Problème de fonctionnement AntiVir
Tyl
-
Tyl -
Tyl -
Bonjour,
Suite à une infection que j'essaie désespérément de traiter, mon antivirus AntiVir s'est retrouvé au tapis.
Le programme ne peut plus être démarré, le message suivant apparait:
"The application module
c:\\program files\avira\antivir personaledition classic\avgnt.exe
cannot be found or has been modified or destroyed.
The AVGNT.EXE cannot be started.
Please check your installation."
Je ne parviens pas à supprimer le programme correctement à partir du panneau de configuration. Le message apparaissant étant alors:
" The CRC sum of
C:\ Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE
has been changes. This could due be to a virus!
Do you want to shut down Setup?
OK"
Même message si j'essaie de réinstaller le programme. Que dois-je faire pour le désintaller correctement afin de réinstaller un antivirus sans créer de conflit d'intérêt?
Merci pour votre aide!
Suite à une infection que j'essaie désespérément de traiter, mon antivirus AntiVir s'est retrouvé au tapis.
Le programme ne peut plus être démarré, le message suivant apparait:
"The application module
c:\\program files\avira\antivir personaledition classic\avgnt.exe
cannot be found or has been modified or destroyed.
The AVGNT.EXE cannot be started.
Please check your installation."
Je ne parviens pas à supprimer le programme correctement à partir du panneau de configuration. Le message apparaissant étant alors:
" The CRC sum of
C:\ Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE
has been changes. This could due be to a virus!
Do you want to shut down Setup?
OK"
Même message si j'essaie de réinstaller le programme. Que dois-je faire pour le désintaller correctement afin de réinstaller un antivirus sans créer de conflit d'intérêt?
Merci pour votre aide!
A voir également:
- Problème de fonctionnement AntiVir
- Fonctionnement du protocole http - Guide
- Fonctionnement processeur - Guide
- Notice de fonctionnement - Guide
- Fonctionnement onedrive - Guide
- Antivir - Télécharger - Antivirus & Antimalwares
4 réponses
Salut
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
ok,
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Salut!
Voici le rapport ComboFix:
ComboFix 08-05-01.1 - Nath 2008-05-02 11:56:51.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.299 [GMT 2:00]
Endroit: C:\Documents and Settings\Nath\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\byXRlMeC.dll
C:\WINDOWS\system32\CeMlRXyb.ini
C:\WINDOWS\system32\CeMlRXyb.ini2
C:\WINDOWS\system32\opnnoomM.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-27 20:10 . 2008-04-27 20:10 <REP> d-------- C:\Program Files\Ashampoo
2008-04-20 17:45 . 2008-04-20 17:45 <REP> d-------- C:\VundoFix Backups
2008-04-18 21:56 . 2008-04-18 18:56 63,488 --a------ C:\WINDOWS\system32\wskl0.exe
2008-04-18 18:56 . 2008-04-18 18:56 75,698 --a------ C:\WINDOWS\widuxngq.sys
2008-04-18 18:56 . 2008-04-18 18:56 10,000 --------- C:\WINDOWS\system32\jfiehayd.dll
2008-04-18 18:56 . 2008-04-18 18:56 2 --a------ C:\100802141
2008-04-18 18:55 . 2008-04-18 18:55 94,306 --a------ C:\stumddqy.exe
2008-04-18 18:55 . 2008-04-18 18:56 89,088 --a------ C:\menafhv.exe
2008-04-18 18:54 . 2008-04-18 18:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-18 18:54 . 2008-04-18 18:54 <REP> d-------- C:\Documents and Settings\Nath\Application Data\Malwarebytes
2008-04-18 18:54 . 2008-04-18 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 18:44 . 2008-04-18 18:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-16 00:17 . 2008-04-16 00:16 59,904 --ahs---- C:\WINDOWS\system32\irdvxc.exe
2008-04-15 10:11 . 2008-04-15 10:11 <REP> d-------- C:\Program Files\Avira
2008-04-14 19:23 . 2008-04-14 19:23 40,192 ---hs---- C:\WINDOWS\system32\mdm.exe
2008-04-10 22:24 . 2008-04-10 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-10 22:24 . 2008-04-10 22:24 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-10 22:24 . 2008-04-10 22:24 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-10 22:24 . 2008-04-10 22:24 299,008 --a------ C:\WINDOWS\PATCH.EXE
2008-04-10 22:24 . 2008-04-10 22:24 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-10 22:24 . 2008-04-10 22:24 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-10 20:14 . 2008-04-10 22:10 911,872 --a------ C:\WINDOWS\system32\syssmon.exe
2008-04-09 18:33 . 2008-04-09 18:33 <REP> d-------- C:\Program Files\AxBx
2008-04-07 10:37 . 2008-04-07 10:37 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-05 17:40 . 2008-04-05 17:40 67 --a------ C:\WINDOWS\system32\o
2008-04-05 17:23 . 2008-04-05 17:23 84 --a------ C:\WINDOWS\system32\btsvc.inf
2008-04-05 00:26 . 2008-04-05 00:26 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-05 00:25 . 2008-04-05 13:51 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-03 11:33 . 2008-04-03 11:33 1,103,600 --a------ C:\WINDOWS\system32\ddd.exe
2008-04-03 10:49 . 2008-04-07 11:04 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-03 10:19 . 2008-04-15 10:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 22:05 --------- d-----w C:\Documents and Settings\Nath\Application Data\Skype
2008-04-11 08:23 60,424 ----a-w C:\Documents and Settings\Nath\Application Data\GDIPFONTCACHEV1.DAT
2008-04-10 10:52 --------- d-----w C:\Program Files\Microsoft Works
2008-04-07 09:06 --------- d-----w C:\Program Files\QuickTime
2008-03-16 13:34 --------- d-----w C:\Documents and Settings\Nath\Application Data\MSN6
2008-03-16 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-16 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 14:13 --------- d-----w C:\Documents and Settings\Nath\Application Data\InstallShield
.
------- Sigcheck -------
2003-04-24 04:00 1017856 e3825d37d74ed395a08776a2d3059571 C:\WINDOWS\explorer.exe
2003-04-24 04:00 1017856 5c88103fc2e2ca055c0d8a10598d06d8 C:\WINDOWS\system32\dllcache\explorer.exe
2003-04-24 04:00 23040 3a84adfbd4efa8ff702f3c211a865ed9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_17.15.32.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:11:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 10:00:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-20 18:02:28 173,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 06:00:00 171,520 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-04-19 15:11:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-02 10:00:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-19 15:11:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-02 10:00:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-19 15:11:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-02 10:00:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-19 15:07:34 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-05-02 09:56:46 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
2008-04-18 18:56 10000 --------- C:\WINDOWS\System32\jfiehayd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 04:00 23040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 10:08 1523741]
"Windows has Layer"="fixweb.exe" []
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-04-14 19:23 40192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 40960 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 16:30 348160]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 07:26 57344]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 17:11 118784]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 14:50 196700]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 23:10 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-23 00:06 622592]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 61440]
"HP Software Update"="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 61440]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 20:56 495616]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44 77824]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 18:23 880640]
"CARPService"="carpserv.exe" [2003-04-15 03:00 14336 C:\WINDOWS\system32\carpserv.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 495616]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-10 12:58 294912]
"Windows has Layer"="fixweb.exe" []
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-04-14 19:23 40192]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 274689]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows has Layer"="fixweb.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 04:00 23040]
"Windows has Layer"="fixweb.exe" []
"Microsoft Oftice"="C:\WINDOWS\System32\msmsgs.exe" [ ]
"Microsoft Windows Driver"="C:\WINDOWS\rundll32.exe" [ ]
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-04-14 19:23 40192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows has Layer"="fixweb.exe" []
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\System32\jfiehayd.dll [2008-04-18 18:56 10000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnoomm]
opnnoomM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrkewqh]
rqRKEWQh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\windows\\system32\\wskl0.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 MSDisk;Network helper Service;"C:\WINDOWS\System32\irdvxc.exe" /service []
R2 ssmon;System Stability Monitor;"C:\WINDOWS\system32\syssmon.exe" [2008-04-10 22:10]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 17:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 17:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2003-07-17 03:01]
S2 ffor.mylifez.net;Windows has Layer;"C:\WINDOWS\System32\fixweb.exe" -netsvcs []
S2 UMAXPCLS;Pilote de scanneur pour port imprimante;C:\WINDOWS\System32\DRIVERS\umaxpcls.sys [2001-08-17 21:58]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 mdxgthkn;mdxgthkn;C:\DOCUME~1\Nath\LOCALS~1\Temp\mdxgthkn.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2004-03-06 18:41:30 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 12:01:37
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
ZwOpenFile
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????h??w2??w???w?? ?deB???????????????B? ??????
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\Nath\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\MsPMSPSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 12:04:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 10:04:42
ComboFix2.txt 2008-04-19 15:15:50
Pre-Run: 9,592,872,960 octets libres
Post-Run: 9,054,597,120 octets libres
189
Voici le rapport ComboFix:
ComboFix 08-05-01.1 - Nath 2008-05-02 11:56:51.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.299 [GMT 2:00]
Endroit: C:\Documents and Settings\Nath\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\byXRlMeC.dll
C:\WINDOWS\system32\CeMlRXyb.ini
C:\WINDOWS\system32\CeMlRXyb.ini2
C:\WINDOWS\system32\opnnoomM.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-27 20:10 . 2008-04-27 20:10 <REP> d-------- C:\Program Files\Ashampoo
2008-04-20 17:45 . 2008-04-20 17:45 <REP> d-------- C:\VundoFix Backups
2008-04-18 21:56 . 2008-04-18 18:56 63,488 --a------ C:\WINDOWS\system32\wskl0.exe
2008-04-18 18:56 . 2008-04-18 18:56 75,698 --a------ C:\WINDOWS\widuxngq.sys
2008-04-18 18:56 . 2008-04-18 18:56 10,000 --------- C:\WINDOWS\system32\jfiehayd.dll
2008-04-18 18:56 . 2008-04-18 18:56 2 --a------ C:\100802141
2008-04-18 18:55 . 2008-04-18 18:55 94,306 --a------ C:\stumddqy.exe
2008-04-18 18:55 . 2008-04-18 18:56 89,088 --a------ C:\menafhv.exe
2008-04-18 18:54 . 2008-04-18 18:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-18 18:54 . 2008-04-18 18:54 <REP> d-------- C:\Documents and Settings\Nath\Application Data\Malwarebytes
2008-04-18 18:54 . 2008-04-18 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 18:44 . 2008-04-18 18:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-16 00:17 . 2008-04-16 00:16 59,904 --ahs---- C:\WINDOWS\system32\irdvxc.exe
2008-04-15 10:11 . 2008-04-15 10:11 <REP> d-------- C:\Program Files\Avira
2008-04-14 19:23 . 2008-04-14 19:23 40,192 ---hs---- C:\WINDOWS\system32\mdm.exe
2008-04-10 22:24 . 2008-04-10 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-10 22:24 . 2008-04-10 22:24 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-10 22:24 . 2008-04-10 22:24 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-10 22:24 . 2008-04-10 22:24 299,008 --a------ C:\WINDOWS\PATCH.EXE
2008-04-10 22:24 . 2008-04-10 22:24 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-10 22:24 . 2008-04-10 22:24 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-10 20:14 . 2008-04-10 22:10 911,872 --a------ C:\WINDOWS\system32\syssmon.exe
2008-04-09 18:33 . 2008-04-09 18:33 <REP> d-------- C:\Program Files\AxBx
2008-04-07 10:37 . 2008-04-07 10:37 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-05 17:40 . 2008-04-05 17:40 67 --a------ C:\WINDOWS\system32\o
2008-04-05 17:23 . 2008-04-05 17:23 84 --a------ C:\WINDOWS\system32\btsvc.inf
2008-04-05 00:26 . 2008-04-05 00:26 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-05 00:25 . 2008-04-05 13:51 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-03 11:33 . 2008-04-03 11:33 1,103,600 --a------ C:\WINDOWS\system32\ddd.exe
2008-04-03 10:49 . 2008-04-07 11:04 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-03 10:19 . 2008-04-15 10:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 22:05 --------- d-----w C:\Documents and Settings\Nath\Application Data\Skype
2008-04-11 08:23 60,424 ----a-w C:\Documents and Settings\Nath\Application Data\GDIPFONTCACHEV1.DAT
2008-04-10 10:52 --------- d-----w C:\Program Files\Microsoft Works
2008-04-07 09:06 --------- d-----w C:\Program Files\QuickTime
2008-03-16 13:34 --------- d-----w C:\Documents and Settings\Nath\Application Data\MSN6
2008-03-16 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-16 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 14:13 --------- d-----w C:\Documents and Settings\Nath\Application Data\InstallShield
.
------- Sigcheck -------
2003-04-24 04:00 1017856 e3825d37d74ed395a08776a2d3059571 C:\WINDOWS\explorer.exe
2003-04-24 04:00 1017856 5c88103fc2e2ca055c0d8a10598d06d8 C:\WINDOWS\system32\dllcache\explorer.exe
2003-04-24 04:00 23040 3a84adfbd4efa8ff702f3c211a865ed9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_17.15.32.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:11:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 10:00:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-20 18:02:28 173,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 06:00:00 171,520 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-04-19 15:11:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-02 10:00:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-19 15:11:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-02 10:00:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-19 15:11:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-02 10:00:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-19 15:07:34 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-05-02 09:56:46 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
2008-04-18 18:56 10000 --------- C:\WINDOWS\System32\jfiehayd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 04:00 23040]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 10:08 1523741]
"Windows has Layer"="fixweb.exe" []
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-04-14 19:23 40192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 40960 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 16:30 348160]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 07:26 57344]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 17:11 118784]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 14:50 196700]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 23:10 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-23 00:06 622592]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 61440]
"HP Software Update"="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 61440]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 20:56 495616]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 19:44 77824]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 18:23 880640]
"CARPService"="carpserv.exe" [2003-04-15 03:00 14336 C:\WINDOWS\system32\carpserv.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 495616]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-10 12:58 294912]
"Windows has Layer"="fixweb.exe" []
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-04-14 19:23 40192]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 274689]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows has Layer"="fixweb.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 04:00 23040]
"Windows has Layer"="fixweb.exe" []
"Microsoft Oftice"="C:\WINDOWS\System32\msmsgs.exe" [ ]
"Microsoft Windows Driver"="C:\WINDOWS\rundll32.exe" [ ]
"Windows Networking Monitoring"="C:\WINDOWS\System32\mdm.exe" [2008-04-14 19:23 40192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows has Layer"="fixweb.exe" []
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\System32\jfiehayd.dll [2008-04-18 18:56 10000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnoomm]
opnnoomM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrkewqh]
rqRKEWQh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\windows\\system32\\wskl0.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 MSDisk;Network helper Service;"C:\WINDOWS\System32\irdvxc.exe" /service []
R2 ssmon;System Stability Monitor;"C:\WINDOWS\system32\syssmon.exe" [2008-04-10 22:10]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 17:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 17:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2003-07-17 03:01]
S2 ffor.mylifez.net;Windows has Layer;"C:\WINDOWS\System32\fixweb.exe" -netsvcs []
S2 UMAXPCLS;Pilote de scanneur pour port imprimante;C:\WINDOWS\System32\DRIVERS\umaxpcls.sys [2001-08-17 21:58]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 mdxgthkn;mdxgthkn;C:\DOCUME~1\Nath\LOCALS~1\Temp\mdxgthkn.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2004-03-06 18:41:30 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 12:01:37
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
ZwOpenFile
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????h??w2??w???w?? ?deB???????????????B? ??????
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\Nath\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\MsPMSPSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 12:04:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 10:04:42
ComboFix2.txt 2008-04-19 15:15:50
Pre-Run: 9,592,872,960 octets libres
Post-Run: 9,054,597,120 octets libres
189
Salut
# Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4
* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Fix Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
++
# Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4
* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Fix Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
++
Voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:49, on 02/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\system32\syssmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Nath\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\Nath\LOCALS~1\Temp\Adobelm_Cleanup.0001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.gorillaz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows has Layer] fixweb.exe
O4 - HKLM\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\RunServices: [Windows has Layer] fixweb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows has Layer] fixweb.exe
O4 - HKCU\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows has Layer] fixweb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Oftice] C:\WINDOWS\System32\msmsgs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows has Layer] fixweb.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows has Layer] fixweb.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr8l.hpwis.com/
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3F126A6-299D-49DD-B999-8B394639E5CC}: NameServer = 82.144.41.8 62.220.18.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\jfiehayd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Windows has Layer (ffor.mylifez.net) - Unknown owner - C:\WINDOWS\System32\fixweb.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe