Virus trojandownloader.XS
Résolu
pierrotfcna
Messages postés
69
Statut
Membre
-
farfalandiaz -
farfalandiaz -
Bonjour,
Mon ordinateur est infecté par le virus trojandownloader.XS qui ouvre des fenetre internet pour faire de la promotion de différents antivirus ou je ne sait quoi.
Je voudrais que vous m'aidiez car je ne connait pas grand chose pour ce qui est des virus donc si vous pouviez me guider pas a pas s'il vous plait.
Mon ordinateur est infecté par le virus trojandownloader.XS qui ouvre des fenetre internet pour faire de la promotion de différents antivirus ou je ne sait quoi.
Je voudrais que vous m'aidiez car je ne connait pas grand chose pour ce qui est des virus donc si vous pouviez me guider pas a pas s'il vous plait.
A voir également:
- Virus trojandownloader.XS
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
52 réponses
normalement il est n'y est plus
surf tranquille pendant quelque jours et apres revient nous tenir au courant en marquant resolu
surf tranquille pendant quelque jours et apres revient nous tenir au courant en marquant resolu
OK merci beaucoup de m'avoir aidé shion-ares ! je viendrais mettre résolus dans quelques jours alors. bonne soirée.
telecharge ceci
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
et poste moi le rapport je le verrais demain matin
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
et poste moi le rapport je le verrais demain matin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-04-03.3 - Choupi' 2008-04-03 22:57:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.508 [GMT 2:00]
Endroit: C:\Documents and Settings\Choupi'\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:16 . 2008-04-03 20:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 20:11 . 2008-04-03 20:24 <REP> d-------- C:\SDFix
2008-04-03 18:33 . 2008-04-03 19:50 3,422 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 18:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-03 18:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-03 18:32 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-03 18:32 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-03 18:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-03 18:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-03 18:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-03 17:06 . 2008-04-03 17:06 90,112 --a------ C:\WINDOWS\system32\mhchsdez.exe
2008-04-02 22:44 . 2008-04-02 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 12:02 . 2008-04-02 12:06 <REP> d-------- C:\Program Files\Navilog1
2008-04-02 11:07 . 2008-04-02 11:07 <REP> d-------- C:\_OTMoveIt
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 00:52 . 2008-04-02 00:52 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Grisoft
2008-04-02 00:51 . 2008-04-02 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 00:51 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-02 00:13 . 2008-04-02 00:50 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 21:42 . 2008-03-31 21:42 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-31 21:22 . 2008-03-31 21:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-31 12:02 . 2008-03-31 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pknapczm
2008-03-31 12:02 . 2008-03-31 12:02 114,688 --a------ C:\WINDOWS\system32\dodgvwbc.exe
2008-03-31 11:34 . 2008-03-31 21:38 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Eltima Software
2008-03-31 11:34 . 2008-04-02 00:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 13:33 . 2008-03-11 13:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-10 12:41 . 2008-03-10 12:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HP
2008-03-10 12:40 . 2008-03-10 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-10 12:39 . 2008-03-10 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-10 12:39 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-10 12:39 . 2007-03-28 15:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-10 12:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-10 12:39 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-10 12:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-10 12:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-03-10 12:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-03-10 12:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-10 12:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-10 12:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-10 12:37 . 2008-04-02 11:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HPAppData
2008-03-10 12:37 . 2008-03-10 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-10 12:33 . 2008-03-10 12:37 <REP> d-------- C:\Program Files\HP
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-10 12:31 . 2008-03-10 12:40 158,906 --a------ C:\WINDOWS\hpoins15.dat
2008-03-10 12:31 . 2007-09-20 22:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:24 --------- d-----w C:\Documents and Settings\Choupi'\Application Data\OpenOffice.org2
2008-04-02 15:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 23:03 --------- d-----w C:\Program Files\Seterra
2008-03-31 20:08 --------- d-----w C:\Program Files\eMule
2008-03-31 19:39 --------- d-----w C:\Program Files\denouvel
2008-03-31 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-01-17 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-13 16:23 738,304 ----a-w C:\WINDOWS\GPInstall.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_12.21.52,96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-03 18:16:34 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:34 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-03 18:16:23 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:23 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2008-04-03 19:03:24 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5b4.dat
+ 2008-04-03 19:04:38 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_eb4.dat
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"jamnveej"="C:\WINDOWS\system32\dodgvwbc.exe" [2008-03-31 12:02 114688]
"kfpsmgsk"="C:\WINDOWS\system32\mhchsdez.exe" [2008-04-03 17:06 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 03:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 06:51 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 06:02 786521]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 12:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-08-08 15:15 634880]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 12:37 438272]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 21:18 208896]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 17:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 18:15 348160]
"emMON"="emMON.exe" [2006-05-30 22:24 61440 C:\WINDOWS\emMON.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 06:49]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S3 epindd;epindd;C:\WINDOWS\system32\drivers\epindd.sys [2006-01-12 18:20]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 USB28xxBGA;USB 2870 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 23:02:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Choupi'\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-04-03 23:02:38
ComboFix-quarantined-files.txt 2008-04-03 21:02:34
ComboFix2.txt 2008-04-02 10:22:03
Pre-Run: 14,945,136,640 octets libres
Post-Run: 14,929,367,040 octets libres
.
2008-03-12 19:21:50 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.508 [GMT 2:00]
Endroit: C:\Documents and Settings\Choupi'\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:16 . 2008-04-03 20:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 20:11 . 2008-04-03 20:24 <REP> d-------- C:\SDFix
2008-04-03 18:33 . 2008-04-03 19:50 3,422 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 18:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-03 18:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-03 18:32 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-03 18:32 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-03 18:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-03 18:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-03 18:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-03 17:06 . 2008-04-03 17:06 90,112 --a------ C:\WINDOWS\system32\mhchsdez.exe
2008-04-02 22:44 . 2008-04-02 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 12:02 . 2008-04-02 12:06 <REP> d-------- C:\Program Files\Navilog1
2008-04-02 11:07 . 2008-04-02 11:07 <REP> d-------- C:\_OTMoveIt
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 00:52 . 2008-04-02 00:52 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Grisoft
2008-04-02 00:51 . 2008-04-02 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 00:51 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-02 00:13 . 2008-04-02 00:50 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 21:42 . 2008-03-31 21:42 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-31 21:22 . 2008-03-31 21:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-31 12:02 . 2008-03-31 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pknapczm
2008-03-31 12:02 . 2008-03-31 12:02 114,688 --a------ C:\WINDOWS\system32\dodgvwbc.exe
2008-03-31 11:34 . 2008-03-31 21:38 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Eltima Software
2008-03-31 11:34 . 2008-04-02 00:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 13:33 . 2008-03-11 13:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-10 12:41 . 2008-03-10 12:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HP
2008-03-10 12:40 . 2008-03-10 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-10 12:39 . 2008-03-10 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-10 12:39 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-10 12:39 . 2007-03-28 15:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-10 12:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-10 12:39 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-10 12:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-10 12:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-03-10 12:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-03-10 12:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-10 12:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-10 12:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-10 12:37 . 2008-04-02 11:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HPAppData
2008-03-10 12:37 . 2008-03-10 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-10 12:33 . 2008-03-10 12:37 <REP> d-------- C:\Program Files\HP
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-10 12:31 . 2008-03-10 12:40 158,906 --a------ C:\WINDOWS\hpoins15.dat
2008-03-10 12:31 . 2007-09-20 22:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:24 --------- d-----w C:\Documents and Settings\Choupi'\Application Data\OpenOffice.org2
2008-04-02 15:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 23:03 --------- d-----w C:\Program Files\Seterra
2008-03-31 20:08 --------- d-----w C:\Program Files\eMule
2008-03-31 19:39 --------- d-----w C:\Program Files\denouvel
2008-03-31 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-01-17 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-13 16:23 738,304 ----a-w C:\WINDOWS\GPInstall.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_12.21.52,96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-03 18:16:34 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:34 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-03 18:16:23 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:23 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2008-04-03 19:03:24 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5b4.dat
+ 2008-04-03 19:04:38 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_eb4.dat
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"jamnveej"="C:\WINDOWS\system32\dodgvwbc.exe" [2008-03-31 12:02 114688]
"kfpsmgsk"="C:\WINDOWS\system32\mhchsdez.exe" [2008-04-03 17:06 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 03:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 06:51 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 06:02 786521]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 12:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-08-08 15:15 634880]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 12:37 438272]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 21:18 208896]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 17:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 18:15 348160]
"emMON"="emMON.exe" [2006-05-30 22:24 61440 C:\WINDOWS\emMON.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 06:49]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S3 epindd;epindd;C:\WINDOWS\system32\drivers\epindd.sys [2006-01-12 18:20]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 USB28xxBGA;USB 2870 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 23:02:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Choupi'\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-04-03 23:02:38
ComboFix-quarantined-files.txt 2008-04-03 21:02:34
ComboFix2.txt 2008-04-02 10:22:03
Pre-Run: 14,945,136,640 octets libres
Post-Run: 14,929,367,040 octets libres
.
2008-03-12 19:21:50 --- E O F ---
voila je vous laisse annalyser ca. jai cours demain toute la journée jusqu'a 19h30 donc je ne pourrait pas répondre avant. merci d'avance.
voici le le log combifix en mode sans echec :
ComboFix 08-04-03.3 - Choupi' 2008-04-04 19:38:28.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.698 [GMT 2:00]
Endroit: C:\Documents and Settings\Choupi'\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:16 . 2008-04-03 20:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 20:11 . 2008-04-03 20:24 <REP> d-------- C:\SDFix
2008-04-03 18:33 . 2008-04-03 19:50 3,422 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 18:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-03 18:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-03 18:32 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-03 18:32 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-03 18:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-03 18:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-03 18:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-03 17:06 . 2008-04-03 17:06 90,112 --a------ C:\WINDOWS\system32\mhchsdez.exe
2008-04-02 22:44 . 2008-04-02 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 12:02 . 2008-04-02 12:06 <REP> d-------- C:\Program Files\Navilog1
2008-04-02 11:07 . 2008-04-02 11:07 <REP> d-------- C:\_OTMoveIt
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 00:52 . 2008-04-02 00:52 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Grisoft
2008-04-02 00:51 . 2008-04-02 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 00:51 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-02 00:13 . 2008-04-02 00:50 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 21:42 . 2008-03-31 21:42 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-31 21:22 . 2008-03-31 21:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-31 12:02 . 2008-03-31 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pknapczm
2008-03-31 12:02 . 2008-03-31 12:02 114,688 --a------ C:\WINDOWS\system32\dodgvwbc.exe
2008-03-31 11:34 . 2008-03-31 21:38 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Eltima Software
2008-03-31 11:34 . 2008-04-02 00:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 13:33 . 2008-03-11 13:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-10 12:41 . 2008-03-10 12:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HP
2008-03-10 12:40 . 2008-03-10 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-10 12:39 . 2008-03-10 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-10 12:39 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-10 12:39 . 2007-03-28 15:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-10 12:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-10 12:39 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-10 12:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-10 12:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-03-10 12:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-03-10 12:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-10 12:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-10 12:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-10 12:37 . 2008-04-02 11:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HPAppData
2008-03-10 12:37 . 2008-03-10 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-10 12:33 . 2008-03-10 12:37 <REP> d-------- C:\Program Files\HP
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-10 12:31 . 2008-03-10 12:40 158,906 --a------ C:\WINDOWS\hpoins15.dat
2008-03-10 12:31 . 2007-09-20 22:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:24 --------- d-----w C:\Documents and Settings\Choupi'\Application Data\OpenOffice.org2
2008-04-02 15:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 23:03 --------- d-----w C:\Program Files\Seterra
2008-03-31 20:08 --------- d-----w C:\Program Files\eMule
2008-03-31 19:39 --------- d-----w C:\Program Files\denouvel
2008-03-31 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-01-17 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-13 16:23 738,304 ----a-w C:\WINDOWS\GPInstall.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_12.21.52,96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-03 18:16:34 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:34 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-03 18:16:23 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:23 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"jamnveej"="C:\WINDOWS\system32\dodgvwbc.exe" [2008-03-31 12:02 114688]
"kfpsmgsk"="C:\WINDOWS\system32\mhchsdez.exe" [2008-04-03 17:06 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 03:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 06:51 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 06:02 786521]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 12:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-08-08 15:15 634880]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 12:37 438272]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 21:18 208896]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 17:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 18:15 348160]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 13:58 7581696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 06:49]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S3 epindd;epindd;C:\WINDOWS\system32\drivers\epindd.sys [2006-01-12 18:20]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 USB28xxBGA;USB 2870 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - MDMXSDK
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:42:56
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-04 19:43:22
ComboFix-quarantined-files.txt 2008-04-04 17:43:21
ComboFix2.txt 2008-04-03 21:02:39
ComboFix3.txt 2008-04-02 10:22:03
Pre-Run: 15,876,165,632 octets libres
Post-Run: 15,859,912,704 octets libres
.
2008-03-12 19:21:50 --- E O F ---
ComboFix 08-04-03.3 - Choupi' 2008-04-04 19:38:28.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.698 [GMT 2:00]
Endroit: C:\Documents and Settings\Choupi'\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:16 . 2008-04-03 20:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-03 20:11 . 2008-04-03 20:24 <REP> d-------- C:\SDFix
2008-04-03 18:33 . 2008-04-03 19:50 3,422 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 18:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-03 18:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-03 18:32 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-03 18:32 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-03 18:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-03 18:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-03 18:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-03 17:06 . 2008-04-03 17:06 90,112 --a------ C:\WINDOWS\system32\mhchsdez.exe
2008-04-02 22:44 . 2008-04-02 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 12:02 . 2008-04-02 12:06 <REP> d-------- C:\Program Files\Navilog1
2008-04-02 11:07 . 2008-04-02 11:07 <REP> d-------- C:\_OTMoveIt
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 00:54 . 2008-04-03 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 00:52 . 2008-04-02 00:52 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Grisoft
2008-04-02 00:51 . 2008-04-02 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 00:51 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-02 00:13 . 2008-04-02 00:50 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 21:42 . 2008-03-31 21:42 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-31 21:22 . 2008-03-31 21:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-31 12:02 . 2008-03-31 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pknapczm
2008-03-31 12:02 . 2008-03-31 12:02 114,688 --a------ C:\WINDOWS\system32\dodgvwbc.exe
2008-03-31 11:34 . 2008-03-31 21:38 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Eltima Software
2008-03-31 11:34 . 2008-04-02 00:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 13:33 . 2008-03-11 13:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-10 12:41 . 2008-03-10 12:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HP
2008-03-10 12:40 . 2008-03-10 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-10 12:39 . 2008-03-10 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-10 12:39 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-10 12:39 . 2007-03-28 15:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-10 12:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-10 12:39 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-10 12:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-10 12:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-03-10 12:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-03-10 12:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-10 12:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-10 12:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-10 12:37 . 2008-04-02 11:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HPAppData
2008-03-10 12:37 . 2008-03-10 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-10 12:33 . 2008-03-10 12:37 <REP> d-------- C:\Program Files\HP
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-10 12:31 . 2008-03-10 12:40 158,906 --a------ C:\WINDOWS\hpoins15.dat
2008-03-10 12:31 . 2007-09-20 22:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:24 --------- d-----w C:\Documents and Settings\Choupi'\Application Data\OpenOffice.org2
2008-04-02 15:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 23:03 --------- d-----w C:\Program Files\Seterra
2008-03-31 20:08 --------- d-----w C:\Program Files\eMule
2008-03-31 19:39 --------- d-----w C:\Program Files\denouvel
2008-03-31 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-08 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-01-17 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-13 16:23 738,304 ----a-w C:\WINDOWS\GPInstall.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_12.21.52,96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-03 18:16:34 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:34 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-01 08:56:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-03 18:16:23 4,833,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-03 18:16:23 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"jamnveej"="C:\WINDOWS\system32\dodgvwbc.exe" [2008-03-31 12:02 114688]
"kfpsmgsk"="C:\WINDOWS\system32\mhchsdez.exe" [2008-04-03 17:06 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 03:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 06:51 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 06:02 786521]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 12:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-08-08 15:15 634880]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 12:37 438272]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 21:18 208896]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 17:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 18:15 348160]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 13:58 7581696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 06:49]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S3 epindd;epindd;C:\WINDOWS\system32\drivers\epindd.sys [2006-01-12 18:20]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 USB28xxBGA;USB 2870 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - MDMXSDK
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:42:56
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-04 19:43:22
ComboFix-quarantined-files.txt 2008-04-04 17:43:21
ComboFix2.txt 2008-04-03 21:02:39
ComboFix3.txt 2008-04-02 10:22:03
Pre-Run: 15,876,165,632 octets libres
Post-Run: 15,859,912,704 octets libres
.
2008-03-12 19:21:50 --- E O F ---
le log hijackthis je le fait en mode sans echec ou normal je ne me souvien plus? désolé j'ai un petit cerveau lol!
voila le rapport hijackthis en mode normal :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:53, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dodgvwbc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\Choupi'\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jamnveej] C:\WINDOWS\system32\dodgvwbc.exe
O4 - HKCU\..\Run: [kfpsmgsk] C:\WINDOWS\system32\mhchsdez.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:53, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dodgvwbc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\Choupi'\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jamnveej] C:\WINDOWS\system32\dodgvwbc.exe
O4 - HKCU\..\Run: [kfpsmgsk] C:\WINDOWS\system32\mhchsdez.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
bonjour
va en mode sans echec ouvre explorer et va ici
et supprime ce fichier
C:\DOCUME~1\Choupi'\LOCALS~1\Temp\RtkBtMnt.exe
ensuite tu lance ccleaner et tu analyse et tu supprime tout
tu verifie que c:\windows\temp soit vide ainsi que C:\DOCUME~1\Choupi'\LOCALS setting\Temp
si tu ne trouve pas le dossier temps dans mes document fait outil option des dosssiers affichage et coche afficher les fichier et dossiers caches
va en mode sans echec ouvre explorer et va ici
et supprime ce fichier
C:\DOCUME~1\Choupi'\LOCALS~1\Temp\RtkBtMnt.exe
ensuite tu lance ccleaner et tu analyse et tu supprime tout
tu verifie que c:\windows\temp soit vide ainsi que C:\DOCUME~1\Choupi'\LOCALS setting\Temp
si tu ne trouve pas le dossier temps dans mes document fait outil option des dosssiers affichage et coche afficher les fichier et dossiers caches
Bonjour j'ai fait tous ce que vous aviez dit et le fichier se supprime en mode sans echec mais quand je redémarre il est toujours présent. Le virus je sait pas si il est encore la ou pas du coup.
Je vous tien au courant.
Je vous tien au courant.
le virus est toujours la!! j'en est marre il veu pas partir. Faut peu etre que je supprime le programme de ce .exe non?
