Sujet Précédent Sujet Suivant

Suis je infecté?aidez moi please

Résolu/Fermé
jayscream - 30 janv. 2008 à 15:07
jayscream Messages postés 4 Date d'inscription mercredi 30 janvier 2008 Statut Membre Dernière intervention 10 mars 2008 - 10 mars 2008 à 00:16
Bonjour,

je suis novice et ce matin sont apparues deux icones,windows update et helper center qui me paraissent pas tres catholiques..j'ai fait un hijack,voici le rapport,pouvez vous m aider?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:37, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOW\system32\spoolsv.exe
C:\WINDOW\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOW\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOW\Explorer.EXE
C:\Program Files\OO Software\CleverCache\OOCCCTRL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOW\mrofinu1044.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\FreeRAM XP Pro.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOW\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://windowsxlive.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOW\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Program Files\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOW\mrofinu1044.exe 61A847B5BBF72813329F3C466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [ac567f4c] rundll32.exe "C:\WINDOW\system32\lhoyutwo.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOW\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{985F424B-E648-46F2-B60C-67296115AF18}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOW\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

3 réponses

Réponse 1 / 3
alfredo35
30 janv. 2008 à 15:10
C'est très clair !!!
Faut reformater le disque dur
0
Réponse 2 / 3
jayscream Messages postés 4 Date d'inscription mercredi 30 janvier 2008 Statut Membre Dernière intervention 10 mars 2008
30 janv. 2008 à 15:16
merci...si je puis dire..et infecté par quoi?
0
Réponse 3 / 3
jayscream Messages postés 4 Date d'inscription mercredi 30 janvier 2008 Statut Membre Dernière intervention 10 mars 2008
10 mars 2008 à 00:16
rebonjour a tous,j'ai un truc qui a remplacé mon bureau,spywares detected...j'ai fait un combofix en mode sans echec et voila le rapport,je me met a genoux pour demander votre aide!merci

ComboFix 08-03-09.1 - Jayscream 2008-03-09 23:56:13.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.811 [GMT 1:00]
Endroit: C:\Documents and Settings\Jayscream\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOW\180ax.exe
C:\WINDOW\2020search.dll
C:\WINDOW\2020search2.dll
C:\WINDOW\bjam.dll
C:\WINDOW\BMaf654cd0.xml
C:\WINDOW\bokja.exe
C:\WINDOW\cdsm32.dll
C:\WINDOW\default.htm
C:\WINDOW\mspphe.dll
C:\WINDOW\mssvr.exe
C:\WINDOW\pskt.ini
C:\WINDOW\saiemod.dll
C:\WINDOW\salm.exe
C:\WINDOW\stcloader.exe
C:\WINDOW\swin32.dll
C:\WINDOW\system32\bbmdglux.dll
C:\WINDOW\system32\bjiqjvnw.dll
C:\WINDOW\system32\ijllm.ini
C:\WINDOW\system32\ijllm.ini2
C:\WINDOW\system32\jgvmjjvq.dll
C:\WINDOW\system32\jxlygrto.dll
C:\WINDOW\system32\kuuwmnic.dll
C:\WINDOW\system32\ljjafwfw.dll
C:\WINDOW\system32\mcrh.tmp
C:\WINDOW\system32\mllji.dll
C:\WINDOW\system32\msixu.dll
C:\WINDOW\system32\mtsqooqp.dll
C:\WINDOW\system32\qbtoekvg.dll
C:\WINDOW\system32\qvjjmvgj.ini
C:\WINDOW\system32\vxkshsow.dll
C:\WINDOW\system32\wer8274.dll
C:\WINDOW\system32\wousurul.dll
C:\WINDOW\TEMP\salm.exe
C:\WINDOW\updatetc.exe
C:\WINDOW\voiceip.dll
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 00:02 . 2008-03-10 00:07 <REP> d-------- C:\Program Files\seekmo
2008-03-09 21:05 . 2008-03-09 21:05 <REP> d-------- C:\Program Files\zango
2008-03-09 21:05 . 2008-03-09 21:05 <REP> d-------- C:\Program Files\Sysmnt
2008-03-09 21:05 . 2008-03-09 21:05 <REP> d-------- C:\Program Files\stc
2008-03-09 21:05 . 2008-03-09 21:05 <REP> d-------- C:\Program Files\180solutions
2008-03-09 21:05 . 2008-03-09 21:05 <REP> d-------- C:\Program Files\180searchassistant
2008-03-09 21:05 . 2008-03-09 21:05 <REP> d-------- C:\Program Files\180search assistant
2008-03-09 20:50 . 2008-03-09 20:50 88,587 --a------ C:\WINDOW\system32\mgmrwmrv.exe
2008-03-09 20:50 . 2008-03-09 20:50 4 --a------ C:\WINDOW\system32\winfrun32.bin
2008-03-08 23:55 . 2008-03-08 23:55 <REP> d---s---- C:\Documents and Settings\LocalService.AUTORITE NT\Favoris
2008-03-08 22:57 . 2008-03-08 22:57 <REP> d-------- C:\Program Files\Veoh Networks
2008-03-08 22:56 . 2008-03-08 22:56 <REP> d-------- C:\WINDOW\Downloaded Installations
2008-03-08 20:24 . 2008-03-09 14:24 2,274 ---hs---- C:\WINDOW\system32\gisxbbfu.ini
2008-03-08 11:28 . 2001-06-18 09:41 282,624 --a------ C:\WINDOW\system32\ActiveSkin.ocx
2008-03-08 11:28 . 2001-01-10 12:23 162,304 --a------ C:\UNWISE.EXE
2008-03-08 11:28 . 2001-06-18 09:41 112 --a------ C:\WINDOW\ActiveSkin.INI
2008-03-07 20:20 . 2008-03-08 20:20 1,854 ---hs---- C:\WINDOW\system32\luhrdnti.ini
2008-02-25 21:59 . 2008-03-07 20:17 1,614 ---hs---- C:\WINDOW\system32\meoumlwv.ini
2008-02-24 21:59 . 2008-02-25 18:17 1,434 ---hs---- C:\WINDOW\system32\npuanpyg.ini
2008-02-23 21:57 . 2008-02-24 21:57 1,014 ---hs---- C:\WINDOW\system32\owlauugu.ini
2008-02-23 21:02 . 2004-05-14 16:53 462,848 --a------ C:\WINDOW\system32\ltkrn13n.dll
2008-02-23 21:02 . 2004-05-14 16:53 450,560 --a------ C:\WINDOW\system32\ltimg13n.dll
2008-02-23 21:02 . 2004-05-14 16:53 401,408 --a------ C:\WINDOW\system32\lfcmp13n.dll
2008-02-23 21:02 . 2004-05-14 16:53 299,008 --a------ C:\WINDOW\system32\ltdis13n.dll
2008-02-23 21:02 . 2004-01-12 02:09 206,336 --a------ C:\WINDOW\system32\ltefx13n.dll
2008-02-23 21:02 . 2004-05-14 16:53 163,840 --a------ C:\WINDOW\system32\ltfil13n.dll
2008-02-23 21:02 . 2003-11-04 15:10 69,632 --a------ C:\WINDOW\system32\lfgif13n.dll
2008-02-23 21:02 . 2004-05-14 16:53 57,344 --a------ C:\WINDOW\system32\lfbmp13n.dll
2008-02-22 21:56 . 2008-02-23 21:56 594 ---hs---- C:\WINDOW\system32\davcylbj.ini
2008-02-10 11:01 . 2008-02-10 11:01 1,099,839 --a------ C:\WINDOW\system32\TmpA5072984

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 20:05 9,728 ----a-w C:\WINDOW\audiosrv32.dll
2008-03-09 19:51 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\Azureus
2008-03-09 13:55 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\MiniLyrics
2008-03-09 11:31 --------- d-----w C:\Program Files\FrostWire
2008-03-09 11:26 --------- d-----w C:\Program Files\Winamp
2008-03-09 08:47 --------- d-----w C:\Program Files\The KMPlayer FR
2008-03-08 11:23 --------- d-----w C:\Program Files\a-squared Free
2008-03-07 21:29 --------- d-----w C:\Program Files\Recuva
2008-03-07 21:18 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\FrostWire
2008-03-07 20:38 --------- d-----w C:\Program Files\Azureus
2008-03-07 19:17 --------- d-----w C:\Program Files\RegistrySmart
2008-03-07 19:17 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\RegistrySmart
2008-02-25 19:27 --------- d-----w C:\Program Files\RayV
2008-02-10 22:39 163,712 ----a-w C:\WINDOW\system32\drivers\vidstub.sys
2008-02-10 21:41 --------- d-----w C:\Documents and Settings\All Users.WINDOW\Application Data\TrackMania United
2008-02-07 07:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 05:51 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-07 05:48 --------- d-----w C:\Program Files\IncrediMail
2008-02-07 05:07 --------- d-----w C:\Program Files\Astonsoft
2008-02-06 11:58 --------- d-----w C:\Program Files\Fichiers communs\NSV
2008-02-05 08:55 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\DeepBurner
2008-02-03 14:03 --------- d-----w C:\Program Files\Minilyrics
2008-02-03 09:03 --------- d-----w C:\Documents and Settings\All Users.WINDOW\Application Data\Avira
2008-02-03 08:38 --------- d-----w C:\Program Files\Panda Security
2008-01-31 14:29 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\Ableton
2008-01-31 12:15 --------- d-----w C:\Program Files\Parsec LAN-Test
2008-01-30 13:33 --------- d-----w C:\Program Files\Trend Micro
2008-01-30 12:17 --------- d-----w C:\Program Files\Alwil Software
2008-01-26 23:15 --------- d-----w C:\Documents and Settings\Jayscream\Application Data\Winamp
2008-01-19 18:53 --------- d-----w C:\Program Files\TrackMania United
2008-01-13 22:52 --------- d-----w C:\Program Files\OpenAL
2008-01-13 12:59 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-10 10:09 --------- d-----w C:\Program Files\Neuf
2007-12-15 00:09 71,341,279 ----a-w C:\WINDOW\HBO_VOYEUR.SCR
2007-12-09 17:20 65,908 ----a-w C:\WINDOW\BricoPackUninst.cmd
2007-12-09 17:20 6,018 ----a-w C:\WINDOW\BricoPackFoldersDelete.cmd
2007-11-23 18:44 169 ----a-w C:\Program Files\AveIcon.ini
2007-11-18 16:36 32 ----a-w C:\Documents and Settings\All Users.WINDOW\Application Data\ezsid.dat
2007-11-09 18:47 478 ----a-w C:\Program Files\Raccourci vers AbiSuite2.lnk
2006-03-22 23:13 1,591,808 ----a-w C:\Program Files\FreeRAM XP Pro.exe
.

------- Sigcheck -------

2007-08-22 13:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOW\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 06:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOW\$hf_mig$\KB942615\SP2QFE\wininet.dll
2006-06-23 13:28 581120 1f063bdbd1afef9ac0abd02384d40376 C:\WINDOW\$NtServicePackUninstall$\wininet.dll
2002-08-29 10:45 603136 cbc50d46257c4a75644230507b488050 C:\WINDOW\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOW\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:13 697344 3a5cf7dc05dff3be1ada9c9fd0f27f0c C:\WINDOW\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:13 697856 a5f8e46170421e8c1ec1346f3617ec71 C:\WINDOW\ServicePackFiles\i386\wininet.dll
2004-08-20 00:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOW\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wininet.dll
2007-10-11 07:13 697856 a5f8e46170421e8c1ec1346f3617ec71 C:\WINDOW\system32\wininet.dll
2007-10-11 07:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOW\system32\dllcache\wininet.dll

2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOW\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOW\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 10:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOW\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOW\$NtUninstallKB938828$\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOW\ServicePackFiles\i386\explorer.exe
2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOW\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOW\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"FreeRAM XP"="C:\Program Files\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 18:20 36352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 22:13 68856]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-19 13:49 214456]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOW\system32\NvCpl.dll" [2006-01-12 03:43 7393280]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
"OOCCCTRL.EXE"="C:\Program Files\OO Software\CleverCache\OOCCCTRL.exe" [2007-01-28 15:08 1911568]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-07 12:52 737370]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"PerfectCleaner"="C:\Program Files\PerfectCleaner\PerfectCleaner.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOW\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOW\\system32\\logonuiX.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users.WINDOW\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOW\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users.WINDOW\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOW\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jayscream^Menu Démarrer^Programmes^Démarrage^MaxTV Radio.lnk]
path=C:\Documents and Settings\Jayscream\Menu Démarrer\Programmes\Démarrage\MaxTV Radio.lnk
backup=C:\WINDOW\pss\MaxTV Radio.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jayscream^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Jayscream\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOW\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jayscream^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Jayscream\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOW\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jayscream^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Jayscream\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOW\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jayscream^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Jayscream\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOW\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-12 14:50 88204 C:\WINDOW\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOW\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 12:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
--a------ 2004-04-26 16:21 270336 C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-11-17 10:42 53341 C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 C:\WINDOW\System32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 2006-10-06 07:17 53248 C:\WINDOW\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
--a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-23 00:13 1591808 C:\Program Files\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2007-11-19 13:49 214456 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 18:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-12 03:43 7393280 C:\WINDOW\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-12 03:43 1519616 C:\WINDOW\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
--a------ 2007-01-28 15:08 1911568 C:\Program Files\OO Software\CleverCache\ooccctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2007-10-16 21:45 4044016 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-12-19 14:52 15797248 C:\WINDOW\Rthdcpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
--a------ 2007-10-26 16:04 4354048 C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-25 22:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-10-07 12:52 737370 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a------ 2006-07-17 23:16 122880 C:\Program Files\UberIcon\UberIcon Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0400Mon.exe]
--a------ 2007-08-23 01:02 28672 C:\WINDOW\V0400Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-12-27 10:07 955904 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]
--a------ 2007-06-26 05:13 305447 C:\WINDOW\system32\viwc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w810MmHk]
--a------ 2005-06-27 12:02 77824 C:\Program Files\Arima\LED Display Utility\w810MmHk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"btwdins"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOW\\system32\\dpvsetup.exe"=
"C:\\WINDOW\\system32\\rundll32.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\TrackMania United\\TmUnited.exe"=
"C:\\Program Files\\Parsec LAN-Test\\parsec.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

R2 Dnscache;Client DNS;C:\WINDOW\System32\svchost.exe [2004-08-19 16:10]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-12-15 00:26]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2007-12-15 00:26]
R3 X10Hid;X10 Hid Device;C:\WINDOW\system32\Drivers\x10hid.sys [2005-06-13 11:50]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOW\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 VF0400Afx;VF0400 Audio FX;C:\WINDOW\system32\Drivers\V0400Afx.sys [2007-06-11 01:01]
S3 VF0400Vfx;VF0400 Video FX;C:\WINDOW\system32\DRIVERS\V0400VFx.sys [2007-03-05 18:45]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);C:\WINDOW\system32\DRIVERS\V0400Vid.sys [2007-06-07 01:01]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 02:30:53 C:\WINDOW\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmar
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 00:07:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOW\system32\MSIXU.DLL

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOW\explorer.exe [6.00.2900.3156]
-> C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\VisualTaskTips\VttHooks.dll
-> C:\Program Files\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOW\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOW\system32\mgmrwmrv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOW\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 0:10:26 - machine was rebooted [Jayscream]
ComboFix-quarantined-files.txt 2008-03-09 23:10:23
.
2008-02-22 22:29:35 --- E O F ---
0

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
mustapha
mustapha -
Ainillia -

1 réponse