Sujet Précédent Sujet Suivant

Gros problèmes d'infections

GROLANDAIS Messages postés 288 Statut Membre -  
GROLANDAIS Messages postés 288 Statut Membre -
Bonjour,

Je mets ce rapport Hijackthis en espérant qu'on me trouve des trucs car j'en ai pas mal ( tout le temps des fenêtres qui s'ouvrent de casino surtout ) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:13, on 16.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\All Users\Application Data\zujonyrw\petyjsnu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\sbmvqjsr.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {72918F97-82A7-4129-9DA8-B7E327757E83} - C:\WINDOWS\system32\wvUljGXP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\mlJCUNDU.dll
O3 - Toolbar: sgoblxtm - {1F8A048D-9A0B-4565-A3D0-2A2E6B44592A} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [5c12b006] rundll32.exe "C:\WINDOWS\system32\nsswygoq.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [qmsrhuth] C:\WINDOWS\system32\nytkvchk.exe
O4 - HKCU\..\Run: [sknxqway] C:\WINDOWS\system32\sbmvqjsr.exe
O4 - HKLM\..\Policies\Explorer\Run: [euku11w5yZ] C:\Documents and Settings\All Users\Application Data\zujonyrw\petyjsnu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: mlJCUNDU - C:\WINDOWS\SYSTEM32\mlJCUNDU.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

95 réponses

Précédent
Réponse 21 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
Puis... Bonne chance ;) !

2008-04-16 17:29 . 2008-04-16 17:30 <REP> d-------- C:\Program Files\Trend Micro
2008-04-16 17:11 . 2008-04-16 17:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 17:04 . 2008-04-16 17:04 106,496 --a------ C:\WINDOWS\system32\sbmvqjsr.exe
2008-04-15 22:56 . 2008-04-15 22:56 <REP> d-------- C:\Program Files\Bethesda Softworks
2008-04-14 21:23 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-14 21:23 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-14 21:23 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-14 21:23 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-13 22:24 . 2008-04-13 22:25 65 --a------ C:\WINDOWS\asym.ini
2008-04-13 22:22 . 2008-04-13 22:27 44 --a------ C:\WINDOWS\CDE.INI
2008-04-13 21:41 . 2008-04-13 21:41 0 --a------ C:\DAGGERPU.MMH
0
Réponse 22 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
Il suffit mettre un peu plus pour que ça couine !!

2008-04-13 21:31 . 2005-09-09 14:20 43,082,466 --a------ C:\[PC-Game] The Elder Scrolls II Daggerfall (Installer Win2000+XP).zip
2008-04-13 01:00 . 2008-04-13 01:00 529,871 --a------ C:\tribunal_v1.4.1313.exe
2008-04-13 00:59 . 2008-04-13 00:59 309,125 --a------ C:\Bloodmoon_v1.6.1820.zip
2008-04-13 00:55 . 2008-04-13 00:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zujonyrw
2008-04-13 00:55 . 2008-04-12 18:15 188,416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 00:55 . 2008-04-15 01:57 94,208 --a------ C:\old_nytkvchk.exe
2008-04-13 00:02 . 2008-04-13 00:02 1,075,901 --a------ C:\eng-hindi-dict-utf8.zip
2008-04-12 23:10 . 2008-04-13 22:03 <REP> d-------- C:\Program Files\eMule
0
Réponse 23 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
2008-04-12 23:10 . 2008-04-12 23:10 3,861,320 --a------ C:\eMule0.48a-Installer2.exe
2008-04-12 12:29 . 2008-04-12 12:29 <REP> d---s---- C:\Program Files\Xfire
2008-04-12 12:29 . 2008-04-12 12:30 <REP> d-------- C:\Documents and Settings\user\Application Data\Xfire
2008-04-12 01:03 . 2007-04-15 12:48 9,190,807 --a------ C:\Arena106.exe
2008-04-12 01:01 . 2007-04-15 12:58 257,060 --a------ C:\big-tamriel.jpg
2008-04-12 00:58 . 2008-04-12 00:58 <REP> d-------- C:\DaggerfallProblŠme
2008-04-12 00:07 . 2008-04-12 00:08 <REP> d-------- C:\Program Files\WinAce
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINACE
2008-04-11 23:04 . 2008-04-13 00:55 <REP> d-------- C:\Daggerfall
2008-04-11 23:01 . 2008-04-13 22:28 <REP> d-------- C:\Program Files\DOSBox-0.65
2008-04-11 22:39 . 2008-04-11 22:40 <REP> d-------- C:\Soluce-Elder'Scrolls
2008-04-11 22:34 . 2008-04-13 22:05 <REP> d-------- C:\DAGGER
0
Réponse 24 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
2008-04-11 22:23 . 2008-04-12 12:28 <REP> d-------- C:\Civilisation_Patchs
2008-04-11 22:19 . 2008-04-15 23:17 <REP> d-------- C:\Oblivion_Patchs
2008-04-11 22:18 . 2008-04-12 01:02 <REP> d-------- C:\OblivionSAV
2008-04-10 18:51 . 2008-04-10 18:51 1,933,501 --a------ C:\FonctionnairesChiinoisGrolandais.exe
2008-04-10 17:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-05 21:31 . 2008-04-05 21:31 232,753,052 --a------ C:\Arriv‚ePoliceBoisVersoix.avi
2008-04-05 17:29 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 17:29 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 21:57 . 2008-04-03 21:57 <REP> d-------- C:\Documents and Settings\user\Application Data\My Games
2008-04-03 21:43 . 2008-04-03 21:43 <REP> d-------- C:\Program Files\Firaxis Games
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
ça s'empire la connexion !!

2008-04-03 21:43 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-03 21:34 . 2008-04-03 21:40 <REP> d-------- C:\Ethiopie_AccŠs
2008-03-29 18:35 . 2008-04-10 18:42 <REP> d-------- C:\Documents and Settings\user\Application Data\XnView
2008-03-29 18:34 . 2008-03-29 18:34 <REP> d-------- C:\Xnview
2008-03-29 18:34 . 2008-03-29 18:34 <REP> d-------- C:\Program Files\XnView
2008-03-28 18:18 . 2008-03-28 18:18 175,028 --a------ C:\DSCN0290.jpg
2008-03-28 18:14 . 2008-03-28 18:14 184,820 --a------ C:\DSCN0289.jpg
2008-03-28 18:13 . 2008-03-28 18:13 187,682 --a------ C:\DSCN0287.jpg
2008-03-28 18:13 . 2008-03-28 18:13 179,894 --a------ C:\DSCN0288.jpg
2008-03-27 18:06 . 2008-03-27 18:06 736,898 --a------ C:\Chinoiseries.jpg
0
Réponse 26 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
2008-03-25 23:02 . 2008-03-25 23:02 13,759 --a------ C:\quand-larmee-enquete.htm
2008-03-25 21:44 . 2008-03-25 21:44 73,308,600 --a------ C:\REALbasicSetupFR.exe
2008-03-25 21:37 . 2008-03-25 21:37 3,122,812 --a------ C:\FileZilla_3.0.8.1_win32-setup.exe
2008-03-25 21:35 . 2008-03-25 21:35 6,105,952 --a------ C:\Firefox Setup 2.0.0.12.exe
2008-03-25 21:32 . 2008-03-25 21:32 8,705,840 --a------ C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-25 18:16 . 2008-04-10 17:34 <REP> d-------- C:\Program Files\Liberty BASIC v4.03
2008-03-25 18:16 . 2008-03-25 18:16 3,484,727 --a------ C:\lb403win.exe
2008-03-25 18:16 . 2008-03-25 18:16 6 --a------ C:\WINDOWS\system32\cuatro.ini
2008-03-21 01:22 . 2008-03-21 01:24 <REP> d--h----- C:\Dossier foot19
0
Réponse 27 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
.(((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))
.
2008-04-16 19:16 6,234,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 19:13 74,060 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 10:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 18:45 2,777,088 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-10 15:58 --------- d-----w C:\Program Files\Java
2008-04-09 19:01 2,759,680 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-03 19:57 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
0
Réponse 28 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-08 20:08 --------- d-----w C:\Documents and Settings\user\Application Data\MailFrontier
2008-03-01 21:08 --------- d-----w C:\Documents and Settings\user\Application Data\Steinberg
2008-03-01 17:02 --------- d-----w C:\Program Files\Steinberg
2007-09-01 16:15 15,864,966 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_01_18_13_27_full.dmp.zip
2007-08-25 14:37 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-08-25 14:37 1,290,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
0
Réponse 29 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
(((((((((((((((((( Point de chargement Reg ))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 17:08 65536]
"qmsrhuth"="C:\WINDOWS\system32\nytkvchk.exe" [ ]
"sknxqway"="C:\WINDOWS\system32\sbmvqjsr.exe" [2008-04-16 17:04 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 22:55 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 22:55 118784]
0
Réponse 30 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 12:37 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 15:02 352256]
"TPSMain"="TPSMain.exe" [2005-08-03 17:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 13:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 10:24 118784]
"TFncKy"="TFncKy.exe" []
0
Réponse 31 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
"TDispVol"="TDispVol.exe" [2005-09-15 15:19 73728 C:\WINDOWS\system32\TDispVol.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 06:20 122940]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-11 12:28 7557120]
"nwiz"="nwiz.exe" [2007-07-11 12:28 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2007-07-11 12:28 49152]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
0
Réponse 32 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"euku11w5yZ"= C:\Documents and Settings\All Users\Application Data\zujonyrw\petyjsnu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCUNDU]
mlJCUNDU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
0
Réponse 33 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 15:48]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 15:47]
0
Réponse 34 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 21:15:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
0
Réponse 35 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\TDispVol.dll
-> ?:\WINDOWS\system32\MSVCR71.DLL
.
0
Réponse 36 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
0
Réponse 37 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

Temps d'accomplissement: 2008-04-16 21:19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 19:19:53

Pre-Run: 72,414,298,112 octets libres
Post-Run: 72,388,521,984 octets libres
.
2007-08-07 16:30:24 --- E O F ---
0
Réponse 38 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
Et voilà Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:29, on 16.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
0
Réponse 39 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\zujonyrw\petyjsnu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
0
Réponse 40 / 95
GROLANDAIS Messages postés 288 Statut Membre 3
 
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\sbmvqjsr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
0