Je suis infecté par un cheval de troie.
Résolu
Slamy
Messages postés
22
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, mon antivirus (Avast) a trouver un cheval de troie sur mon ordinateur. Je n'ai aucune idée comme enlevé ce truc alors j'aimerais avoir une démarche précise pour régler mon problème. J'ai quand même quelque information : le nom du fichier est c:\WINDOWS\system32\temp1.exe et le nom du logiciel malveillant est Win32:Agent-ILR [Trj]. J'ai fait un scan avec Hijackthis que je vais copier ci-dessous :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:58, on 2008-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\temp1.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Third pop.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Bits Eq] C:\DOCUME~1\FRANCI~1\APPLIC~1\BROWSE~1\Clock this.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:58, on 2008-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\temp1.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Third pop.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Bits Eq] C:\DOCUME~1\FRANCI~1\APPLIC~1\BROWSE~1\Clock this.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
A voir également:
- Je suis infecté par un cheval de troie.
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Qu'est ce que le cheval au poker - Forum Virus
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment ✓ - Forum Virus
4 réponses
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
c:\WINDOWS\system32\temp1.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_____________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
c:\WINDOWS\system32\temp1.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_____________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
Voici le scan de combofix :
ComboFix 08-02-14.1 - Francine P 2008-02-13 19:20:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.149 [GMT -5:00]
Endroit: C:\Documents and Settings\Francine P\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Francine P\Application Data\inst.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\xcopy.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:10 . 2008-02-13 19:10 <REP> d-------- C:\Program Files\Panda Security
2008-02-13 19:07 . 2008-02-13 19:07 <REP> d-------- C:\_OTMoveIt
2008-02-13 14:55 . 2008-02-13 14:55 <REP> d-------- C:\Program Files\Trend Micro
2008-02-12 21:48 . 2008-02-12 21:48 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-02-12 21:47 . 2008-02-13 14:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-02-12 20:08 . 2008-02-12 20:08 <REP> d-------- C:\Program Files\Alwil Software
2008-02-12 20:08 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 20:08 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 20:08 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 20:08 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 20:08 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 20:08 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 20:08 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 20:08 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-11 16:21 . 2008-02-11 16:21 244 --ah----- C:\sqmnoopt11.sqm
2008-02-11 16:21 . 2008-02-11 16:21 232 --ah----- C:\sqmdata11.sqm
2008-02-09 22:42 . 2008-02-13 18:02 <REP> d-------- C:\Documents and Settings\Francine P\Application Data\skypePM
2008-02-09 22:42 . 2008-02-09 22:42 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-09 22:35 . 2008-02-09 22:35 <REP> d-------- C:\Program Files\Skype
2008-02-09 22:35 . 2008-02-09 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-02-09 22:35 . 2008-02-13 19:22 <REP> d-------- C:\Documents and Settings\Francine P\Application Data\Skype
2008-02-09 22:34 . 2008-02-09 22:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-08 18:52 . 2008-02-09 14:41 <REP> d-------- C:\Program Files\Darkeden
2008-02-07 16:35 . 2008-02-07 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Absolutist
2008-02-06 21:34 . 2008-02-06 21:34 <REP> d-------- C:\Documents and Settings\Francine P\Application Data\iWin
2008-02-06 21:29 . 2008-02-07 18:58 <REP> d-------- C:\Program Files\Jewel Quest Solitaire II
2008-01-27 16:46 . 2008-01-27 16:46 244 --ah----- C:\sqmnoopt10.sqm
2008-01-27 16:46 . 2008-01-27 16:46 232 --ah----- C:\sqmdata10.sqm
2008-01-23 22:37 . 2008-01-23 22:42 <REP> d-------- C:\Program Files\PartyGaming
2008-01-15 14:50 . 2008-01-15 14:50 <REP> d-------- C:\Program Files\browsempeg
2008-01-14 14:56 . 2008-01-16 02:12 <REP> d-------- C:\Program Files\Eudemons Online
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 00:19 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2008-02-08 23:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 00:17 --------- d-----w C:\Documents and Settings\Francine P\Application Data\Ventrilo
2008-01-22 01:16 --------- d-----w C:\Program Files\Kazaa
2008-01-15 19:50 --------- d-----w C:\Documents and Settings\Francine P\Application Data\browsempeg
2008-01-15 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2008-01-08 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-07 22:51 --------- d-----w C:\Program Files\MAIET
2008-01-01 02:04 --------- d-----w C:\Program Files\Windows Live
2008-01-01 02:04 --------- d-----w C:\Program Files\MSN Messenger
2008-01-01 02:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-01 02:04 --------- d-----w C:\Program Files\Circle Developement
2008-01-01 01:56 --------- d-----w C:\Program Files\LimeWire
2008-01-01 01:56 --------- d-----w C:\Documents and Settings\Francine P\Application Data\LimeWire
2007-12-18 21:22 --------- d-----w C:\Program Files\Dofus
2007-12-18 20:41 --------- d-----w C:\Program Files\Ankama Games
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-16 15:53 --------- d-----w C:\Program Files\Need2Find
2007-12-16 15:53 --------- d-----w C:\Program Files\Altnet
2007-12-14 19:56 --------- d-----w C:\Program Files\Ventrilo
2007-12-14 19:56 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-01-31 23:08 65,536 ------w C:\WINDOWS\inf\setup\bcr.exe
2003-01-31 23:08 50,934 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvpciusb.sys
2003-01-31 23:08 50,911 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvbususb.sys
2003-01-31 23:08 49,296 ------w C:\WINDOWS\inf\setup\efnt16.dll
2003-01-31 23:08 49,152 ------w C:\WINDOWS\inf\enclss32.dll
2003-01-31 23:08 32,768 ------w C:\WINDOWS\inf\setup\efnt32.dll
2003-01-31 23:08 3,690,496 ------w C:\WINDOWS\inf\setup.exe
2003-01-31 23:08 28,005 ------w C:\WINDOWS\inf\ssdsl3x\drivers\enethusb.sys
2003-01-31 23:08 241,664 ------w C:\WINDOWS\inf\setup\bohica.dll
2003-01-31 23:08 23,560 ------w C:\WINDOWS\inf\enclss16.dll
2003-01-31 23:08 163,840 ------w C:\WINDOWS\inf\setup\enisnmp.dll
2003-01-31 23:08 163,840 ------w C:\WINDOWS\inf\setup\efntsw.dll
2003-01-31 23:08 159,744 ------w C:\WINDOWS\inf\setup\l2xpdrv.dll
2003-01-31 23:08 159,744 ------w C:\WINDOWS\inf\setup\csshim.dll
2003-01-31 23:08 155,648 ------w C:\WINDOWS\inf\setup\prox.dll
2003-01-31 23:08 155,648 ------w C:\WINDOWS\inf\setup\efntos2k.dll
2003-01-31 23:08 155,648 ------w C:\WINDOWS\inf\setup\ClearMB.exe
2003-01-31 23:08 15,332 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvbeth.sys
2003-01-31 23:08 15,309 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvbetht.sys
2003-01-31 23:08 147,456 ------w C:\WINDOWS\inf\setup\efntos9x.dll
2003-01-31 23:08 139,264 ------w C:\WINDOWS\inf\setup\enicommon.dll
2003-01-31 23:08 135,168 ------w C:\WINDOWS\inf\setup\EnCmnSvr.exe
2003-01-31 23:08 122,880 ------w C:\WINDOWS\inf\setup\efntos.dll
2003-01-31 23:08 122,880 ------w C:\WINDOWS\inf\setup\efntnio.dll
2003-01-31 23:08 118,784 ------w C:\WINDOWS\inf\setup\defdel.exe
2002-06-04 16:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe
2002-01-03 22:35 447 ----a-w C:\Program Files\INSTALL.LOG
2002-01-01 22:48 81,920 ----a-w C:\Documents and Settings\Francine P\Application Data\ezpinst.exe
2002-01-01 22:48 47,360 ----a-w C:\Documents and Settings\Francine P\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-11 20:50 212992]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-11 13:27 67128]
"Bits Eq"="C:\DOCUME~1\FRANCI~1\APPLIC~1\BROWSE~1\Clock this.exe" [2008-01-15 14:50 409600]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-29 17:04 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 04:03 188416]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 17:05 310000]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 17:05 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE" [2006-03-28 17:38 94208]
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Third pop.exe" [2008-02-13 19:14 1430016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
C:\Documents and Settings\Francine P\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-11 13:27:50 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-04 14:31:24 573440]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-09-16 17:23:22 155715]
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 03:00]
R2 PPPoEService;PPPoE Service;C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe [2000-07-11 10:48]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-02-12 21:48]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:54]
S3 RAWESR;RAWESR;C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\RAWESR.SYS [2000-06-26 17:02]
S3 TAPBIND;TAPBIND;C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\TAPBIND1.SYS [2000-10-29 13:41]
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-14 00:00:03 C:\WINDOWS\Tasks\A42336899184B4E5.job"
- c:\docume~1\franci~1\applic~1\browse~1\Joyholdmeta.exe
"2008-02-08 22:15:52 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 19:22:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
.
Temps d'accomplissement: 2008-02-13 19:23:13
ComboFix-quarantined-files.txt 2008-02-14 00:23:11
.
2008-02-13 15:06:50 --- E O F ---
ComboFix 08-02-14.1 - Francine P 2008-02-13 19:20:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.149 [GMT -5:00]
Endroit: C:\Documents and Settings\Francine P\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Francine P\Application Data\inst.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\xcopy.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:10 . 2008-02-13 19:10 <REP> d-------- C:\Program Files\Panda Security
2008-02-13 19:07 . 2008-02-13 19:07 <REP> d-------- C:\_OTMoveIt
2008-02-13 14:55 . 2008-02-13 14:55 <REP> d-------- C:\Program Files\Trend Micro
2008-02-12 21:48 . 2008-02-12 21:48 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-02-12 21:47 . 2008-02-13 14:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-02-12 20:08 . 2008-02-12 20:08 <REP> d-------- C:\Program Files\Alwil Software
2008-02-12 20:08 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-12 20:08 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-12 20:08 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-12 20:08 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-12 20:08 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-12 20:08 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-12 20:08 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-12 20:08 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-11 16:21 . 2008-02-11 16:21 244 --ah----- C:\sqmnoopt11.sqm
2008-02-11 16:21 . 2008-02-11 16:21 232 --ah----- C:\sqmdata11.sqm
2008-02-09 22:42 . 2008-02-13 18:02 <REP> d-------- C:\Documents and Settings\Francine P\Application Data\skypePM
2008-02-09 22:42 . 2008-02-09 22:42 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-09 22:35 . 2008-02-09 22:35 <REP> d-------- C:\Program Files\Skype
2008-02-09 22:35 . 2008-02-09 22:35 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-02-09 22:35 . 2008-02-13 19:22 <REP> d-------- C:\Documents and Settings\Francine P\Application Data\Skype
2008-02-09 22:34 . 2008-02-09 22:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-08 18:52 . 2008-02-09 14:41 <REP> d-------- C:\Program Files\Darkeden
2008-02-07 16:35 . 2008-02-07 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Absolutist
2008-02-06 21:34 . 2008-02-06 21:34 <REP> d-------- C:\Documents and Settings\Francine P\Application Data\iWin
2008-02-06 21:29 . 2008-02-07 18:58 <REP> d-------- C:\Program Files\Jewel Quest Solitaire II
2008-01-27 16:46 . 2008-01-27 16:46 244 --ah----- C:\sqmnoopt10.sqm
2008-01-27 16:46 . 2008-01-27 16:46 232 --ah----- C:\sqmdata10.sqm
2008-01-23 22:37 . 2008-01-23 22:42 <REP> d-------- C:\Program Files\PartyGaming
2008-01-15 14:50 . 2008-01-15 14:50 <REP> d-------- C:\Program Files\browsempeg
2008-01-14 14:56 . 2008-01-16 02:12 <REP> d-------- C:\Program Files\Eudemons Online
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 00:19 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2008-02-08 23:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 00:17 --------- d-----w C:\Documents and Settings\Francine P\Application Data\Ventrilo
2008-01-22 01:16 --------- d-----w C:\Program Files\Kazaa
2008-01-15 19:50 --------- d-----w C:\Documents and Settings\Francine P\Application Data\browsempeg
2008-01-15 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2008-01-08 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-07 22:51 --------- d-----w C:\Program Files\MAIET
2008-01-01 02:04 --------- d-----w C:\Program Files\Windows Live
2008-01-01 02:04 --------- d-----w C:\Program Files\MSN Messenger
2008-01-01 02:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-01 02:04 --------- d-----w C:\Program Files\Circle Developement
2008-01-01 01:56 --------- d-----w C:\Program Files\LimeWire
2008-01-01 01:56 --------- d-----w C:\Documents and Settings\Francine P\Application Data\LimeWire
2007-12-18 21:22 --------- d-----w C:\Program Files\Dofus
2007-12-18 20:41 --------- d-----w C:\Program Files\Ankama Games
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-16 15:53 --------- d-----w C:\Program Files\Need2Find
2007-12-16 15:53 --------- d-----w C:\Program Files\Altnet
2007-12-14 19:56 --------- d-----w C:\Program Files\Ventrilo
2007-12-14 19:56 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-01-31 23:08 65,536 ------w C:\WINDOWS\inf\setup\bcr.exe
2003-01-31 23:08 50,934 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvpciusb.sys
2003-01-31 23:08 50,911 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvbususb.sys
2003-01-31 23:08 49,296 ------w C:\WINDOWS\inf\setup\efnt16.dll
2003-01-31 23:08 49,152 ------w C:\WINDOWS\inf\enclss32.dll
2003-01-31 23:08 32,768 ------w C:\WINDOWS\inf\setup\efnt32.dll
2003-01-31 23:08 3,690,496 ------w C:\WINDOWS\inf\setup.exe
2003-01-31 23:08 28,005 ------w C:\WINDOWS\inf\ssdsl3x\drivers\enethusb.sys
2003-01-31 23:08 241,664 ------w C:\WINDOWS\inf\setup\bohica.dll
2003-01-31 23:08 23,560 ------w C:\WINDOWS\inf\enclss16.dll
2003-01-31 23:08 163,840 ------w C:\WINDOWS\inf\setup\enisnmp.dll
2003-01-31 23:08 163,840 ------w C:\WINDOWS\inf\setup\efntsw.dll
2003-01-31 23:08 159,744 ------w C:\WINDOWS\inf\setup\l2xpdrv.dll
2003-01-31 23:08 159,744 ------w C:\WINDOWS\inf\setup\csshim.dll
2003-01-31 23:08 155,648 ------w C:\WINDOWS\inf\setup\prox.dll
2003-01-31 23:08 155,648 ------w C:\WINDOWS\inf\setup\efntos2k.dll
2003-01-31 23:08 155,648 ------w C:\WINDOWS\inf\setup\ClearMB.exe
2003-01-31 23:08 15,332 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvbeth.sys
2003-01-31 23:08 15,309 ------w C:\WINDOWS\inf\ssdsl3x\drivers\vvbetht.sys
2003-01-31 23:08 147,456 ------w C:\WINDOWS\inf\setup\efntos9x.dll
2003-01-31 23:08 139,264 ------w C:\WINDOWS\inf\setup\enicommon.dll
2003-01-31 23:08 135,168 ------w C:\WINDOWS\inf\setup\EnCmnSvr.exe
2003-01-31 23:08 122,880 ------w C:\WINDOWS\inf\setup\efntos.dll
2003-01-31 23:08 122,880 ------w C:\WINDOWS\inf\setup\efntnio.dll
2003-01-31 23:08 118,784 ------w C:\WINDOWS\inf\setup\defdel.exe
2002-06-04 16:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe
2002-01-03 22:35 447 ----a-w C:\Program Files\INSTALL.LOG
2002-01-01 22:48 81,920 ----a-w C:\Documents and Settings\Francine P\Application Data\ezpinst.exe
2002-01-01 22:48 47,360 ----a-w C:\Documents and Settings\Francine P\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-11 20:50 212992]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-11 13:27 67128]
"Bits Eq"="C:\DOCUME~1\FRANCI~1\APPLIC~1\BROWSE~1\Clock this.exe" [2008-01-15 14:50 409600]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-29 17:04 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 04:03 188416]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 17:05 310000]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 17:05 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE" [2006-03-28 17:38 94208]
"CHIN PING PHONE PILE"="C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Third pop.exe" [2008-02-13 19:14 1430016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
C:\Documents and Settings\Francine P\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-11 13:27:50 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-04 14:31:24 573440]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-09-16 17:23:22 155715]
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2005-03-17 03:00]
R2 PPPoEService;PPPoE Service;C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\pppoeservice.exe [2000-07-11 10:48]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-02-12 21:48]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:54]
S3 RAWESR;RAWESR;C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\RAWESR.SYS [2000-06-26 17:02]
S3 TAPBIND;TAPBIND;C:\PROGRA~1\SYMPAT~1\GESTIO~1\app\TAPBIND1.SYS [2000-10-29 13:41]
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-14 00:00:03 C:\WINDOWS\Tasks\A42336899184B4E5.job"
- c:\docume~1\franci~1\applic~1\browse~1\Joyholdmeta.exe
"2008-02-08 22:15:52 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 19:22:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2004\WinStylerThemeHelper.dll
.
Temps d'accomplissement: 2008-02-13 19:23:13
ComboFix-quarantined-files.txt 2008-02-14 00:23:11
.
2008-02-13 15:06:50 --- E O F ---
