VirusHeat encore .....
Résolu
Mumba
-
Mumba -
Mumba -
Bonjour,
voila encore un probleme VirusHeat apres avoir regardé les post de forum j'ai donc décider de vous soumettres mon probleme : icone obsolete dans la barre de tache
Scan Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 04:24:35, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Guillaume\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REV] C:\Program Files\Steam\steamapps\septum_lucidum\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097743015284
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
voila encore un probleme VirusHeat apres avoir regardé les post de forum j'ai donc décider de vous soumettres mon probleme : icone obsolete dans la barre de tache
Scan Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 04:24:35, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Guillaume\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REV] C:\Program Files\Steam\steamapps\septum_lucidum\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2filovemessenger%2fmars2005%2fbetty_boop.png%3f
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097743015284
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
3 réponses
ComboFix
ComboFix 08-04-22.5 - Guillaume 2008-04-24 4:22:26.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.981 [GMT 2:00]
Endroit: C:\Documents and Settings\Guillaume\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 03:29 . 2008-04-24 03:31 <REP> d-------- C:\Program Files\Unlocker
2008-04-24 03:29 . 2008-04-24 03:29 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Desktopicon
2008-04-24 03:14 . 2008-04-24 03:14 <REP> d-------- C:\WINDOWS\system32\814810
2008-04-23 14:14 . 2008-04-23 14:14 <REP> d-------- C:\Program Files\CCleaner
2008-04-22 22:08 . 2008-04-22 22:08 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-04-20 23:22 . 2008-04-20 23:24 <REP> d-------- C:\Documents and Settings\Guillaume\dwhelper
2008-04-20 16:25 . 2008-04-20 16:33 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\gtk-2.0
2008-04-20 16:25 . 2008-04-20 16:25 <REP> d-------- C:\Documents and Settings\Guillaume\.thumbnails
2008-04-13 03:22 . 2008-04-13 03:22 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-13 03:22 . 2008-04-18 16:06 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\teamspeak2
2008-04-13 03:22 . 2008-04-13 03:22 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-07 11:35 . 2008-04-07 11:35 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\SystemRequirementsLab
2008-04-06 23:53 . 2008-04-11 18:38 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\OpenOffice.org2
2008-04-06 23:49 . 2008-04-06 23:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-06 23:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-04 01:20 . 2008-04-04 01:20 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\X10 Commander
2008-04-04 01:13 . 2008-04-24 04:03 297 --a------ C:\WINDOWS\system\cmicnfg.ini
2008-04-03 16:52 . 2008-04-03 16:54 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-03 16:52 . 2008-04-03 16:52 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 16:52 . 2008-04-03 16:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-03 16:32 . 2008-04-03 17:08 <REP> d-------- C:\Program Files\WarRock
2008-04-03 07:46 . 2008-04-03 07:46 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 20:15 . 2008-04-02 20:15 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-02 20:14 . 2008-04-02 20:15 <REP> d-------- C:\Program Files\Logitech
2008-04-02 20:13 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-04-02 12:48 . 2008-04-02 12:48 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\AdobeUM
2008-04-01 23:54 . 2008-04-01 23:57 <REP> d-------- C:\Program Files\uTorrent
2008-04-01 23:54 . 2008-04-22 22:10 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\uTorrent
2008-03-29 10:36 . 2008-04-24 03:49 <REP> d-------- C:\Program Files\Crawler
2008-03-29 02:01 . 2008-04-24 04:14 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-29 02:01 . 2008-04-24 04:15 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Spyware Terminator
2008-03-29 02:01 . 2008-04-24 04:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-29 02:01 . 2008-03-29 02:01 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-28 18:33 . 2008-03-28 18:33 <REP> d-------- C:\Program Files\Nuclear Coffee
2008-03-28 18:32 . 2008-03-28 18:32 649,147 --a------ C:\WINDOWS\Revolution Script CS UnRevoCS.exe
2008-03-28 09:20 . 2008-03-28 09:20 <REP> d-------- C:\Program Files\Alwil Software
2008-03-28 09:16 . 2008-03-28 09:16 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-28 09:14 . 2008-03-28 09:14 <REP> d-------- C:\Program Files\ma-config.com
2008-03-28 09:14 . 2008-04-23 13:55 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\ma-config.com
2008-03-28 05:33 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-28 05:33 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-28 05:33 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 04:00 . 2008-03-28 04:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-28 02:31 . 2008-03-28 02:31 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Todae
2008-03-28 02:24 . 2008-03-28 02:24 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\vlc
2008-03-28 02:23 . 2008-03-28 02:23 <REP> d-------- C:\Program Files\VideoLAN
2008-03-28 02:10 . 2008-03-28 02:10 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-28 01:43 . 2008-04-24 04:15 <REP> d-------- C:\Program Files\Steam
2008-03-28 01:33 . 2008-04-09 07:59 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-28 01:33 . 2008-03-28 01:34 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-28 01:25 . 2008-03-28 01:25 <REP> d-------- C:\Program Files\RocketDock
2008-03-28 01:14 . 2008-03-28 01:14 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-28 01:12 . 2008-04-03 16:52 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-28 01:12 . 2008-03-28 01:13 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-28 01:11 . 2006-09-25 18:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-28 01:08 . 2008-04-07 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-28 01:02 . 2008-04-11 09:52 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-03-28 00:58 . 2008-03-28 01:34 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-28 00:58 . 2008-03-28 00:58 219,648 --a------ C:\WINDOWS\system32\nsx374.tmp
2008-03-28 00:58 . 2008-03-28 00:58 219,648 --a--c--- C:\WINDOWS\system32\dllcache\nsh373.tmp
2008-03-28 00:58 . 2008-03-28 01:34 71,634 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-28 00:56 . 2008-03-28 01:32 <REP> d-------- C:\WINDOWS\BricoPacks
2008-03-28 00:50 . 2008-04-11 09:59 <REP> d-------- C:\Documents and Settings\Guillaume\Contacts
2008-03-28 00:49 . 2008-03-28 00:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-28 00:45 . 2008-03-28 00:51 <REP> d-------- C:\Program Files\Windows Live
2008-03-28 00:45 . 2008-03-28 00:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-28 00:45 . 2008-03-28 00:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 00:39 . 2008-04-20 23:33 <REP> d-------- C:\Program Files\Internet Download Manager
2008-03-28 00:39 . 2008-04-20 23:28 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\IDM
2008-03-28 00:39 . 2008-04-24 04:21 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\DMCache
2008-03-28 00:31 . 2008-04-07 11:38 <REP> d-------- C:\WINDOWS\nview
2008-03-28 00:31 . 2008-04-07 11:35 <REP> d-------- C:\NVIDIA
2008-03-28 00:31 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-28 00:31 . 2008-04-07 11:39 160,584 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-28 00:31 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-28 00:29 . 2008-03-28 00:29 <REP> d-------- C:\Program Files\Belkin
2008-03-28 00:29 . 2005-11-10 20:54 402,944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys
2008-03-28 00:28 . 2004-10-13 21:41 <REP> d--h----- C:\Documents and Settings\Guillaume\Voisinage réseau
2008-03-28 00:28 . 2004-10-13 21:41 <REP> d--h----- C:\Documents and Settings\Guillaume\Voisinage d'impression
2008-03-28 00:28 . 2004-10-14 10:36 <REP> d--hs---- C:\Documents and Settings\Guillaume\UserData
2008-03-28 00:28 . 2004-10-13 19:45 <REP> d--h----- C:\Documents and Settings\Guillaume\Modèles
2008-03-28 00:28 . 2008-04-22 22:01 <REP> d---s---- C:\Documents and Settings\Guillaume\Mes documents
2008-03-28 00:28 . 2008-04-24 03:29 <REP> dr------- C:\Documents and Settings\Guillaume\Menu Démarrer
2008-03-28 00:28 . 2008-03-28 09:17 <REP> dr------- C:\Documents and Settings\Guillaume\Favoris
2008-03-28 00:28 . 2008-04-24 04:21 <REP> d-------- C:\Documents and Settings\Guillaume\Bureau
2008-03-28 00:28 . 2008-03-29 16:51 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\CyberLink
2008-03-28 00:28 . 2008-04-24 03:42 <REP> d-------- C:\Documents and Settings\Guillaume
2008-03-28 00:28 . 2008-04-24 04:23 360,448 --ah----- C:\Documents and Settings\Guillaume\ntuser.dat.LOG
2008-03-28 00:27 . 2004-10-14 10:36 <REP> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-03-28 00:27 . 2004-10-14 15:57 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink
2008-03-28 00:27 . 2004-10-14 10:36 <REP> d---s---- C:\Documents and Settings\Default User\UserData
2008-03-28 00:27 . 2008-03-28 00:27 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
2008-03-28 00:24 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-28 00:23 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 23:16 13,312 --s-a-w C:\WINDOWS\system32\rkaxfza.dll
2008-04-23 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 12:20 --------- d-----w C:\Program Files\Musicmatch
2008-04-23 12:20 --------- d-----w C:\Program Files\Home Cinema
2008-04-23 12:06 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-07 09:58 --------- d-----w C:\Program Files\Java
2008-03-29 14:50 --------- d-----w C:\Program Files\X10 Hardware
2008-03-28 20:52 --------- d-----w C:\Program Files\Google
2008-03-28 07:15 --------- d-----w C:\Program Files\CA
2008-03-27 23:34 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-27 23:10 --------- d-----w C:\Program Files\Windows Media Connect
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2004-12-06 12:32 8 --sh--r C:\WINDOWS\system32\AD312A130D.sys
2004-12-06 12:32 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 07:55 68856]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-20 23:33 2573744]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 22:01 1271032]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CHotkey"="zHotkey.exe" [2004-05-17 19:30 543232 C:\WINDOWS\zHotkey.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"REV"="C:\Program Files\Steam\steamapps\septum_lucidum\counter-strike\Revolution_Script.exe" [2004-10-24 00:13 1204224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-29 02:01 2957824]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
C:\Documents and Settings\Guillaume\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"= C:\WINDOWS\system32\rkaxfza.dll [2008-04-24 01:16 13312]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\septum_lucidum\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\septum_lucidum\\day of defeat\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Steam\\steamapps\\lapin_cretin\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\lapin_cretin\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\lapin_cretin\\counter-strike\\hl.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-29 02:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-23 14:06]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2006-07-13 14:34]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 04:23:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 4:24:10
ComboFix-quarantined-files.txt 2008-04-24 02:24:07
Pre-Run: 90,608,705,536 octets libres
Post-Run: 90,657,751,040 octets libres
194 --- E O F --- 2008-04-21 10:54:07
ComboFix 08-04-22.5 - Guillaume 2008-04-24 4:22:26.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.981 [GMT 2:00]
Endroit: C:\Documents and Settings\Guillaume\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 03:29 . 2008-04-24 03:31 <REP> d-------- C:\Program Files\Unlocker
2008-04-24 03:29 . 2008-04-24 03:29 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Desktopicon
2008-04-24 03:14 . 2008-04-24 03:14 <REP> d-------- C:\WINDOWS\system32\814810
2008-04-23 14:14 . 2008-04-23 14:14 <REP> d-------- C:\Program Files\CCleaner
2008-04-22 22:08 . 2008-04-22 22:08 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-04-20 23:22 . 2008-04-20 23:24 <REP> d-------- C:\Documents and Settings\Guillaume\dwhelper
2008-04-20 16:25 . 2008-04-20 16:33 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\gtk-2.0
2008-04-20 16:25 . 2008-04-20 16:25 <REP> d-------- C:\Documents and Settings\Guillaume\.thumbnails
2008-04-13 03:22 . 2008-04-13 03:22 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-13 03:22 . 2008-04-18 16:06 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\teamspeak2
2008-04-13 03:22 . 2008-04-13 03:22 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-07 11:35 . 2008-04-07 11:35 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\SystemRequirementsLab
2008-04-06 23:53 . 2008-04-11 18:38 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\OpenOffice.org2
2008-04-06 23:49 . 2008-04-06 23:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-06 23:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-04 01:20 . 2008-04-04 01:20 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\X10 Commander
2008-04-04 01:13 . 2008-04-24 04:03 297 --a------ C:\WINDOWS\system\cmicnfg.ini
2008-04-03 16:52 . 2008-04-03 16:54 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-03 16:52 . 2008-04-03 16:52 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 16:52 . 2008-04-03 16:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-03 16:32 . 2008-04-03 17:08 <REP> d-------- C:\Program Files\WarRock
2008-04-03 07:46 . 2008-04-03 07:46 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 20:15 . 2008-04-02 20:15 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-02 20:14 . 2008-04-02 20:15 <REP> d-------- C:\Program Files\Logitech
2008-04-02 20:13 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-04-02 12:48 . 2008-04-02 12:48 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\AdobeUM
2008-04-01 23:54 . 2008-04-01 23:57 <REP> d-------- C:\Program Files\uTorrent
2008-04-01 23:54 . 2008-04-22 22:10 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\uTorrent
2008-03-29 10:36 . 2008-04-24 03:49 <REP> d-------- C:\Program Files\Crawler
2008-03-29 02:01 . 2008-04-24 04:14 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-29 02:01 . 2008-04-24 04:15 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Spyware Terminator
2008-03-29 02:01 . 2008-04-24 04:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-29 02:01 . 2008-03-29 02:01 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-28 18:33 . 2008-03-28 18:33 <REP> d-------- C:\Program Files\Nuclear Coffee
2008-03-28 18:32 . 2008-03-28 18:32 649,147 --a------ C:\WINDOWS\Revolution Script CS UnRevoCS.exe
2008-03-28 09:20 . 2008-03-28 09:20 <REP> d-------- C:\Program Files\Alwil Software
2008-03-28 09:16 . 2008-03-28 09:16 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-28 09:14 . 2008-03-28 09:14 <REP> d-------- C:\Program Files\ma-config.com
2008-03-28 09:14 . 2008-04-23 13:55 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\ma-config.com
2008-03-28 05:33 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-28 05:33 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-28 05:33 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 04:00 . 2008-03-28 04:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-28 02:31 . 2008-03-28 02:31 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\Todae
2008-03-28 02:24 . 2008-03-28 02:24 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\vlc
2008-03-28 02:23 . 2008-03-28 02:23 <REP> d-------- C:\Program Files\VideoLAN
2008-03-28 02:10 . 2008-03-28 02:10 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-28 01:43 . 2008-04-24 04:15 <REP> d-------- C:\Program Files\Steam
2008-03-28 01:33 . 2008-04-09 07:59 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-28 01:33 . 2008-03-28 01:34 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-28 01:25 . 2008-03-28 01:25 <REP> d-------- C:\Program Files\RocketDock
2008-03-28 01:14 . 2008-03-28 01:14 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-28 01:12 . 2008-04-03 16:52 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-28 01:12 . 2008-03-28 01:13 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-28 01:11 . 2006-09-25 18:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-28 01:08 . 2008-04-07 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-28 01:02 . 2008-04-11 09:52 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-03-28 00:58 . 2008-03-28 01:34 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-28 00:58 . 2008-03-28 00:58 219,648 --a------ C:\WINDOWS\system32\nsx374.tmp
2008-03-28 00:58 . 2008-03-28 00:58 219,648 --a--c--- C:\WINDOWS\system32\dllcache\nsh373.tmp
2008-03-28 00:58 . 2008-03-28 01:34 71,634 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-28 00:56 . 2008-03-28 01:32 <REP> d-------- C:\WINDOWS\BricoPacks
2008-03-28 00:50 . 2008-04-11 09:59 <REP> d-------- C:\Documents and Settings\Guillaume\Contacts
2008-03-28 00:49 . 2008-03-28 00:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-28 00:45 . 2008-03-28 00:51 <REP> d-------- C:\Program Files\Windows Live
2008-03-28 00:45 . 2008-03-28 00:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-28 00:45 . 2008-03-28 00:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 00:39 . 2008-04-20 23:33 <REP> d-------- C:\Program Files\Internet Download Manager
2008-03-28 00:39 . 2008-04-20 23:28 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\IDM
2008-03-28 00:39 . 2008-04-24 04:21 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\DMCache
2008-03-28 00:31 . 2008-04-07 11:38 <REP> d-------- C:\WINDOWS\nview
2008-03-28 00:31 . 2008-04-07 11:35 <REP> d-------- C:\NVIDIA
2008-03-28 00:31 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-28 00:31 . 2008-04-07 11:39 160,584 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-28 00:31 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-28 00:29 . 2008-03-28 00:29 <REP> d-------- C:\Program Files\Belkin
2008-03-28 00:29 . 2005-11-10 20:54 402,944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys
2008-03-28 00:28 . 2004-10-13 21:41 <REP> d--h----- C:\Documents and Settings\Guillaume\Voisinage réseau
2008-03-28 00:28 . 2004-10-13 21:41 <REP> d--h----- C:\Documents and Settings\Guillaume\Voisinage d'impression
2008-03-28 00:28 . 2004-10-14 10:36 <REP> d--hs---- C:\Documents and Settings\Guillaume\UserData
2008-03-28 00:28 . 2004-10-13 19:45 <REP> d--h----- C:\Documents and Settings\Guillaume\Modèles
2008-03-28 00:28 . 2008-04-22 22:01 <REP> d---s---- C:\Documents and Settings\Guillaume\Mes documents
2008-03-28 00:28 . 2008-04-24 03:29 <REP> dr------- C:\Documents and Settings\Guillaume\Menu Démarrer
2008-03-28 00:28 . 2008-03-28 09:17 <REP> dr------- C:\Documents and Settings\Guillaume\Favoris
2008-03-28 00:28 . 2008-04-24 04:21 <REP> d-------- C:\Documents and Settings\Guillaume\Bureau
2008-03-28 00:28 . 2008-03-29 16:51 <REP> d-------- C:\Documents and Settings\Guillaume\Application Data\CyberLink
2008-03-28 00:28 . 2008-04-24 03:42 <REP> d-------- C:\Documents and Settings\Guillaume
2008-03-28 00:28 . 2008-04-24 04:23 360,448 --ah----- C:\Documents and Settings\Guillaume\ntuser.dat.LOG
2008-03-28 00:27 . 2004-10-14 10:36 <REP> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-03-28 00:27 . 2004-10-14 15:57 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink
2008-03-28 00:27 . 2004-10-14 10:36 <REP> d---s---- C:\Documents and Settings\Default User\UserData
2008-03-28 00:27 . 2008-03-28 00:27 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
2008-03-28 00:24 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-28 00:23 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 23:16 13,312 --s-a-w C:\WINDOWS\system32\rkaxfza.dll
2008-04-23 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 12:20 --------- d-----w C:\Program Files\Musicmatch
2008-04-23 12:20 --------- d-----w C:\Program Files\Home Cinema
2008-04-23 12:06 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-07 09:58 --------- d-----w C:\Program Files\Java
2008-03-29 14:50 --------- d-----w C:\Program Files\X10 Hardware
2008-03-28 20:52 --------- d-----w C:\Program Files\Google
2008-03-28 07:15 --------- d-----w C:\Program Files\CA
2008-03-27 23:34 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-27 23:10 --------- d-----w C:\Program Files\Windows Media Connect
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2004-12-06 12:32 8 --sh--r C:\WINDOWS\system32\AD312A130D.sys
2004-12-06 12:32 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 07:55 68856]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-20 23:33 2573744]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 22:01 1271032]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CHotkey"="zHotkey.exe" [2004-05-17 19:30 543232 C:\WINDOWS\zHotkey.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"REV"="C:\Program Files\Steam\steamapps\septum_lucidum\counter-strike\Revolution_Script.exe" [2004-10-24 00:13 1204224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-29 02:01 2957824]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
C:\Documents and Settings\Guillaume\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"= C:\WINDOWS\system32\rkaxfza.dll [2008-04-24 01:16 13312]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\septum_lucidum\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\septum_lucidum\\day of defeat\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Steam\\steamapps\\lapin_cretin\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\lapin_cretin\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\lapin_cretin\\counter-strike\\hl.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-29 02:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-23 14:06]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2006-07-13 14:34]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 04:23:25
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 4:24:10
ComboFix-quarantined-files.txt 2008-04-24 02:24:07
Pre-Run: 90,608,705,536 octets libres
Post-Run: 90,657,751,040 octets libres
194 --- E O F --- 2008-04-21 10:54:07
Rapport SmitFraud
SmitFraudFix v2.317
Rapport fait à 4:40:30,23, 24/04/2008
Executé à partir de C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guillaume
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guillaume\Application Data
C:\Documents and Settings\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GUILLA~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"="garcea"
[HKEY_CLASSES_ROOT\CLSID\{eb9f614b-ea44-40d0-8829-542e4f254739}\InProcServer32]
@="C:\WINDOWS\system32\rkaxfza.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{eb9f614b-ea44-40d0-8829-542e4f254739}\InProcServer32]
@="C:\WINDOWS\system32\rkaxfza.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Belkin Wireless G USB Network Adapter
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{07D2C2EB-2AE4-4C44-98E1-28300AA37982}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{07D2C2EB-2AE4-4C44-98E1-28300AA37982}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{07D2C2EB-2AE4-4C44-98E1-28300AA37982}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.317
Rapport fait à 4:40:30,23, 24/04/2008
Executé à partir de C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guillaume
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guillaume\Application Data
C:\Documents and Settings\Guillaume\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GUILLA~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"="garcea"
[HKEY_CLASSES_ROOT\CLSID\{eb9f614b-ea44-40d0-8829-542e4f254739}\InProcServer32]
@="C:\WINDOWS\system32\rkaxfza.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{eb9f614b-ea44-40d0-8829-542e4f254739}\InProcServer32]
@="C:\WINDOWS\system32\rkaxfza.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Belkin Wireless G USB Network Adapter
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{07D2C2EB-2AE4-4C44-98E1-28300AA37982}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{07D2C2EB-2AE4-4C44-98E1-28300AA37982}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{07D2C2EB-2AE4-4C44-98E1-28300AA37982}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
