C:\p3r1ud.exe
2008-01-24 14:26 . 2005-08-17 12:02 93,904 -ra------ C:\WINDOWS\system32\drivers\cmo_mdm.sys
2008-01-24 14:26 . 2005-08-17 12:04 73,696 -ra------ C:\WINDOWS\system32\drivers\cmo_serd.sys
2008-01-24 14:26 . 2005-08-17 11:59 58,352 -ra------ C:\WINDOWS\system32\drivers\cmo_bus.sys
2008-01-24 14:26 . 2005-08-17 12:02 8,304 -ra------ C:\WINDOWS\system32\drivers\cmo_mdfl.sys
2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cmnt.sys
2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cm.sys
2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_whnt.sys
2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_wh.sys
2008-01-24 14:20 . 2008-01-24 14:21 <REP> d-------- C:\Program Files\Interjet
2008-01-24 14:20 . 2006-03-09 16:40 196,608 -r------- C:\WINDOWS\PINSTALLPROCESS.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 15:23 --------- d-----w C:\Documents and Settings\PG\Application Data\Skype
2008-02-24 14:40 9,280 ----a-w C:\Documents and Settings\PG\Application Data\wklnhst.dat
2008-02-24 14:28 15,249,147 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-23 22:21 4,631,552 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-02-23 22:21 218,112 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2008-02-22 18:15 3,378,176 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-02-22 18:14 4,584,448 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-02-21 14:57 --------- d-----w C:\Program Files\Comptes Bancaires 5.6
2008-02-19 18:09 --------- d-----w C:\Documents and Settings\PG\Application Data\UseNeXT
2008-02-19 17:13 4,578,304 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2008-02-19 17:13 151,040 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-02-18 18:13 96,256 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-02-18 18:13 4,574,208 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-02-15 22:58 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-02-14 21:35 206,336 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-02-11 22:48 4,564,480 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2008-02-11 22:48 192,512 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-02-11 00:49 492,544 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-02-07 00:29 4,540,928 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-02-07 00:29 313,856 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-02-04 20:14 307,712 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-01-30 22:26 4,530,176 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-01-30 22:26 111,104 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-01-30 08:33 337,408 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-01-27 17:33 470,528 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-01-27 17:33 4,434,944 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-01-26 16:52 24,043,954 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_45_05_full.dmp.zip
2008-01-26 16:32 17,604,376 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_21_26_full.dmp.zip
2008-01-26 16:32 128,440 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_26_12_20_42_small.dmp.zip
2008-01-24 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 21:22 1,181,696 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-01-21 21:21 4,414,464 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-01-07 17:37 249,344 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2007-12-31 23:09 4,402,688 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2007-12-31 23:09 336,384 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2007-12-23 17:26 942,592 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2007-12-13 23:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-13 23:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-10 22:28 166,912 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2007-12-07 17:58 457,728 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2007-12-04 17:58 1,286,144 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-12 16:35 214,528 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
2007-11-08 20:56 498,176 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2007-10-26 21:47 745,984 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2007-10-26 21:47 4,317,696 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2007-10-22 23:25 517,632 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2007-10-21 23:24 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2007-10-21 23:24 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2007-10-20 00:12 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2007-10-20 00:12 111,616 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2007-10-19 03:18 4,302,336 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2007-10-19 03:18 288,768 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2007-10-17 21:42 548,352 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2007-10-17 21:42 4,298,752 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2007-10-16 02:26 401,920 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2007-10-16 02:26 4,297,216 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2007-10-11 21:56 679,424 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2007-10-11 21:56 4,294,144 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2007-10-10 00:56 454,656 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2007-10-10 00:56 4,291,584 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2007-10-09 00:26 1,852,416 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2007-10-02 02:50 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2007-10-01 02:38 567,296 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2007-10-01 02:38 4,273,664 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2007-09-27 02:40 633,856 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2007-09-27 02:40 4,271,104 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2007-09-20 23:16 4,265,984 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2007-09-20 23:16 1,333,760 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2007-09-18 02:01 4,252,672 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2007-09-18 02:01 3,019,776 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2007-08-21 00:44 4,149,760 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2007-08-21 00:44 1,972,224 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2007-08-14 00:36 4,012,032 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2007-08-14 00:36 333,824 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2007-08-13 02:43 315,904 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2007-08-12 04:02 433,664 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2007-08-11 03:08 4,009,472 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2007-08-11 03:08 1,306,624 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2007-08-06 02:25 400,384 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2007-08-06 02:25 3,996,672 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2007-08-04 03:45 3,994,624 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2007-08-04 03:45 1,348,608 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2007-07-30 01:04 3,971,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2007-07-30 01:04 3,517,440 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2007-07-15 22:08 22,150,944 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_14_16_54_03_full.dmp.zip
2007-05-15 21:07 3,174,400 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2007-04-14 15:14 4,004,864 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2007-03-31 08:32 3,308,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-03-31 08:31 3,689,472 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2007-03-25 06:24 3,662,848 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2007-03-25 06:24 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-03-24 07:08 3,662,336 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-03-24 07:08 2,791,936 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-03-20 02:03 1,923,072 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-03-19 05:15 3,651,072 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-03-19 05:15 1,178,112 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-03-18 14:46 2,822,144 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-03-13 00:20 3,614,208 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 18:03 683520]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 05:10 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-05-25 07:07 188459]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 11:46 192512]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 05:56 1077327]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-05 12:16 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 09:37 88363 C:\WINDOWS\agrsmmsg.exe]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 16:48 675840]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 16:06 53248]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 16:24 24576]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 13:07 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 10:59 65536]
"Zooming"="ZoomingHook.exe" [2004-07-14 11:07 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 09:43 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 05:28 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 05:49 118784]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 12:57 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-13 20:05 122939]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
"TFncKy"="TFncKy.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-04 08:38 180269]
"CFSServ.exe"="CFSServ.exe" []
"eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 03:49 188416]
"RIP PopUp"="C:\Program Files\RIP PopUp\nopopup.exe" [ ]
"CmUsbAudio"="cmcnfg2.cpl" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 00:42 176128]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"srePostpone"="c:\windows\system32\zonelabs\srescan.dll" [2008-01-28 12:28 1504736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-13 22:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:20:56 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 10:05]
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-25 14:08]
S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-08-17 11:59]
S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-08-17 12:02]
S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-08-17 12:02]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\cmo_serd.sys [2005-08-17 12:04]
S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys [2004-06-16 04:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e41bd128-db42-11dc-beb0-000fb084009f}]
\Shell\AutoRun\command - E:\p3r1ud.exe
\Shell\explore\Command - E:\p3r1ud.exe
\Shell\open\Command - E:\p3r1ud.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-03-18 08:54:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 11:23:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-24 11:25:03
ComboFix-quarantined-files.txt 2008-02-24 15:24:47
ComboFix2.txComboFix 08-02-23 - PG 2008-02-22 18:16:02.1 - NTFSx86
Endroit: C:\Documents and Settings\PG\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\packet.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
.

2008-02-22 18:03 . 2008-02-22 18:03 <REP> d-------- C:\Program Files\Trend Micro
2008-02-18 15:33 . 2008-01-31 15:00 113,906 -r-hs---- C:\p3r1ud.exe
2008-01-24 14:26 . 2005-08-17 12:02 93,904 -ra------ C:\WINDOWS\system32\drivers\cmo_mdm.sys
2008-01-24 14:26 . 2005-08-17 12:04 73,696 -ra------ C:\WINDOWS\system32\drivers\cmo_serd.sys
2008-01-24 14:26 . 2005-08-17 11:59 58,352 -ra------ C:\WINDOWS\system32\drivers\cmo_bus.sys
2008-01-24 14:26 . 2005-08-17 12:02 8,304 -ra------ C:\WINDOWS\system32\drivers\cmo_mdfl.sys
2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cmnt.sys
2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cm.sys
2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_whnt.sys
2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_wh.sys
2008-01-24 14:20 . 2008-01-24 14:21 <REP> d-------- C:\Program Files\Interjet
2008-01-24 14:20 . 2006-03-09 16:40 196,608 -r------- C:\WINDOWS\PINSTALLPROCESS.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 22:21 4,631,552 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-02-23 22:21 218,112 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2008-02-23 22:16 --------- d-----w C:\Documents and Settings\PG\Application Data\Skype
2008-02-22 18:15 3,378,176 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-02-22 18:14 4,584,448 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-02-21 14:57 --------- d-----w C:\Program Files\Comptes Bancaires 5.6
2008-02-19 18:09 --------- d-----w C:\Documents and Settings\PG\Application Data\UseNeXT
2008-02-19 17:13 4,578,304 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2008-02-19 17:13 151,040 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-02-18 18:13 96,256 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-02-18 18:13 4,574,208 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-02-15 22:58 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-02-14 21:35 206,336 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-02-11 22:48 4,564,480 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2008-02-11 22:48 192,512 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-02-11 00:49 492,544 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-02-07 00:29 4,540,928 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-02-07 00:29 313,856 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-02-04 20:14 307,712 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-02-02 19:00 9,170 ----a-w C:\Documents and Settings\PG\Application Data\wklnhst.dat
2008-01-30 22:26 4,530,176 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-01-30 22:26 111,104 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-01-30 08:33 337,408 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-01-27 17:33 470,528 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-01-27 17:33 4,434,944 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-01-26 16:52 24,043,954 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_45_05_full.dmp.zip
2008-01-26 16:32 17,604,376 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_21_26_full.dmp.zip
2008-01-26 16:32 128,440 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_26_12_20_42_small.dmp.zip
2008-01-24 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 21:22 1,181,696 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-01-21 21:21 4,414,464 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-01-15 14:33 13,509,181 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-07 17:37 249,344 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2007-12-31 23:09 4,402,688 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2007-12-31 23:09 336,384 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2007-12-23 17:26 942,592 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2007-12-13 23:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-13 23:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-10 22:28 166,912 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2007-12-07 17:58 457,728 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2007-12-04 17:58 1,286,144 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-12 16:35 214,528 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
2007-11-08 20:56 498,176 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2007-10-26 21:47 745,984 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2007-10-26 21:47 4,317,696 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2007-10-22 23:25 517,632 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2007-10-21 23:24 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2007-10-21 23:24 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2007-10-20 00:12 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2007-10-20 00:12 111,616 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2007-10-19 03:18 4,302,336 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2007-10-19 03:18 288,768 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2007-10-17 21:42 548,352 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2007-10-17 21:42 4,298,752 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2007-10-16 02:26 401,920 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2007-10-16 02:26 4,297,216 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2007-10-11 21:56 679,424 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2007-10-11 21:56 4,294,144 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2007-10-10 00:56 454,656 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2007-10-10 00:56 4,291,584 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2007-10-09 00:26 1,852,416 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2007-10-02 02:50 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2007-10-01 02:38 567,296 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2007-10-01 02:38 4,273,664 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2007-09-27 02:40 633,856 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2007-09-27 02:40 4,271,104 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2007-09-20 23:16 4,265,984 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2007-09-20 23:16 1,333,760 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2007-09-18 02:01 4,252,672 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2007-09-18 02:01 3,019,776 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2007-08-21 00:44 4,149,760 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2007-08-21 00:44 1,972,224 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2007-08-14 00:36 4,012,032 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2007-08-14 00:36 333,824 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2007-08-13 02:43 315,904 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2007-08-12 04:02 433,664 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2007-08-11 03:08 4,009,472 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2007-08-11 03:08 1,306,624 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2007-08-06 02:25 400,384 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2007-08-06 02:25 3,996,672 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2007-08-04 03:45 3,994,624 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2007-08-04 03:45 1,348,608 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2007-07-30 01:04 3,971,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2007-07-30 01:04 3,517,440 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2007-07-15 22:08 22,150,944 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_14_16_54_03_full.dmp.zip
2007-05-15 21:07 3,174,400 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2007-04-14 15:14 4,004,864 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2007-03-31 08:32 3,308,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-03-31 08:31 3,689,472 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2007-03-25 06:24 3,662,848 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2007-03-25 06:24 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-03-24 07:08 3,662,336 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-03-24 07:08 2,791,936 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-03-20 02:03 1,923,072 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-03-19 05:15 3,651,072 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-03-19 05:15 1,178,112 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-03-18 14:46 2,822,144 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-03-13 00:20 3,614,208 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 18:03 683520]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 05:10 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-05-25 07:07 188459]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 11:46 192512]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 05:56 1077327]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-05 12:16 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 09:37 88363 C:\WINDOWS\agrsmmsg.exe]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 16:48 675840]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 16:06 53248]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 16:24 24576]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 13:07 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 10:59 65536]
"Zooming"="ZoomingHook.exe" [2004-07-14 11:07 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 09:43 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 05:28 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 05:49 118784]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 12:57 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-13 20:05 122939]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
"TFncKy"="TFncKy.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-04 08:38 180269]
"CFSServ.exe"="CFSServ.exe" []
"eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 03:49 188416]
"RIP PopUp"="C:\Program Files\RIP PopUp\nopopup.exe" [ ]
"CmUsbAudio"="cmcnfg2.cpl" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 00:42 176128]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 10:05]
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-25 14:08]
S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-08-17 11:59]
S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-08-17 12:02]
S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-08-17 12:02]
S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\cmo_serd.sys [2005-08-17 12:04]
S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys [2004-06-16 04:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f166cfe-a59f-11dc-be5d-000fb084009f}]
\Shell\AutoRun\command - E:\p3r1ud.exe
\Shell\explore\Command - E:\p3r1ud.exe
\Shell\open\Command - E:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e41bd128-db42-11dc-beb0-000fb084009f}]
\Shell\AutoRun\command - E:\p3r1ud.exe
\Shell\explore\Command - E:\p3r1ud.exe
\Shell\open\Command - E:\p3r1ud.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2005-03-18 08:54:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 18:26:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-23 18:31:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 22:30:59
t 2008-02-23 22:31:23
0
Réponse 7 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 févr. 2008 à 21:16
Salut phige,

# Télécharge RavAntivirus d'Evosla > http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

@+
0
Réponse 8 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 févr. 2008 à 21:17
--

Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil
0
hamza_bba
10 avril 2008 à 17:02
salut g!rly

je suis vraiment désolé pour que j'ai pas tu répondre en tous cas merci bcp pour vous aide

cordialement
0
Réponse 9 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 avril 2008 à 17:09
y a pas de mal phige n´as pas repondu non plus...

hamza_bba

on reprends si tu veux :

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+
0
Réponse 10 / 13
hamza_bba
10 avril 2008 à 17:18
salut

merci bcp bcp j'ai déjâ régler le problème

bonne journée
0
Réponse 11 / 13
colon47
10 mai 2008 à 16:15
Rapport combofix :
ComboFix 08-05-09.1 - Escudié 2008-05-10 14:36:28.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.723 [GMT 2:00]
Endroit: C:\Documents and Settings\Escudié\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Jean-louis\Local Settings\Temporary Internet Files\temp.dmf
C:\Documents and Settings\maman\Local Settings\Temporary Internet Files\temp.dmf
C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SMANTE~1
C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SSTEM3~1
C:\WINDOWS.0\Downloaded Program Files\setup.inf
C:\WINDOWS.0\system32\auto.exe
C:\WINDOWS.0\system32\kavo.exe
C:\WINDOWS.0\system32\kavo0.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
.

2008-05-10 13:07 . 2008-05-10 13:07 <REP> d--hs---- C:\FOUND.014
2008-05-10 11:14 . 2008-05-10 09:55 118,914 -r-hs---- C:\uqb0julr.bat
2008-05-09 12:26 . 2008-05-09 12:25 117,386 -r-hs---- C:\ka1nk.bat
2008-05-08 19:32 . 2008-05-08 19:32 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
2008-05-08 19:32 . 2008-05-08 19:32 1,409 --a------ C:\WINDOWS.0\QTFont.for
2008-05-08 09:00 . 2008-05-08 09:00 <REP> d--hs---- C:\FOUND.013
2008-05-08 08:01 . 2008-05-08 08:00 119,068 -r-hs---- C:\qjatw9aj.exe
2008-05-07 19:14 . 2008-05-07 19:15 <REP> d-------- C:\Program Files\SceneCaster
2008-05-07 17:48 . 2008-05-07 17:48 <REP> d-------- C:\Program Files\Microids
2008-05-05 18:57 . 2008-05-05 18:57 <REP> d--hs---- C:\FOUND.012
2008-05-04 10:16 . 2008-05-07 13:07 119,007 -r-hs---- C:\qpe6.com
2008-05-03 09:49 . 2008-05-03 09:49 <REP> d--hs---- C:\FOUND.011
2008-05-02 18:39 . 2008-05-03 22:33 119,274 -r-hs---- C:\x.bat
2008-05-02 09:21 . 2008-05-02 09:20 119,181 -r-hs---- C:\imt8.cmd
2008-04-30 10:48 . 2008-04-30 10:48 <REP> d--hs---- C:\FOUND.010
2008-04-30 00:36 . 2008-04-30 00:36 118,845 -r-hs---- C:\930jn.bat
2008-04-26 11:33 . 2008-04-28 18:41 118,688 -r-hs---- C:\mka.bat
2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\TransRender
2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\Temporary
2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\ConvertTemp
2008-04-25 10:10 . 2008-04-25 23:37 117,357 -r-hs---- C:\8386nac.com
2008-04-22 10:40 . 2008-04-23 10:37 117,594 -r-hs---- C:\1.bat
2008-04-20 12:06 . 2008-04-20 12:06 115,878 -r-hs---- C:\h8i.com
2008-04-20 12:05 . 2008-04-10 12:35 117,020 -r-hs---- C:\co.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 10:09 1,664 ----a-w C:\Documents and Settings\FaShIOn VIcTIm\Application Data\wklnhst.dat
2008-04-16 16:48 458 ----a-w C:\Documents and Settings\IgloO\Application Data\wklnhst.dat
2008-03-30 14:46 --------- d-----w C:\Program Files\Alwil Software
2008-03-30 14:34 81,984 ----a-w C:\WINDOWS.0\system32\bdod.bin
2008-03-28 19:22 --------- d-----w C:\Documents and Settings\IgloO\Application Data\Samsung
2008-03-28 18:59 --------- d-----w C:\Program Files\Samsung
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-03-16 10:10 --------- d-----w C:\Program Files\Windows Media Components
2008-03-16 10:09 --------- d-----w C:\Program Files\NRJ
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS.0\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS.0\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS.0\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS.0\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS.0\system32\dllcache\dnsapi.dll
2008-02-20 04:45 691,545 ----a-w C:\WINDOWS.0\unins000.exe
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2007-12-31 10:20 5,650 ----a-w C:\Documents and Settings\Escudié\Application Data\wklnhst.dat
2006-03-14 16:05 578 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-20 17:39 185632]
"LXSUPMON"="C:\WINDOWS.0\system32\LXSUPMON.exe" [2002-08-15 03:56 886272]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\FaShIOn VIcTIm\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll
"VIDC.XJPG"= camfc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk
backup=C:\WINDOWS.0\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS.0\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS.0\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS.0\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS.0\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
backup=C:\WINDOWS.0\pss\Supervision de Photo Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS.0\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS.0\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-04-04 15:13 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-17 19:15 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS.0\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssentialPIM]
C:\Program Files\EssentialPIM\EssentialPIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 10:29 40960 C:\WINDOWS.0\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2006-05-05 12:19 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS.0\system32\kavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-08-24 23:20 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-07-19 10:17 135168 C:\PROGRA~1\MUSICM~2\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2002-07-30 17:50 372736 C:\WINDOWS.0\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2006-05-05 12:18 36864 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-01-23 11:19 223232 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
--a------ 2006-05-05 12:36 98304 C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-11 20:41 25343016 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 05:17 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-08 19:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]
--a------ 2004-10-21 14:40 1381376 C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS.0\\System32\\LEXPPS.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS.0\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
R3 XIRLINK;Veo PC Camera;C:\WINDOWS.0\system32\DRIVERS\ucdnt.sys [2002-03-12 21:50]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-12 16:50]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS.0\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS.0\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS.0\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c195703c-eb88-11db-94fa-0007cb0000ff}]
\Shell\AutoRun\command - F:\930jn.bat
\Shell\explore\Command - F:\930jn.bat
\Shell\open\Command - F:\930jn.bat

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-22 16:31:10 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 09:04:02 C:\WINDOWS.0\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-09 12:30:10 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{6A75B4D0-CF75-4276-837C-E4D8715CC9B3}.job"
- C:\WINDOWS.0\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 14:40:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-10 14:40:51
ComboFix-quarantined-files.txt 2008-05-10 12:40:50

Pre-Run: 22,150,922,240 octets libres
Post-Run: 25,078,464,512 octets libres

227 --- E O F --- 2008-04-08 19:35




rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:47, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\LEXBCES.EXE
C:\WINDOWS.0\system32\LEXPPS.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS.0\system32\LXSUPMON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\System32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\cidaemon.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Escudié\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS.0\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.0\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 12 / 13
colon47
10 mai 2008 à 16:15
Rapport combofix :
ComboFix 08-05-09.1 - Escudié 2008-05-10 14:36:28.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.723 [GMT 2:00]
Endroit: C:\Documents and Settings\Escudié\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Jean-louis\Local Settings\Temporary Internet Files\temp.dmf
C:\Documents and Settings\maman\Local Settings\Temporary Internet Files\temp.dmf
C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SMANTE~1
C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SSTEM3~1
C:\WINDOWS.0\Downloaded Program Files\setup.inf
C:\WINDOWS.0\system32\auto.exe
C:\WINDOWS.0\system32\kavo.exe
C:\WINDOWS.0\system32\kavo0.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
.

2008-05-10 13:07 . 2008-05-10 13:07 <REP> d--hs---- C:\FOUND.014
2008-05-10 11:14 . 2008-05-10 09:55 118,914 -r-hs---- C:\uqb0julr.bat
2008-05-09 12:26 . 2008-05-09 12:25 117,386 -r-hs---- C:\ka1nk.bat
2008-05-08 19:32 . 2008-05-08 19:32 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
2008-05-08 19:32 . 2008-05-08 19:32 1,409 --a------ C:\WINDOWS.0\QTFont.for
2008-05-08 09:00 . 2008-05-08 09:00 <REP> d--hs---- C:\FOUND.013
2008-05-08 08:01 . 2008-05-08 08:00 119,068 -r-hs---- C:\qjatw9aj.exe
2008-05-07 19:14 . 2008-05-07 19:15 <REP> d-------- C:\Program Files\SceneCaster
2008-05-07 17:48 . 2008-05-07 17:48 <REP> d-------- C:\Program Files\Microids
2008-05-05 18:57 . 2008-05-05 18:57 <REP> d--hs---- C:\FOUND.012
2008-05-04 10:16 . 2008-05-07 13:07 119,007 -r-hs---- C:\qpe6.com
2008-05-03 09:49 . 2008-05-03 09:49 <REP> d--hs---- C:\FOUND.011
2008-05-02 18:39 . 2008-05-03 22:33 119,274 -r-hs---- C:\x.bat
2008-05-02 09:21 . 2008-05-02 09:20 119,181 -r-hs---- C:\imt8.cmd
2008-04-30 10:48 . 2008-04-30 10:48 <REP> d--hs---- C:\FOUND.010
2008-04-30 00:36 . 2008-04-30 00:36 118,845 -r-hs---- C:\930jn.bat
2008-04-26 11:33 . 2008-04-28 18:41 118,688 -r-hs---- C:\mka.bat
2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\TransRender
2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\Temporary
2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\ConvertTemp
2008-04-25 10:10 . 2008-04-25 23:37 117,357 -r-hs---- C:\8386nac.com
2008-04-22 10:40 . 2008-04-23 10:37 117,594 -r-hs---- C:\1.bat
2008-04-20 12:06 . 2008-04-20 12:06 115,878 -r-hs---- C:\h8i.com
2008-04-20 12:05 . 2008-04-10 12:35 117,020 -r-hs---- C:\co.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 10:09 1,664 ----a-w C:\Documents and Settings\FaShIOn VIcTIm\Application Data\wklnhst.dat
2008-04-16 16:48 458 ----a-w C:\Documents and Settings\IgloO\Application Data\wklnhst.dat
2008-03-30 14:46 --------- d-----w C:\Program Files\Alwil Software
2008-03-30 14:34 81,984 ----a-w C:\WINDOWS.0\system32\bdod.bin
2008-03-28 19:22 --------- d-----w C:\Documents and Settings\IgloO\Application Data\Samsung
2008-03-28 18:59 --------- d-----w C:\Program Files\Samsung
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS.0\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
2008-03-16 10:10 --------- d-----w C:\Program Files\Windows Media Components
2008-03-16 10:09 --------- d-----w C:\Program Files\NRJ
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS.0\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS.0\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS.0\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS.0\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS.0\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS.0\system32\dllcache\dnsapi.dll
2008-02-20 04:45 691,545 ----a-w C:\WINDOWS.0\unins000.exe
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS.0\system32\dllcache\ieakui.dll
2007-12-31 10:20 5,650 ----a-w C:\Documents and Settings\Escudié\Application Data\wklnhst.dat
2006-03-14 16:05 578 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-20 17:39 185632]
"LXSUPMON"="C:\WINDOWS.0\system32\LXSUPMON.exe" [2002-08-15 03:56 886272]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\FaShIOn VIcTIm\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll
"VIDC.XJPG"= camfc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk
backup=C:\WINDOWS.0\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS.0\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS.0\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS.0\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS.0\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
backup=C:\WINDOWS.0\pss\Supervision de Photo Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS.0\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS.0\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-04-04 15:13 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-17 19:15 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS.0\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssentialPIM]
C:\Program Files\EssentialPIM\EssentialPIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 10:29 40960 C:\WINDOWS.0\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2006-05-05 12:19 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS.0\system32\kavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-08-24 23:20 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-07-19 10:17 135168 C:\PROGRA~1\MUSICM~2\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2002-07-30 17:50 372736 C:\WINDOWS.0\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2006-05-05 12:18 36864 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-01-23 11:19 223232 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
--a------ 2006-05-05 12:36 98304 C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-11 20:41 25343016 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 05:17 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-08 19:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]
--a------ 2004-10-21 14:40 1381376 C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS.0\\System32\\LEXPPS.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS.0\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
R3 XIRLINK;Veo PC Camera;C:\WINDOWS.0\system32\DRIVERS\ucdnt.sys [2002-03-12 21:50]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-12 16:50]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS.0\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS.0\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS.0\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c195703c-eb88-11db-94fa-0007cb0000ff}]
\Shell\AutoRun\command - F:\930jn.bat
\Shell\explore\Command - F:\930jn.bat
\Shell\open\Command - F:\930jn.bat

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-22 16:31:10 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 09:04:02 C:\WINDOWS.0\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-09 12:30:10 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{6A75B4D0-CF75-4276-837C-E4D8715CC9B3}.job"
- C:\WINDOWS.0\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 14:40:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-10 14:40:51
ComboFix-quarantined-files.txt 2008-05-10 12:40:50

Pre-Run: 22,150,922,240 octets libres
Post-Run: 25,078,464,512 octets libres

227 --- E O F --- 2008-04-08 19:35




rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:47, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\LEXBCES.EXE
C:\WINDOWS.0\system32\LEXPPS.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS.0\system32\LXSUPMON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\System32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\cidaemon.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Escudié\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS.0\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.0\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 13 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
13 mai 2008 à 23:38
--

Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses