Problèmes avec l'ordi, virus?
Résolu/Fermé
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
-
15 avril 2008 à 20:37
lilangel - 20 mai 2008 à 19:36
lilangel - 20 mai 2008 à 19:36
A voir également:
- Problèmes avec l'ordi, virus?
- Mon ordi rame que faire - Guide
- Comment reinitialiser un ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Youtu.be virus - Accueil - Guide virus
- Ordi ecran noir - Guide
79 réponses
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 17:31
16 avril 2008 à 17:31
Avec Multi Virus Cleaner 2008, je ne trouve aucune infection non plus.
Aidez moi s'il vous plait!
Aidez moi s'il vous plait!
Utilisateur anonyme
16 avril 2008 à 17:32
16 avril 2008 à 17:32
Salut !
→ Télécharge TrendMicro™ HijackThis™
Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<
Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe
→ Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...
/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\
→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm
A+
→ Télécharge TrendMicro™ HijackThis™
Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<
Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe
→ Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...
/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\
→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm
A+
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 17:46
16 avril 2008 à 17:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:45, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Mistral\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BMf750a693] Rundll32.exe "C:\WINDOWS\system32\fwufsury.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Scan saved at 17:40:45, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Mistral\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BMf750a693] Rundll32.exe "C:\WINDOWS\system32\fwufsury.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Utilisateur anonyme
16 avril 2008 à 17:48
16 avril 2008 à 17:48
Bonjour à toi aussi ...
→ Télécharge SDFix et sauvegarde le sur ton Bureau.
→ Redémarre en MSE
Autre tutorials pour MSE :
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
→ Poste moi le rapport.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
a+
→ Télécharge SDFix et sauvegarde le sur ton Bureau.
→ Redémarre en MSE
Autre tutorials pour MSE :
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
→ Poste moi le rapport.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
a+
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 17:57
16 avril 2008 à 17:57
Désolée... Bonjour,
oki je vais faire ca, merci de m'aider. Je risque d'en avoir pour un moment vu que déjà d'habitude il met 15 min pour s'allumer^^ Je poste ca tout de suite après.
A+
oki je vais faire ca, merci de m'aider. Je risque d'en avoir pour un moment vu que déjà d'habitude il met 15 min pour s'allumer^^ Je poste ca tout de suite après.
A+
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 19:05
16 avril 2008 à 19:05
Voila c'est fait:
[b]SDFix: Version 1.171 [/b]
Run by Mistral on 16/04/2008 at 18:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\tmp275.tmp.dll - Deleted
C:\WINDOWS\system32\real.txt - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:44:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 182
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Mistral\\LOCALS~1\\Temp\\tmp318.tmp.exe"="C:\\DOCUME~1\\Mistral\\LOCALS~1\\Te"
"C:\\WINDOWS\\system32\\qwerty12.exe"="C:\\WINDOWS\\system32\\qwe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 13 May 2007 2,840,184 ..SH. --- "C:\WINDOWS\bbdddd.tmp"
Fri 8 Jun 2007 963,739 ..SH. --- "C:\WINDOWS\defilm.tmp"
Tue 25 Dec 2007 2,309,891 ..SH. --- "C:\WINDOWS\uttwyb.tmp"
Tue 25 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 1 Feb 2008 8,914,432 ...H. --- "C:\Documents and Settings\Mistral\Bureau\~WRL3626.tmp"
Mon 1 Jan 2007 1,603 ...H. --- "C:\Program Files\Fichiers communs\AOL\IPHSend\IPH.BAK"
Sat 29 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0005.tmp"
Sun 30 Dec 2007 350,208 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0192.tmp"
Sun 30 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0298.tmp"
Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0411.tmp"
Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL1626.tmp"
Sun 30 Dec 2007 349,184 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL2903.tmp"
Thu 20 Dec 2007 360,448 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3222.tmp"
Thu 1 Nov 2007 6,707,200 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3436.tmp"
Sun 30 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3515.tmp"
Sun 30 Dec 2007 350,208 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3994.tmp"
Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL4018.tmp"
Thu 20 Dec 2007 360,448 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE1\~WRL3222.tmp"
[b]Finished![/b]
A+
[b]SDFix: Version 1.171 [/b]
Run by Mistral on 16/04/2008 at 18:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\tmp275.tmp.dll - Deleted
C:\WINDOWS\system32\real.txt - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:44:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 182
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Mistral\\LOCALS~1\\Temp\\tmp318.tmp.exe"="C:\\DOCUME~1\\Mistral\\LOCALS~1\\Te"
"C:\\WINDOWS\\system32\\qwerty12.exe"="C:\\WINDOWS\\system32\\qwe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 13 May 2007 2,840,184 ..SH. --- "C:\WINDOWS\bbdddd.tmp"
Fri 8 Jun 2007 963,739 ..SH. --- "C:\WINDOWS\defilm.tmp"
Tue 25 Dec 2007 2,309,891 ..SH. --- "C:\WINDOWS\uttwyb.tmp"
Tue 25 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 1 Feb 2008 8,914,432 ...H. --- "C:\Documents and Settings\Mistral\Bureau\~WRL3626.tmp"
Mon 1 Jan 2007 1,603 ...H. --- "C:\Program Files\Fichiers communs\AOL\IPHSend\IPH.BAK"
Sat 29 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0005.tmp"
Sun 30 Dec 2007 350,208 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0192.tmp"
Sun 30 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0298.tmp"
Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0411.tmp"
Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL1626.tmp"
Sun 30 Dec 2007 349,184 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL2903.tmp"
Thu 20 Dec 2007 360,448 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3222.tmp"
Thu 1 Nov 2007 6,707,200 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3436.tmp"
Sun 30 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3515.tmp"
Sun 30 Dec 2007 350,208 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3994.tmp"
Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL4018.tmp"
Thu 20 Dec 2007 360,448 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE1\~WRL3222.tmp"
[b]Finished![/b]
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
16 avril 2008 à 19:07
16 avril 2008 à 19:07
Tu me reposte un rapport Hijackthis stp ?
++
++
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 19:33
16 avril 2008 à 19:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:39, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BMf750a693] Rundll32.exe "C:\WINDOWS\system32\fwufsury.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Scan saved at 19:31:39, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BMf750a693] Rundll32.exe "C:\WINDOWS\system32\fwufsury.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Utilisateur anonyme
16 avril 2008 à 19:45
16 avril 2008 à 19:45
Re ,
Y a du ménage à faire. Beaucoup même.
*****************************************************
→ Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )
O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.
→ clique sur ' fixchecked '
***********************************************
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\
Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Tutorial ( aide ):
http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
A+
Y a du ménage à faire. Beaucoup même.
*****************************************************
→ Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )
O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.
→ clique sur ' fixchecked '
***********************************************
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\
Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Tutorial ( aide ):
http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
A+
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 21:05
16 avril 2008 à 21:05
Rebonjour,
voila le rapport:
ComboFix 08-04-15.8 - Mistral 2008-04-16 20:27:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.454 [GMT 2:00]
Endroit: C:\Documents and Settings\Mistral\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
C:\Program Files\Conquer 2.0\c3\[u]0[/u]003\611\_desktop.ini
C:\Program Files\Conquer 2.0\c3\[u]0[/u]003\741\_desktop.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\install.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aowgebqt.ini
C:\WINDOWS\system32\edtnllpq.ini
C:\WINDOWS\system32\fwufsury.dll
C:\WINDOWS\system32\glmjicay.ini
C:\WINDOWS\system32\hckiasbn.ini
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\iggajnhg.ini
C:\WINDOWS\system32\imujphfa.ini
C:\WINDOWS\system32\ipfjtith.ini
C:\WINDOWS\system32\ipqkhalp.ini
C:\WINDOWS\system32\ivdvahko.ini
C:\WINDOWS\system32\ivgccdif.ini
C:\WINDOWS\system32\ixdawwlo.ini
C:\WINDOWS\system32\khndkwxn.ini
C:\WINDOWS\system32\ktqxjqhs.ini
C:\WINDOWS\system32\lllaossc.ini
C:\WINDOWS\system32\lnrbaqvg.ini
C:\WINDOWS\system32\ltwtflda.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\negdthwr.ini
C:\WINDOWS\system32\nlvhpcft.ini
C:\WINDOWS\system32\odyetklb.ini
C:\WINDOWS\system32\omttkrwv.ini
C:\WINDOWS\system32\ormkuiki.ini
C:\WINDOWS\system32\ovutnqvg.ini
C:\WINDOWS\system32\qbiajufx.ini
C:\WINDOWS\system32\qmacbqhy.ini
C:\WINDOWS\system32\qusmapae.ini
C:\WINDOWS\system32\ratadlbl.ini
C:\WINDOWS\system32\rkgejcrr.ini
C:\WINDOWS\system32\rwtfomho.ini
C:\WINDOWS\system32\sabnovdb.ini
C:\WINDOWS\system32\sgqnghmc.ini
C:\WINDOWS\system32\tjwtepiy.ini
C:\WINDOWS\system32\tpltgsdp.ini
C:\WINDOWS\system32\tsixpjpp.ini
C:\WINDOWS\system32\vaosyccc.ini
C:\WINDOWS\system32\wdwrfgeb.ini
C:\WINDOWS\system32\xrpnfvun.ini
C:\WINDOWS\system32\ynrnwuqd.ini
C:\WINDOWS\system32\yunnqvui.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
-------\Service_DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-16 18:07 . 2008-04-16 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-16 18:06 . 2008-04-16 18:49 <REP> d-------- C:\SDFix
2008-04-15 20:56 . 2008-04-15 20:56 <REP> d-------- C:\Program Files\AxBx
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Program Files\Lavasoft
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 15:01 . 2008-04-14 15:01 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-14 14:20 . 2008-04-14 14:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\Mistral\Application Data\Grisoft
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 10:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 21:09 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-13 21:09 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-13 21:09 . 2004-08-05 05:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-04-13 21:09 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-13 21:09 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-13 21:09 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-13 21:09 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-13 21:09 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-13 21:08 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-04-13 21:08 . 2004-08-05 05:00 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
2008-04-13 21:08 . 2004-08-05 05:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
2008-04-13 21:08 . 2004-08-05 05:00 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
2008-04-13 21:08 . 2001-08-23 17:05 35,402 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-04-13 21:08 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-13 21:06 . 2001-08-17 21:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-04-13 21:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-13 21:04 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-13 21:03 . 2004-08-05 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-13 21:02 . 2004-08-03 23:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-04-13 21:02 . 2001-08-23 17:46 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-04-13 21:02 . 2001-08-17 20:13 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-04-13 21:02 . 2001-08-17 20:50 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-04-13 21:02 . 2001-08-17 21:49 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-04-13 21:02 . 2004-08-05 05:00 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
2008-04-13 21:02 . 2004-08-05 05:00 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
2008-04-13 21:02 . 2001-08-17 20:13 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-04-13 21:02 . 2004-08-05 05:00 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
2008-04-13 21:02 . 2001-08-17 21:52 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
2008-04-13 21:01 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-13 21:01 . 2001-08-17 21:50 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
2008-04-13 21:01 . 2001-08-23 17:47 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
2008-04-13 21:01 . 2001-08-23 17:47 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-04-13 21:01 . 2001-08-23 17:47 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-04-13 21:01 . 2001-08-17 22:02 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-04-13 20:59 . 2004-08-05 05:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-13 20:58 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-13 20:57 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-13 20:57 . 2001-08-23 17:21 161,664 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-04-13 20:57 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-04-13 20:57 . 2001-08-17 20:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-04-13 20:57 . 2004-08-05 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
2008-04-13 20:57 . 2001-07-21 22:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-04-13 20:57 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
2008-04-13 20:56 . 2001-08-23 17:47 57,856 --a------ C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2008-04-13 20:56 . 2001-08-17 20:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-04-13 20:56 . 2001-08-23 17:47 26,112 --a------ C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2008-04-13 20:56 . 2001-08-23 17:20 18,432 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
2008-04-13 20:56 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-04-13 20:56 . 2001-08-17 21:53 10,880 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-04-13 20:56 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-13 20:56 . 2001-08-17 21:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-04-13 20:55 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-13 20:55 . 2001-08-17 20:50 75,392 --a------ C:\WINDOWS\system32\dllcache\s3savmxm.sys
2008-04-13 20:55 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-04-13 20:55 . 2001-08-23 17:20 24,064 --a------ C:\WINDOWS\system32\dllcache\sccmn50m.sys
2008-04-13 20:55 . 2001-08-17 21:51 23,936 --a------ C:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-04-13 20:55 . 2001-08-23 17:20 17,536 --a------ C:\WINDOWS\system32\dllcache\scr111.sys
2008-04-13 20:55 . 2001-08-23 17:20 16,768 --a------ C:\WINDOWS\system32\dllcache\scmstcs.sys
2008-04-13 20:53 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-13 20:52 . 2004-08-05 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-13 20:51 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-13 20:50 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-13 20:50 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\ovcodec2.dll
2008-04-13 20:50 . 2001-08-23 17:15 54,954 --a------ C:\WINDOWS\system32\dllcache\otcsercb.sys
2008-04-13 20:50 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\dllcache\ovcam2.sys
2008-04-13 20:50 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\dllcache\ovcoms.exe
2008-04-13 20:50 . 2001-08-17 22:05 31,872 --a------ C:\WINDOWS\system32\dllcache\ovce.sys
2008-04-13 20:50 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\dllcache\ovcd.sys
2008-04-13 20:50 . 2001-08-17 22:05 25,088 --a------ C:\WINDOWS\system32\dllcache\ovca.sys
2008-04-13 20:50 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\dllcache\ovcomc.dll
2008-04-13 20:49 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
2008-04-13 20:49 . 2001-08-23 17:46 123,776 --a------ C:\WINDOWS\system32\dllcache\nv3.dll
2008-04-13 20:49 . 2001-08-17 20:20 54,528 --a------ C:\WINDOWS\system32\dllcache\opl3sax.sys
2008-04-13 20:49 . 2001-08-23 17:15 44,297 --a------ C:\WINDOWS\system32\dllcache\otceth5.sys
2008-04-13 20:49 . 2001-08-17 20:12 27,209 --a------ C:\WINDOWS\system32\dllcache\otc06x5.sys
2008-04-13 20:48 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-04-13 20:48 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-04-13 20:48 . 2001-08-17 20:20 126,080 --a------ C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2008-04-13 20:48 . 2001-08-17 20:20 87,040 --a------ C:\WINDOWS\system32\dllcache\nm6wdm.sys
2008-04-13 20:48 . 2001-08-23 17:10 66,302 --a------ C:\WINDOWS\system32\dllcache\netflx3.sys
2008-04-13 20:48 . 2001-08-17 20:49 51,552 --a------ C:\WINDOWS\system32\dllcache\ntgrip.sys
2008-04-13 20:48 . 2001-08-23 17:47 38,912 --a------ C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 18:35 178,292 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 18:35 15,149,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-15 16:39 --------- d-----w C:\Program Files\Conquer 2.0
2008-04-15 16:37 --------- d-----w C:\Program Files\RealVNC
2008-04-15 16:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 18:43 --------- d-----w C:\Documents and Settings\Mistral\Application Data\OpenOffice.org2
2008-04-14 13:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-13 08:10 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-06 20:59 397,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-06 20:59 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-06 16:04 94,208 ----a-w C:\WINDOWS\DUMP69e5.tmp
2008-04-06 16:03 1,222,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-03 20:33 458,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-03 20:33 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-02 19:40 2,816,000 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-18 21:51 2,680,832 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-18 21:51 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-11 12:31 --------- d-----w C:\Program Files\CCleaner
2008-03-09 17:42 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-09 17:42 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-05 21:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-05 21:25 1,469,440 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-05 21:20 2,858,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-05 21:20 1,468,928 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-27 12:27 --------- d-----w C:\Program Files\DivX
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-20 11:36 47,868 ----a-w C:\Program Files\unrar.exe
2005-05-11 21:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
2007-05-16 11:16 2,840,244 --sh--w C:\WINDOWS\bbdddd.ini2
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 307,200 2005-10-24 13:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
----a-w 344,064 2005-07-28 19:15:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
----a-w 50,760 2006-05-25 14:35:42 C:\Program Files\Fichiers communs\AOL\1167670222\ee\bak\AOLSoftware.exe
----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Fichiers communs\AOL\IPHSend\bak\IPHSend.exe
----a-w 50,760 2006-05-25 14:35:40 C:\Program Files\Fichiers communs\AOL\Launch\bak\AOLLaunch.exe
----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe
----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 180,269 2006-05-24 15:18:49 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
----a-w 48,752 2005-07-12 10:35:38 C:\Program Files\Fichiers communs\Symantec Shared\bak\ccApp.exe
----a-w 49,152 2005-05-11 21:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 1,988,144 2005-08-02 16:52:40 C:\Program Files\IBM ThinkVantage\Client Security Solution\bak\cssauth.exe
----a-r 49,152 2005-07-07 13:22:54 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\bak\pdservice.exe
----a-w 278,528 2006-06-14 14:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 36,975 2005-11-10 11:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 94,208 2005-08-29 12:15:02 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
----a-w 282,624 2006-09-07 09:20:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 85,600 2005-08-25 15:59:18 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe
----a-w 512,000 2005-08-01 08:48:28 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 110,592 2005-08-01 08:48:56 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 409,600 2005-12-15 15:14:34 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe
----a-w 98,304 2005-12-15 15:14:14 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe
----a-w 237,568 2005-08-31 00:20:00 C:\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe
----a-w 864,256 2005-08-23 16:23:20 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe
----a-w 106,496 2005-11-23 23:02:00 C:\Program Files\ThinkVantage\PrdCtr\bak\LPMGR.exe
----a-w 40,960 2005-08-01 15:32:38 C:\Program Files\ThinkVantage\SystemUpdate\bak\UCLauncher.exe
----a-w 126,050 2005-07-12 07:00:30 C:\Program Files\ThinkVantage Fingerprint Software\bak\ctlcntr.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 127,037 2005-05-19 03:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-13 14:59 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2005-08-22 19:29 86016 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-08-24 01:10 40960 C:\WINDOWS\system32\TP4EX.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 01:10 139264]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 01:10 208896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 14:59 1177368]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 16:11 196696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll 2005-07-12 09:06 110688 C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-06-16 22:23 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-13 15:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 11:59]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-13 14:59]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2005-11-08 09:27]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 11:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-08-31 01:10]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-13 14:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-13 14:59]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 18:15]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 08:26]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 17:47]
R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 08:57]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-07-12 09:07]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-14 12:03]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 18:54:51 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2006-05-10 21:41:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 20:53:14
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 182
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 21:01:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 19:01:02
Pre-Run: 19,449,352,192 octets libres
Post-Run: 19,370,225,664 octets libres
voila le rapport:
ComboFix 08-04-15.8 - Mistral 2008-04-16 20:27:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.454 [GMT 2:00]
Endroit: C:\Documents and Settings\Mistral\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
C:\Program Files\Conquer 2.0\c3\[u]0[/u]003\611\_desktop.ini
C:\Program Files\Conquer 2.0\c3\[u]0[/u]003\741\_desktop.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\install.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aowgebqt.ini
C:\WINDOWS\system32\edtnllpq.ini
C:\WINDOWS\system32\fwufsury.dll
C:\WINDOWS\system32\glmjicay.ini
C:\WINDOWS\system32\hckiasbn.ini
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\iggajnhg.ini
C:\WINDOWS\system32\imujphfa.ini
C:\WINDOWS\system32\ipfjtith.ini
C:\WINDOWS\system32\ipqkhalp.ini
C:\WINDOWS\system32\ivdvahko.ini
C:\WINDOWS\system32\ivgccdif.ini
C:\WINDOWS\system32\ixdawwlo.ini
C:\WINDOWS\system32\khndkwxn.ini
C:\WINDOWS\system32\ktqxjqhs.ini
C:\WINDOWS\system32\lllaossc.ini
C:\WINDOWS\system32\lnrbaqvg.ini
C:\WINDOWS\system32\ltwtflda.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\negdthwr.ini
C:\WINDOWS\system32\nlvhpcft.ini
C:\WINDOWS\system32\odyetklb.ini
C:\WINDOWS\system32\omttkrwv.ini
C:\WINDOWS\system32\ormkuiki.ini
C:\WINDOWS\system32\ovutnqvg.ini
C:\WINDOWS\system32\qbiajufx.ini
C:\WINDOWS\system32\qmacbqhy.ini
C:\WINDOWS\system32\qusmapae.ini
C:\WINDOWS\system32\ratadlbl.ini
C:\WINDOWS\system32\rkgejcrr.ini
C:\WINDOWS\system32\rwtfomho.ini
C:\WINDOWS\system32\sabnovdb.ini
C:\WINDOWS\system32\sgqnghmc.ini
C:\WINDOWS\system32\tjwtepiy.ini
C:\WINDOWS\system32\tpltgsdp.ini
C:\WINDOWS\system32\tsixpjpp.ini
C:\WINDOWS\system32\vaosyccc.ini
C:\WINDOWS\system32\wdwrfgeb.ini
C:\WINDOWS\system32\xrpnfvun.ini
C:\WINDOWS\system32\ynrnwuqd.ini
C:\WINDOWS\system32\yunnqvui.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
-------\Service_DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-16 18:07 . 2008-04-16 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-16 18:06 . 2008-04-16 18:49 <REP> d-------- C:\SDFix
2008-04-15 20:56 . 2008-04-15 20:56 <REP> d-------- C:\Program Files\AxBx
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Program Files\Lavasoft
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 15:01 . 2008-04-14 15:01 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-14 14:20 . 2008-04-14 14:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\Mistral\Application Data\Grisoft
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 10:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 21:09 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-13 21:09 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-13 21:09 . 2004-08-05 05:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-04-13 21:09 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-13 21:09 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-13 21:09 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-13 21:09 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-13 21:09 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-13 21:08 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-04-13 21:08 . 2004-08-05 05:00 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
2008-04-13 21:08 . 2004-08-05 05:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
2008-04-13 21:08 . 2004-08-05 05:00 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
2008-04-13 21:08 . 2001-08-23 17:05 35,402 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-04-13 21:08 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-13 21:06 . 2001-08-17 21:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-04-13 21:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-13 21:04 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-13 21:03 . 2004-08-05 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-13 21:02 . 2004-08-03 23:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-04-13 21:02 . 2001-08-23 17:46 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-04-13 21:02 . 2001-08-17 20:13 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-04-13 21:02 . 2001-08-17 20:50 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-04-13 21:02 . 2001-08-17 21:49 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-04-13 21:02 . 2004-08-05 05:00 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
2008-04-13 21:02 . 2004-08-05 05:00 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
2008-04-13 21:02 . 2001-08-17 20:13 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-04-13 21:02 . 2004-08-05 05:00 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
2008-04-13 21:02 . 2001-08-17 21:52 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
2008-04-13 21:01 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-13 21:01 . 2001-08-17 21:50 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
2008-04-13 21:01 . 2001-08-23 17:47 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
2008-04-13 21:01 . 2001-08-23 17:47 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-04-13 21:01 . 2001-08-23 17:47 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-04-13 21:01 . 2001-08-17 22:02 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-04-13 20:59 . 2004-08-05 05:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-13 20:58 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-13 20:57 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-13 20:57 . 2001-08-23 17:21 161,664 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-04-13 20:57 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-04-13 20:57 . 2001-08-17 20:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-04-13 20:57 . 2004-08-05 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
2008-04-13 20:57 . 2001-07-21 22:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-04-13 20:57 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
2008-04-13 20:56 . 2001-08-23 17:47 57,856 --a------ C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2008-04-13 20:56 . 2001-08-17 20:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-04-13 20:56 . 2001-08-23 17:47 26,112 --a------ C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2008-04-13 20:56 . 2001-08-23 17:20 18,432 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
2008-04-13 20:56 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-04-13 20:56 . 2001-08-17 21:53 10,880 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-04-13 20:56 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-13 20:56 . 2001-08-17 21:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-04-13 20:55 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-13 20:55 . 2001-08-17 20:50 75,392 --a------ C:\WINDOWS\system32\dllcache\s3savmxm.sys
2008-04-13 20:55 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-04-13 20:55 . 2001-08-23 17:20 24,064 --a------ C:\WINDOWS\system32\dllcache\sccmn50m.sys
2008-04-13 20:55 . 2001-08-17 21:51 23,936 --a------ C:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-04-13 20:55 . 2001-08-23 17:20 17,536 --a------ C:\WINDOWS\system32\dllcache\scr111.sys
2008-04-13 20:55 . 2001-08-23 17:20 16,768 --a------ C:\WINDOWS\system32\dllcache\scmstcs.sys
2008-04-13 20:53 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-13 20:52 . 2004-08-05 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-13 20:51 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-13 20:50 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-13 20:50 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\ovcodec2.dll
2008-04-13 20:50 . 2001-08-23 17:15 54,954 --a------ C:\WINDOWS\system32\dllcache\otcsercb.sys
2008-04-13 20:50 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\dllcache\ovcam2.sys
2008-04-13 20:50 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\dllcache\ovcoms.exe
2008-04-13 20:50 . 2001-08-17 22:05 31,872 --a------ C:\WINDOWS\system32\dllcache\ovce.sys
2008-04-13 20:50 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\dllcache\ovcd.sys
2008-04-13 20:50 . 2001-08-17 22:05 25,088 --a------ C:\WINDOWS\system32\dllcache\ovca.sys
2008-04-13 20:50 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\dllcache\ovcomc.dll
2008-04-13 20:49 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
2008-04-13 20:49 . 2001-08-23 17:46 123,776 --a------ C:\WINDOWS\system32\dllcache\nv3.dll
2008-04-13 20:49 . 2001-08-17 20:20 54,528 --a------ C:\WINDOWS\system32\dllcache\opl3sax.sys
2008-04-13 20:49 . 2001-08-23 17:15 44,297 --a------ C:\WINDOWS\system32\dllcache\otceth5.sys
2008-04-13 20:49 . 2001-08-17 20:12 27,209 --a------ C:\WINDOWS\system32\dllcache\otc06x5.sys
2008-04-13 20:48 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-04-13 20:48 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-04-13 20:48 . 2001-08-17 20:20 126,080 --a------ C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2008-04-13 20:48 . 2001-08-17 20:20 87,040 --a------ C:\WINDOWS\system32\dllcache\nm6wdm.sys
2008-04-13 20:48 . 2001-08-23 17:10 66,302 --a------ C:\WINDOWS\system32\dllcache\netflx3.sys
2008-04-13 20:48 . 2001-08-17 20:49 51,552 --a------ C:\WINDOWS\system32\dllcache\ntgrip.sys
2008-04-13 20:48 . 2001-08-23 17:47 38,912 --a------ C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 18:35 178,292 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 18:35 15,149,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-15 16:39 --------- d-----w C:\Program Files\Conquer 2.0
2008-04-15 16:37 --------- d-----w C:\Program Files\RealVNC
2008-04-15 16:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 18:43 --------- d-----w C:\Documents and Settings\Mistral\Application Data\OpenOffice.org2
2008-04-14 13:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-13 08:10 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-06 20:59 397,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-06 20:59 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-06 16:04 94,208 ----a-w C:\WINDOWS\DUMP69e5.tmp
2008-04-06 16:03 1,222,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-03 20:33 458,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-03 20:33 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-02 19:40 2,816,000 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-18 21:51 2,680,832 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-18 21:51 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-11 12:31 --------- d-----w C:\Program Files\CCleaner
2008-03-09 17:42 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-09 17:42 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-05 21:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-05 21:25 1,469,440 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-05 21:20 2,858,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-05 21:20 1,468,928 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-27 12:27 --------- d-----w C:\Program Files\DivX
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-20 11:36 47,868 ----a-w C:\Program Files\unrar.exe
2005-05-11 21:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
2007-05-16 11:16 2,840,244 --sh--w C:\WINDOWS\bbdddd.ini2
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 307,200 2005-10-24 13:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
----a-w 344,064 2005-07-28 19:15:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
----a-w 50,760 2006-05-25 14:35:42 C:\Program Files\Fichiers communs\AOL\1167670222\ee\bak\AOLSoftware.exe
----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Fichiers communs\AOL\IPHSend\bak\IPHSend.exe
----a-w 50,760 2006-05-25 14:35:40 C:\Program Files\Fichiers communs\AOL\Launch\bak\AOLLaunch.exe
----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe
----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 180,269 2006-05-24 15:18:49 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
----a-w 48,752 2005-07-12 10:35:38 C:\Program Files\Fichiers communs\Symantec Shared\bak\ccApp.exe
----a-w 49,152 2005-05-11 21:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 1,988,144 2005-08-02 16:52:40 C:\Program Files\IBM ThinkVantage\Client Security Solution\bak\cssauth.exe
----a-r 49,152 2005-07-07 13:22:54 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\bak\pdservice.exe
----a-w 278,528 2006-06-14 14:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 36,975 2005-11-10 11:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 94,208 2005-08-29 12:15:02 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
----a-w 282,624 2006-09-07 09:20:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 85,600 2005-08-25 15:59:18 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe
----a-w 512,000 2005-08-01 08:48:28 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 110,592 2005-08-01 08:48:56 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 409,600 2005-12-15 15:14:34 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe
----a-w 98,304 2005-12-15 15:14:14 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe
----a-w 237,568 2005-08-31 00:20:00 C:\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe
----a-w 864,256 2005-08-23 16:23:20 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe
----a-w 106,496 2005-11-23 23:02:00 C:\Program Files\ThinkVantage\PrdCtr\bak\LPMGR.exe
----a-w 40,960 2005-08-01 15:32:38 C:\Program Files\ThinkVantage\SystemUpdate\bak\UCLauncher.exe
----a-w 126,050 2005-07-12 07:00:30 C:\Program Files\ThinkVantage Fingerprint Software\bak\ctlcntr.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 127,037 2005-05-19 03:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-13 14:59 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2005-08-22 19:29 86016 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-08-24 01:10 40960 C:\WINDOWS\system32\TP4EX.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 01:10 139264]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 01:10 208896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 14:59 1177368]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 16:11 196696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll 2005-07-12 09:06 110688 C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-06-16 22:23 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-13 15:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 11:59]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-13 14:59]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2005-11-08 09:27]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 11:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-08-31 01:10]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-13 14:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-13 14:59]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 18:15]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 08:26]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 17:47]
R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 08:57]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-07-12 09:07]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-14 12:03]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 18:54:51 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2006-05-10 21:41:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 20:53:14
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 182
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 21:01:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 19:01:02
Pre-Run: 19,449,352,192 octets libres
Post-Run: 19,370,225,664 octets libres
Utilisateur anonyme
16 avril 2008 à 21:27
16 avril 2008 à 21:27
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\bbdddd.ini2
C:\WINDOWS\system32\tphklock.dll
Folder::
C:\SDFix
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
S'il n'y a pas de rédémarrage, poste quand même le rapport.
************************************
Va sur ce site --> https://www.virustotal.com/gui/
Copie/colle cette ligne en gras dans le champs de saisie :
C:\WINDOWS\system32\notifyf2.dll
Clique sur ' Envoyer le fichier '
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
-> Poste le moi stp.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
*************
A+
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\bbdddd.ini2
C:\WINDOWS\system32\tphklock.dll
Folder::
C:\SDFix
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
S'il n'y a pas de rédémarrage, poste quand même le rapport.
************************************
Va sur ce site --> https://www.virustotal.com/gui/
Copie/colle cette ligne en gras dans le champs de saisie :
C:\WINDOWS\system32\notifyf2.dll
Clique sur ' Envoyer le fichier '
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
-> Poste le moi stp.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
*************
A+
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 22:34
16 avril 2008 à 22:34
Donc:
Le premier rapport:
ComboFix 08-04-15.8 - Mistral 2008-04-16 21:49:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.404 [GMT 2:00]
Endroit: C:\Documents and Settings\Mistral\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mistral\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\bbdddd.ini2
C:\WINDOWS\system32\tphklock.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\bbdddd.ini2
C:\WINDOWS\system32\tphklock.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-16 21:34 . 2008-04-16 21:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 21:34 . 2008-04-16 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 18:07 . 2008-04-16 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-15 20:56 . 2008-04-15 20:56 <REP> d-------- C:\Program Files\AxBx
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Program Files\Lavasoft
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 15:01 . 2008-04-14 15:01 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-14 14:20 . 2008-04-14 14:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\Mistral\Application Data\Grisoft
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 10:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 21:09 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-13 21:09 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-13 21:09 . 2004-08-05 05:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-04-13 21:09 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-13 21:09 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-13 21:09 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-13 21:09 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-13 21:09 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-13 21:08 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-04-13 21:08 . 2004-08-05 05:00 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
2008-04-13 21:08 . 2004-08-05 05:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
2008-04-13 21:08 . 2004-08-05 05:00 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
2008-04-13 21:08 . 2001-08-23 17:05 35,402 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-04-13 21:08 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-13 21:06 . 2001-08-17 21:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-04-13 21:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-13 21:04 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-13 21:03 . 2004-08-05 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-13 21:02 . 2004-08-03 23:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-04-13 21:02 . 2001-08-23 17:46 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-04-13 21:02 . 2001-08-17 20:13 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-04-13 21:02 . 2001-08-17 20:50 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-04-13 21:02 . 2001-08-17 21:49 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-04-13 21:02 . 2004-08-05 05:00 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
2008-04-13 21:02 . 2004-08-05 05:00 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
2008-04-13 21:02 . 2001-08-17 20:13 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-04-13 21:02 . 2004-08-05 05:00 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
2008-04-13 21:02 . 2001-08-17 21:52 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
2008-04-13 21:01 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-13 21:01 . 2001-08-17 21:50 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
2008-04-13 21:01 . 2001-08-23 17:47 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
2008-04-13 21:01 . 2001-08-23 17:47 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-04-13 21:01 . 2001-08-23 17:47 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-04-13 21:01 . 2001-08-17 22:02 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-04-13 20:59 . 2004-08-05 05:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-13 20:58 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-13 20:57 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-13 20:57 . 2001-08-23 17:21 161,664 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-04-13 20:57 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-04-13 20:57 . 2001-08-17 20:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-04-13 20:57 . 2004-08-05 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
2008-04-13 20:57 . 2001-07-21 22:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-04-13 20:57 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
2008-04-13 20:56 . 2001-08-23 17:47 57,856 --a------ C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2008-04-13 20:56 . 2001-08-17 20:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-04-13 20:56 . 2001-08-23 17:47 26,112 --a------ C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2008-04-13 20:56 . 2001-08-23 17:20 18,432 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
2008-04-13 20:56 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-04-13 20:56 . 2001-08-17 21:53 10,880 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-04-13 20:56 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-13 20:56 . 2001-08-17 21:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-04-13 20:55 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-13 20:55 . 2001-08-17 20:50 75,392 --a------ C:\WINDOWS\system32\dllcache\s3savmxm.sys
2008-04-13 20:55 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-04-13 20:55 . 2001-08-23 17:20 24,064 --a------ C:\WINDOWS\system32\dllcache\sccmn50m.sys
2008-04-13 20:55 . 2001-08-17 21:51 23,936 --a------ C:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-04-13 20:55 . 2001-08-23 17:20 17,536 --a------ C:\WINDOWS\system32\dllcache\scr111.sys
2008-04-13 20:55 . 2001-08-23 17:20 16,768 --a------ C:\WINDOWS\system32\dllcache\scmstcs.sys
2008-04-13 20:53 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-13 20:52 . 2004-08-05 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-13 20:51 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-13 20:50 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-13 20:50 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\ovcodec2.dll
2008-04-13 20:50 . 2001-08-23 17:15 54,954 --a------ C:\WINDOWS\system32\dllcache\otcsercb.sys
2008-04-13 20:50 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\dllcache\ovcam2.sys
2008-04-13 20:50 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\dllcache\ovcoms.exe
2008-04-13 20:50 . 2001-08-17 22:05 31,872 --a------ C:\WINDOWS\system32\dllcache\ovce.sys
2008-04-13 20:50 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\dllcache\ovcd.sys
2008-04-13 20:50 . 2001-08-17 22:05 25,088 --a------ C:\WINDOWS\system32\dllcache\ovca.sys
2008-04-13 20:50 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\dllcache\ovcomc.dll
2008-04-13 20:49 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
2008-04-13 20:49 . 2001-08-23 17:46 123,776 --a------ C:\WINDOWS\system32\dllcache\nv3.dll
2008-04-13 20:49 . 2001-08-17 20:20 54,528 --a------ C:\WINDOWS\system32\dllcache\opl3sax.sys
2008-04-13 20:49 . 2001-08-23 17:15 44,297 --a------ C:\WINDOWS\system32\dllcache\otceth5.sys
2008-04-13 20:49 . 2001-08-17 20:12 27,209 --a------ C:\WINDOWS\system32\dllcache\otc06x5.sys
2008-04-13 20:48 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-04-13 20:48 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-04-13 20:48 . 2001-08-17 20:20 126,080 --a------ C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2008-04-13 20:48 . 2001-08-17 20:20 87,040 --a------ C:\WINDOWS\system32\dllcache\nm6wdm.sys
2008-04-13 20:48 . 2001-08-23 17:10 66,302 --a------ C:\WINDOWS\system32\dllcache\netflx3.sys
2008-04-13 20:48 . 2001-08-17 20:49 51,552 --a------ C:\WINDOWS\system32\dllcache\ntgrip.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 19:56 179,828 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 19:56 15,274,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-15 16:39 --------- d-----w C:\Program Files\Conquer 2.0
2008-04-15 16:37 --------- d-----w C:\Program Files\RealVNC
2008-04-15 16:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 18:43 --------- d-----w C:\Documents and Settings\Mistral\Application Data\OpenOffice.org2
2008-04-14 13:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-13 08:10 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-06 20:59 397,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-06 20:59 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-06 16:04 94,208 ----a-w C:\WINDOWS\DUMP69e5.tmp
2008-04-06 16:03 1,222,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-03 20:33 458,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-03 20:33 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-02 19:40 2,816,000 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-18 21:51 2,680,832 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-18 21:51 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-11 12:31 --------- d-----w C:\Program Files\CCleaner
2008-03-09 17:42 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-09 17:42 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-05 21:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-05 21:25 1,469,440 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-05 21:20 2,858,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-05 21:20 1,468,928 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-27 12:27 --------- d-----w C:\Program Files\DivX
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-20 11:36 47,868 ----a-w C:\Program Files\unrar.exe
2005-05-11 21:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-16_20.58.53.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 18:36:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 19:58:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 19:58:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 307,200 2005-10-24 13:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
----a-w 344,064 2005-07-28 19:15:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
----a-w 50,760 2006-05-25 14:35:42 C:\Program Files\Fichiers communs\AOL\1167670222\ee\bak\AOLSoftware.exe
----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Fichiers communs\AOL\IPHSend\bak\IPHSend.exe
----a-w 50,760 2006-05-25 14:35:40 C:\Program Files\Fichiers communs\AOL\Launch\bak\AOLLaunch.exe
----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe
----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 180,269 2006-05-24 15:18:49 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
----a-w 48,752 2005-07-12 10:35:38 C:\Program Files\Fichiers communs\Symantec Shared\bak\ccApp.exe
----a-w 49,152 2005-05-11 21:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 1,988,144 2005-08-02 16:52:40 C:\Program Files\IBM ThinkVantage\Client Security Solution\bak\cssauth.exe
----a-r 49,152 2005-07-07 13:22:54 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\bak\pdservice.exe
----a-w 278,528 2006-06-14 14:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 36,975 2005-11-10 11:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 94,208 2005-08-29 12:15:02 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
----a-w 282,624 2006-09-07 09:20:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 85,600 2005-08-25 15:59:18 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe
----a-w 512,000 2005-08-01 08:48:28 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 110,592 2005-08-01 08:48:56 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 409,600 2005-12-15 15:14:34 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe
----a-w 98,304 2005-12-15 15:14:14 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe
----a-w 237,568 2005-08-31 00:20:00 C:\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe
----a-w 864,256 2005-08-23 16:23:20 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe
----a-w 106,496 2005-11-23 23:02:00 C:\Program Files\ThinkVantage\PrdCtr\bak\LPMGR.exe
----a-w 40,960 2005-08-01 15:32:38 C:\Program Files\ThinkVantage\SystemUpdate\bak\UCLauncher.exe
----a-w 126,050 2005-07-12 07:00:30 C:\Program Files\ThinkVantage Fingerprint Software\bak\ctlcntr.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 127,037 2005-05-19 03:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-13 14:59 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2005-08-22 19:29 86016 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-08-24 01:10 40960 C:\WINDOWS\system32\TP4EX.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 01:10 139264]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 01:10 208896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 14:59 1177368]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 16:11 196696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll 2005-07-12 09:06 110688 C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-13 15:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 11:59]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-13 14:59]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2005-11-08 09:27]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 11:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-08-31 01:10]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-13 14:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-13 14:59]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 18:15]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 08:26]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 17:47]
R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 08:57]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-07-12 09:07]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-14 12:03]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 20:11:26 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2006-05-10 21:41:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 22:10:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 182
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 22:18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 20:18:02
ComboFix2.txt 2008-04-16 19:01:24
Pre-Run: 20,499,546,112 octets libres
Post-Run: 20,513,595,392 octets libres
Et le deuxième:
Fichier notifyf2.dll_ reçu le 2008.04.16 22:22:53 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.17.0 2008.04.16 -
AntiVir 7.6.0.85 2008.04.16 -
Authentium 4.93.8 2008.04.16 -
Avast 4.8.1169.0 2008.04.16 -
AVG 7.5.0.516 2008.04.16 -
BitDefender 7.2 2008.04.16 -
CAT-QuickHeal 9.50 2008.04.16 -
ClamAV 0.92.1 2008.04.16 -
DrWeb 4.44.0.09170 2008.04.16 -
eSafe 7.0.15.0 2008.04.16 -
eTrust-Vet 31.3.5703 2008.04.16 -
Ewido 4.0 2008.04.16 -
F-Prot 4.4.2.54 2008.04.16 -
F-Secure 6.70.13260.0 2008.04.16 -
FileAdvisor 1 2008.04.16 -
Fortinet 3.14.0.0 2008.04.16 -
Ikarus T3.1.1.26 2008.04.16 -
Kaspersky 7.0.0.125 2008.04.16 -
McAfee 5275 2008.04.16 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3031 2008.04.16 -
Norman 5.80.02 2008.04.16 -
Panda 9.0.0.4 2008.04.16 -
Prevx1 V2 2008.04.16 -
Rising 20.40.22.00 2008.04.16 -
Sophos 4.28.0 2008.04.16 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.16 -
TheHacker 6.2.92.280 2008.04.16 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.16 -
Webwasher-Gateway 6.6.2 2008.04.16 -
Information additionnelle
File size: 28672 bytes
MD5...: 3c21a62642bea691b588f69e8d11b374
SHA1..: b1d5a7de24dc9a99222b779ebe009bc72ac7061d
SHA256: 0bb739e9a64ccd7de0a10c6f5c9e68d6e780038382fdea4e1bb330bf2b8377d3
SHA512: 34b91c1a8955633fabe9eba2105268f8bd3468c9b1c7132e7c38c06c056ae0d9<br>4ef8aa713221ef77151c203abb8748cd0cc54ca4f94c155160e9489cb7b69086
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001239<br>timedatestamp.....: 0x42cb4cbb (Wed Jul 06 03:15:07 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2c06 0x3000 6.24 8a4d9af50258f0f2bd9dbdfcb617a18d<br>.rdata 0x4000 0x92d 0x1000 3.62 ccf6ac4ae170676db9631eabf3abe931<br>.data 0x5000 0x920 0x1000 0.79 aedff4daee985da031662563e4fda493<br>.reloc 0x6000 0x4a0 0x1000 2.24 d6f9102cdf5f099305cf69b0a25e0139<br><br>( 2 imports ) <br>> KERNEL32.dll: CloseHandle, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind<br>> ADVAPI32.dll: RegOpenKeyExA, CreateProcessAsUserA, RegCloseKey, RegQueryValueExA<br><br>( 3 exports ) <br>__0CNotifyfnf2@@QAE@XZ, __4CNotifyfnf2@@QAEAAV0@ABV0@@Z, Unlock_Notify_fnf2<br>
A+
Le premier rapport:
ComboFix 08-04-15.8 - Mistral 2008-04-16 21:49:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.404 [GMT 2:00]
Endroit: C:\Documents and Settings\Mistral\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mistral\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\bbdddd.ini2
C:\WINDOWS\system32\tphklock.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\bbdddd.ini2
C:\WINDOWS\system32\tphklock.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.
2008-04-16 21:34 . 2008-04-16 21:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 21:34 . 2008-04-16 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 18:07 . 2008-04-16 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-15 20:56 . 2008-04-15 20:56 <REP> d-------- C:\Program Files\AxBx
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Program Files\Lavasoft
2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 15:01 . 2008-04-14 15:01 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-14 14:20 . 2008-04-14 14:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\Mistral\Application Data\Grisoft
2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 10:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 21:09 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-13 21:09 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-13 21:09 . 2004-08-05 05:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-04-13 21:09 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-13 21:09 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-13 21:09 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-13 21:09 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-13 21:09 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-13 21:09 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-13 21:08 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-04-13 21:08 . 2004-08-05 05:00 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
2008-04-13 21:08 . 2004-08-05 05:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
2008-04-13 21:08 . 2004-08-05 05:00 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
2008-04-13 21:08 . 2001-08-23 17:05 35,402 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-04-13 21:08 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-13 21:06 . 2001-08-17 21:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-04-13 21:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-13 21:04 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-13 21:03 . 2004-08-05 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-13 21:02 . 2004-08-03 23:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-04-13 21:02 . 2001-08-23 17:46 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-04-13 21:02 . 2001-08-17 20:13 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-04-13 21:02 . 2001-08-17 20:50 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-04-13 21:02 . 2001-08-17 21:49 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-04-13 21:02 . 2004-08-05 05:00 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
2008-04-13 21:02 . 2004-08-05 05:00 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
2008-04-13 21:02 . 2001-08-17 20:13 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-04-13 21:02 . 2004-08-05 05:00 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
2008-04-13 21:02 . 2001-08-17 21:52 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
2008-04-13 21:01 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-13 21:01 . 2001-08-17 21:50 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
2008-04-13 21:01 . 2001-08-23 17:47 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
2008-04-13 21:01 . 2001-08-23 17:47 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-04-13 21:01 . 2001-08-23 17:47 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-04-13 21:01 . 2001-08-17 22:02 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-04-13 20:59 . 2004-08-05 05:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-13 20:58 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-13 20:57 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-13 20:57 . 2001-08-23 17:21 161,664 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-04-13 20:57 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-04-13 20:57 . 2001-08-17 20:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-04-13 20:57 . 2004-08-05 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
2008-04-13 20:57 . 2001-07-21 22:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-04-13 20:57 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
2008-04-13 20:56 . 2001-08-23 17:47 57,856 --a------ C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2008-04-13 20:56 . 2001-08-17 20:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-04-13 20:56 . 2001-08-23 17:47 26,112 --a------ C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2008-04-13 20:56 . 2001-08-23 17:20 18,432 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
2008-04-13 20:56 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-04-13 20:56 . 2001-08-17 21:53 10,880 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-04-13 20:56 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-13 20:56 . 2001-08-17 21:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-04-13 20:55 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-13 20:55 . 2001-08-17 20:50 75,392 --a------ C:\WINDOWS\system32\dllcache\s3savmxm.sys
2008-04-13 20:55 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-04-13 20:55 . 2001-08-23 17:20 24,064 --a------ C:\WINDOWS\system32\dllcache\sccmn50m.sys
2008-04-13 20:55 . 2001-08-17 21:51 23,936 --a------ C:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-04-13 20:55 . 2001-08-23 17:20 17,536 --a------ C:\WINDOWS\system32\dllcache\scr111.sys
2008-04-13 20:55 . 2001-08-23 17:20 16,768 --a------ C:\WINDOWS\system32\dllcache\scmstcs.sys
2008-04-13 20:53 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-13 20:52 . 2004-08-05 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-13 20:51 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-13 20:50 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-13 20:50 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\ovcodec2.dll
2008-04-13 20:50 . 2001-08-23 17:15 54,954 --a------ C:\WINDOWS\system32\dllcache\otcsercb.sys
2008-04-13 20:50 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\dllcache\ovcam2.sys
2008-04-13 20:50 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\dllcache\ovcoms.exe
2008-04-13 20:50 . 2001-08-17 22:05 31,872 --a------ C:\WINDOWS\system32\dllcache\ovce.sys
2008-04-13 20:50 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\dllcache\ovcd.sys
2008-04-13 20:50 . 2001-08-17 22:05 25,088 --a------ C:\WINDOWS\system32\dllcache\ovca.sys
2008-04-13 20:50 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\dllcache\ovcomc.dll
2008-04-13 20:49 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
2008-04-13 20:49 . 2001-08-23 17:46 123,776 --a------ C:\WINDOWS\system32\dllcache\nv3.dll
2008-04-13 20:49 . 2001-08-17 20:20 54,528 --a------ C:\WINDOWS\system32\dllcache\opl3sax.sys
2008-04-13 20:49 . 2001-08-23 17:15 44,297 --a------ C:\WINDOWS\system32\dllcache\otceth5.sys
2008-04-13 20:49 . 2001-08-17 20:12 27,209 --a------ C:\WINDOWS\system32\dllcache\otc06x5.sys
2008-04-13 20:48 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-04-13 20:48 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-04-13 20:48 . 2001-08-17 20:20 126,080 --a------ C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2008-04-13 20:48 . 2001-08-17 20:20 87,040 --a------ C:\WINDOWS\system32\dllcache\nm6wdm.sys
2008-04-13 20:48 . 2001-08-23 17:10 66,302 --a------ C:\WINDOWS\system32\dllcache\netflx3.sys
2008-04-13 20:48 . 2001-08-17 20:49 51,552 --a------ C:\WINDOWS\system32\dllcache\ntgrip.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 19:56 179,828 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 19:56 15,274,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-15 16:39 --------- d-----w C:\Program Files\Conquer 2.0
2008-04-15 16:37 --------- d-----w C:\Program Files\RealVNC
2008-04-15 16:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 18:43 --------- d-----w C:\Documents and Settings\Mistral\Application Data\OpenOffice.org2
2008-04-14 13:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-13 08:10 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-06 20:59 397,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-06 20:59 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-06 16:04 94,208 ----a-w C:\WINDOWS\DUMP69e5.tmp
2008-04-06 16:03 1,222,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-03 20:33 458,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-03 20:33 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-02 19:40 2,816,000 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-18 21:51 2,680,832 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-18 21:51 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-11 12:31 --------- d-----w C:\Program Files\CCleaner
2008-03-09 17:42 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-09 17:42 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-05 21:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-05 21:25 1,469,440 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-05 21:20 2,858,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-05 21:20 1,468,928 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-27 12:27 --------- d-----w C:\Program Files\DivX
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-20 11:36 47,868 ----a-w C:\Program Files\unrar.exe
2005-05-11 21:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-16_20.58.53.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 18:36:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 19:58:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 19:58:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 307,200 2005-10-24 13:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
----a-w 344,064 2005-07-28 19:15:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
----a-w 50,760 2006-05-25 14:35:42 C:\Program Files\Fichiers communs\AOL\1167670222\ee\bak\AOLSoftware.exe
----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Fichiers communs\AOL\IPHSend\bak\IPHSend.exe
----a-w 50,760 2006-05-25 14:35:40 C:\Program Files\Fichiers communs\AOL\Launch\bak\AOLLaunch.exe
----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe
----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 180,269 2006-05-24 15:18:49 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
----a-w 48,752 2005-07-12 10:35:38 C:\Program Files\Fichiers communs\Symantec Shared\bak\ccApp.exe
----a-w 49,152 2005-05-11 21:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 1,988,144 2005-08-02 16:52:40 C:\Program Files\IBM ThinkVantage\Client Security Solution\bak\cssauth.exe
----a-r 49,152 2005-07-07 13:22:54 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\bak\pdservice.exe
----a-w 278,528 2006-06-14 14:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 36,975 2005-11-10 11:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 94,208 2005-08-29 12:15:02 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
----a-w 282,624 2006-09-07 09:20:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 85,600 2005-08-25 15:59:18 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe
----a-w 512,000 2005-08-01 08:48:28 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 110,592 2005-08-01 08:48:56 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 409,600 2005-12-15 15:14:34 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe
----a-w 98,304 2005-12-15 15:14:14 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe
----a-w 237,568 2005-08-31 00:20:00 C:\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe
----a-w 864,256 2005-08-23 16:23:20 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe
----a-w 106,496 2005-11-23 23:02:00 C:\Program Files\ThinkVantage\PrdCtr\bak\LPMGR.exe
----a-w 40,960 2005-08-01 15:32:38 C:\Program Files\ThinkVantage\SystemUpdate\bak\UCLauncher.exe
----a-w 126,050 2005-07-12 07:00:30 C:\Program Files\ThinkVantage Fingerprint Software\bak\ctlcntr.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 127,037 2005-05-19 03:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-13 14:59 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-13 14:59 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2005-08-22 19:29 86016 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-08-24 01:10 40960 C:\WINDOWS\system32\TP4EX.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 01:10 139264]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 01:10 208896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 14:59 1177368]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 16:11 196696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll 2005-07-12 09:06 110688 C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-13 15:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 11:59]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-13 14:59]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2005-11-08 09:27]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 11:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-08-31 01:10]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-13 14:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-13 14:59]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 18:15]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 08:26]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 17:47]
R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 08:57]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-07-12 09:07]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-14 12:03]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-14 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 16:00:01 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-14 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\JliqKp50.exe
"2008-04-15 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6eYpAf55.exe
"2008-04-16 20:11:26 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2006-05-10 21:41:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 22:10:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 182
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 22:18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 20:18:02
ComboFix2.txt 2008-04-16 19:01:24
Pre-Run: 20,499,546,112 octets libres
Post-Run: 20,513,595,392 octets libres
Et le deuxième:
Fichier notifyf2.dll_ reçu le 2008.04.16 22:22:53 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.17.0 2008.04.16 -
AntiVir 7.6.0.85 2008.04.16 -
Authentium 4.93.8 2008.04.16 -
Avast 4.8.1169.0 2008.04.16 -
AVG 7.5.0.516 2008.04.16 -
BitDefender 7.2 2008.04.16 -
CAT-QuickHeal 9.50 2008.04.16 -
ClamAV 0.92.1 2008.04.16 -
DrWeb 4.44.0.09170 2008.04.16 -
eSafe 7.0.15.0 2008.04.16 -
eTrust-Vet 31.3.5703 2008.04.16 -
Ewido 4.0 2008.04.16 -
F-Prot 4.4.2.54 2008.04.16 -
F-Secure 6.70.13260.0 2008.04.16 -
FileAdvisor 1 2008.04.16 -
Fortinet 3.14.0.0 2008.04.16 -
Ikarus T3.1.1.26 2008.04.16 -
Kaspersky 7.0.0.125 2008.04.16 -
McAfee 5275 2008.04.16 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3031 2008.04.16 -
Norman 5.80.02 2008.04.16 -
Panda 9.0.0.4 2008.04.16 -
Prevx1 V2 2008.04.16 -
Rising 20.40.22.00 2008.04.16 -
Sophos 4.28.0 2008.04.16 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.16 -
TheHacker 6.2.92.280 2008.04.16 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.16 -
Webwasher-Gateway 6.6.2 2008.04.16 -
Information additionnelle
File size: 28672 bytes
MD5...: 3c21a62642bea691b588f69e8d11b374
SHA1..: b1d5a7de24dc9a99222b779ebe009bc72ac7061d
SHA256: 0bb739e9a64ccd7de0a10c6f5c9e68d6e780038382fdea4e1bb330bf2b8377d3
SHA512: 34b91c1a8955633fabe9eba2105268f8bd3468c9b1c7132e7c38c06c056ae0d9<br>4ef8aa713221ef77151c203abb8748cd0cc54ca4f94c155160e9489cb7b69086
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001239<br>timedatestamp.....: 0x42cb4cbb (Wed Jul 06 03:15:07 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2c06 0x3000 6.24 8a4d9af50258f0f2bd9dbdfcb617a18d<br>.rdata 0x4000 0x92d 0x1000 3.62 ccf6ac4ae170676db9631eabf3abe931<br>.data 0x5000 0x920 0x1000 0.79 aedff4daee985da031662563e4fda493<br>.reloc 0x6000 0x4a0 0x1000 2.24 d6f9102cdf5f099305cf69b0a25e0139<br><br>( 2 imports ) <br>> KERNEL32.dll: CloseHandle, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind<br>> ADVAPI32.dll: RegOpenKeyExA, CreateProcessAsUserA, RegCloseKey, RegQueryValueExA<br><br>( 3 exports ) <br>__0CNotifyfnf2@@QAE@XZ, __4CNotifyfnf2@@QAEAAV0@ABV0@@Z, Unlock_Notify_fnf2<br>
A+
Utilisateur anonyme
16 avril 2008 à 22:39
16 avril 2008 à 22:39
Le deuxième rapport me semble incomplet...
Tu as bien tout selectionné ?
++
Tu as bien tout selectionné ?
++
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 22:44
16 avril 2008 à 22:44
Oui, j'avais pas tout pris désolée. J'ai modifié le message
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 22:53
16 avril 2008 à 22:53
Voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:19, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:19, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Utilisateur anonyme
16 avril 2008 à 22:59
16 avril 2008 à 22:59
Re ,
Fait un choix entre Symantec Antivirus et AVG 8
Désinstalle lui que tu ne veux plus.
Un seul Anti-virus sur le pc.
*****************************************
Supprime Boonty games.
Politique de Boonty games :
"Il se peut que nous partagions aussi des informations payantes avec des tiers
qui fournissent des services payants et partage des données regroupées montrant le type
et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de comptes mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."
En gros ils divulguent des informations personnelles à d'autres sociétées , qui bien évidemment se feront une joie de spammer ta boite mail , et autres réjouissances ...
1) Arrête le service :
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - Boonty games
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
2) Supprime le dossier :
Va dans "C:\program files\fichiers communs\" trouve & supprime le dossier " boonty shared "
*******************
# Télécharger FixWareout sur le bureau
: http://downloads.subratam.org/Fixwareout.exe
# Lancer le fix : cliquer sur Next, puis Install, s’assurer que l’option Run fixit est activée puis cliquer sur Finish.
# Il sera demandé ensuite de redémarrer l’ordinateur : redémarrer le.
# Si le système met un peu plus de temps au démarrage, c'est normal.
# Le contenu du rapport qui s'affichera à l'écran sera enregistré dans un fichier nommé report.txt., poste la.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
+++
Fait un choix entre Symantec Antivirus et AVG 8
Désinstalle lui que tu ne veux plus.
Un seul Anti-virus sur le pc.
*****************************************
Supprime Boonty games.
Politique de Boonty games :
"Il se peut que nous partagions aussi des informations payantes avec des tiers
qui fournissent des services payants et partage des données regroupées montrant le type
et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.
De plus, nous partageons les adresses email avec des tiers fournisseurs de comptes mails
qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."
En gros ils divulguent des informations personnelles à d'autres sociétées , qui bien évidemment se feront une joie de spammer ta boite mail , et autres réjouissances ...
1) Arrête le service :
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - Boonty games
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
2) Supprime le dossier :
Va dans "C:\program files\fichiers communs\" trouve & supprime le dossier " boonty shared "
*******************
# Télécharger FixWareout sur le bureau
: http://downloads.subratam.org/Fixwareout.exe
# Lancer le fix : cliquer sur Next, puis Install, s’assurer que l’option Run fixit est activée puis cliquer sur Finish.
# Il sera demandé ensuite de redémarrer l’ordinateur : redémarrer le.
# Si le système met un peu plus de temps au démarrage, c'est normal.
# Le contenu du rapport qui s'affichera à l'écran sera enregistré dans un fichier nommé report.txt., poste la.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
+++
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 23:23
16 avril 2008 à 23:23
Username "Mistral" - 16/04/2008 23:04:53 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"TpShocks"="TpShocks.exe"
"TP4EX"="tp4ex.exe"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
~~~~~ Prerun check
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"TpShocks"="TpShocks.exe"
"TP4EX"="tp4ex.exe"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 23:27
16 avril 2008 à 23:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:55, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Scan saved at 23:26:55, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
Utilisateur anonyme
16 avril 2008 à 23:34
16 avril 2008 à 23:34
Re ,
Alors ?
Ps : Si tu vires AVG 8 , il faudra virer aussi ZoneAlarm.
En attendant ta réponse fait ceci :
*******************************
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '
Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/
Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :
https://www.adobe.com/support/security/bulletins/apsb07-01.html
***************************
Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
************************
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - VNC Server
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
Recommence avec : IBM PSA Access Driver Control (PsaSrv)
**********************
J'attends ;)
Fait un choix entre Symantec Antivirus et AVG 8 Désinstalle lui que tu ne veux plus. Un seul Anti-virus sur le pc.
Alors ?
Ps : Si tu vires AVG 8 , il faudra virer aussi ZoneAlarm.
En attendant ta réponse fait ceci :
*******************************
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '
Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/
Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :
https://www.adobe.com/support/security/bulletins/apsb07-01.html
***************************
Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
************************
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - VNC Server
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
Recommence avec : IBM PSA Access Driver Control (PsaSrv)
**********************
J'attends ;)
lilangel
Messages postés
21
Date d'inscription
mardi 15 avril 2008
Statut
Membre
Dernière intervention
25 mai 2008
16 avril 2008 à 23:37
16 avril 2008 à 23:37
Re
Le truc c'est que AVG 8.0 n'est qu'une démo donc toute façon je vais devoir la supprimer. Mais pourquoi il faudrait aussi enlever zone alarm?
Le truc c'est que AVG 8.0 n'est qu'une démo donc toute façon je vais devoir la supprimer. Mais pourquoi il faudrait aussi enlever zone alarm?
Utilisateur anonyme
16 avril 2008 à 23:40
16 avril 2008 à 23:40
Re ,
Ok supprime AVG 8
Ben tout simplement parce que dans la suite Symantec Anti-virus , se cache un pare-feu. ( Symantec Client Firewall )
Et 2 pare-feu , ça le fait pas.
Donc au final , tu désinstalles AVG 8 et ZoneAlarm.
Et tu fais les manip que j'ai dit au dessus ;)
++
Ok supprime AVG 8
Ben tout simplement parce que dans la suite Symantec Anti-virus , se cache un pare-feu. ( Symantec Client Firewall )
Et 2 pare-feu , ça le fait pas.
Donc au final , tu désinstalles AVG 8 et ZoneAlarm.
Et tu fais les manip que j'ai dit au dessus ;)
++