Avis sur HijackThis log apres Virtumonde
Résolu
Yeuwhypot
Messages postés
38
Date d'inscription
Statut
Membre
Dernière intervention
-
ludsfa Messages postés 1284 Date d'inscription Statut Membre Dernière intervention -
ludsfa Messages postés 1284 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Je souhaite un avis sur mon rapport Hijackthis apres Vundo/Virtumonde detection
j'ai passe Cclean,Spybot,Avast (gratuit),Vundofix,Bitdefender et apres Hijackthis (en sans echec), le voici
le problem c'est que j'ai toujours un element de demarrage
qufxfxde (dans Utilitaire de configuration system)
Commande:- Rundll32.exe "C:\WINDOWS\system32\qdfxfxde.dll",s
Emplacement:- SOFTWARE\Microsoft\Windows\currentVersion\Run
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:59, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je souhaite un avis sur mon rapport Hijackthis apres Vundo/Virtumonde detection
j'ai passe Cclean,Spybot,Avast (gratuit),Vundofix,Bitdefender et apres Hijackthis (en sans echec), le voici
le problem c'est que j'ai toujours un element de demarrage
qufxfxde (dans Utilitaire de configuration system)
Commande:- Rundll32.exe "C:\WINDOWS\system32\qdfxfxde.dll",s
Emplacement:- SOFTWARE\Microsoft\Windows\currentVersion\Run
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:59, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Avis sur HijackThis log apres Virtumonde
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- Ti college plus log ✓ - Forum Bureautique
- Log freebox - Forum Freebox
- View rescue log - Guide
48 réponses
bien,
#
Télécharge VirtumundoBeGone sur ton bureau:http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double-clique ensuite sur VirtumundoBeGone.exe et suit les instructions qui s'affichent à l'écran.
Une fois terminé, redémarrez votre PC.
PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.
poste le rapport généré.
#
Télécharge VirtumundoBeGone sur ton bureau:http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double-clique ensuite sur VirtumundoBeGone.exe et suit les instructions qui s'affichent à l'écran.
Une fois terminé, redémarrez votre PC.
PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.
poste le rapport généré.
lis ce petit tuto de Ccleaner:https://www.malekal.com/tutoriel-ccleaner/
tu peux aussi utiliser RegCleaner .
le tuto reg cleaner:https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/
tu peux aussi utiliser RegCleaner .
le tuto reg cleaner:https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/
salut
on va vérifier tout ça.
télécharge ToolsCleaner sur ton pc.
Une fois l'installation faite tu clic sur rechercher et ensuite sur suppression.
un rapport va être généré envois ce rapport.
ensuite respecte bien les étapes:
1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (par sUBs) sur ton Bureau:http://download.bleepingcomputer.com/sUBs/ComboFix.exe
tuto de combofix: http://mickael.barroux.free.fr/securite/combofix.php
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Télécharge Hijackthis (de Trend Micro):
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Poste un rapport en suivant ce tuto: http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tuto_hijackthisv202_version_install-346620/messages-1.html
(en ayant renommé HiJackthis.exe en SCANNER.EXE)
on va vérifier tout ça.
télécharge ToolsCleaner sur ton pc.
Une fois l'installation faite tu clic sur rechercher et ensuite sur suppression.
un rapport va être généré envois ce rapport.
ensuite respecte bien les étapes:
1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (par sUBs) sur ton Bureau:http://download.bleepingcomputer.com/sUBs/ComboFix.exe
tuto de combofix: http://mickael.barroux.free.fr/securite/combofix.php
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Télécharge Hijackthis (de Trend Micro):
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Poste un rapport en suivant ce tuto: http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tuto_hijackthisv202_version_install-346620/messages-1.html
(en ayant renommé HiJackthis.exe en SCANNER.EXE)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut Ludsfa
Tool Search Rapport
-->- Recherche:
C:\SDFIX: trouvé !
C:\FixWareOut: trouvé !
C:\HijackThis: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tim\Bureau\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Tim\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Tim\Bureau\SDFIX: trouvé !
C:\Documents and Settings\Tim\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Tim\Mes documents\Downloads\Quarantine\HJTInstall.exe: trouvé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\SmitFraudfix: trouvé !
C:\Documents and Settings\Tim\Recent\HijackThis.lnk: trouvé !
C:\hijackthis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tim\Bureau\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Tim\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Tim\Mes documents\Downloads\Quarantine\HJTInstall.exe: supprimé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tim\Recent\HijackThis.lnk: supprimé !
C:\hijackthis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\FixWareOut: supprimé !
C:\HijackThis: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Tim\Bureau\SDFIX: supprimé !
C:\Documents and Settings\Tim\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\SmitFraudfix: supprimé !
VundoFix tourne
A+
Tool Search Rapport
-->- Recherche:
C:\SDFIX: trouvé !
C:\FixWareOut: trouvé !
C:\HijackThis: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tim\Bureau\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Tim\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Tim\Bureau\SDFIX: trouvé !
C:\Documents and Settings\Tim\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Tim\Mes documents\Downloads\Quarantine\HJTInstall.exe: trouvé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\SmitFraudfix: trouvé !
C:\Documents and Settings\Tim\Recent\HijackThis.lnk: trouvé !
C:\hijackthis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tim\Bureau\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Tim\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Tim\Mes documents\Downloads\Quarantine\HJTInstall.exe: supprimé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Tim\Recent\HijackThis.lnk: supprimé !
C:\hijackthis\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\FixWareOut: supprimé !
C:\HijackThis: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Tim\Bureau\SDFIX: supprimé !
C:\Documents and Settings\Tim\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Tim\Mes documents\Raccourcis\SmitFraudfix: supprimé !
VundoFix tourne
A+
Re:
Rapport Vundofix
VundoFix V7.0.3
Scan started at 13:08:20 02/05/2008
Listing files found while scanning....
No infected files were found.
A+
Rapport Vundofix
VundoFix V7.0.3
Scan started at 13:08:20 02/05/2008
Listing files found while scanning....
No infected files were found.
A+
Rapport ComboFix
ComboFix 08-05-01.1 - Tim 2008-05-02 13:45:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.363 [GMT 2:00]
Endroit: C:\Documents and Settings\Tim\Mes documents\Informatique\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bgvmnmsr.ini
C:\WINDOWS\system32\GiPAcfii.ini
C:\WINDOWS\system32\GiPAcfii.ini2
C:\WINDOWS\system32\JmooYJlm.ini
C:\WINDOWS\system32\JmooYJlm.ini2
C:\WINDOWS\system32\lwarmtqo.ini
C:\WINDOWS\system32\xbcLVvut.ini
C:\WINDOWS\system32\xbcLVvut.ini2
C:\WINDOWS\system32\xtuoerbr.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_MSUPDATE
-------\Legacy_NWSAPAGENT
-------\Service_6to4
-------\Service_NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 13:08 . 2008-05-02 13:08 <REP> d-------- C:\VundoFix Backups
2008-05-01 08:45 . 2008-05-01 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MySpace
2008-04-30 10:57 . 2008-04-30 11:33 <REP> d-------- C:\Program Files\RegCleaner
2008-04-26 10:47 . 2008-04-26 10:47 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-26 09:28 . 2008-04-29 11:58 109,743 --a------ C:\WINDOWS\BMabd0bf06.xml
2008-04-25 16:14 . 2008-04-29 17:17 <REP> d-------- C:\WINDOWS\system32\pnVes05
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp\zvebs14
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp
2008-04-25 16:00 . 2008-04-30 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-25 16:00 . 2008-04-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 15:59 . 2008-04-25 15:59 <REP> d-------- C:\Program Files\eMule
2008-04-25 13:46 . 2008-04-25 15:36 <REP> d-------- C:\Documents and Settings\Tim\Application Data\BitTorrent
2008-04-24 11:41 . 2008-04-24 11:41 <REP> d-------- C:\Program Files\MSBuild
2008-04-24 11:32 . 2008-04-24 11:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-24 11:29 . 2008-04-24 11:29 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-24 11:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-24 11:10 . 2008-04-24 11:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 10:41 . 2008-04-20 11:02 <REP> d-------- C:\xampp
2008-04-17 14:07 . 2008-04-17 14:07 <REP> d-------- C:\Program Files\Ghostgum
2008-04-17 14:05 . 2008-04-17 14:06 <REP> d-------- C:\Program Files\gs
2008-04-16 14:37 . 2008-04-16 14:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-12 16:00 . 2008-04-12 16:00 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Recordpad
2008-04-11 17:56 . 2008-04-11 18:07 <REP> d-------- C:\Program Files\QBrew
2008-04-10 12:28 . 2008-04-10 12:28 244 --ah----- C:\sqmnoopt13.sqm
2008-04-10 12:28 . 2008-04-10 12:28 232 --ah----- C:\sqmdata13.sqm
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Cadsoft
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 <REP> d-------- C:\Program Files\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
2008-04-08 09:01 . 2008-05-02 13:56 4,716,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 09:01 . 2008-05-02 13:50 56,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 08:57 . 2008-04-08 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-08 08:57 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-08 08:57 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-08 08:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-08 08:56 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-07 22:54 . 2008-04-07 22:54 244 --ah----- C:\sqmnoopt12.sqm
2008-04-07 22:54 . 2008-04-07 22:54 232 --ah----- C:\sqmdata12.sqm
2008-04-07 14:24 . 2008-04-10 15:22 <REP> d-------- C:\Program Files\ProMash
2008-04-07 10:59 . 2008-04-07 10:59 244 --ah----- C:\sqmnoopt11.sqm
2008-04-07 10:59 . 2008-04-07 10:59 232 --ah----- C:\sqmdata11.sqm
2008-04-07 10:58 . 2008-04-07 10:58 244 --ah----- C:\sqmnoopt10.sqm
2008-04-07 10:58 . 2008-04-07 10:58 232 --ah----- C:\sqmdata10.sqm
2008-04-07 10:57 . 2008-04-07 10:57 244 --ah----- C:\sqmnoopt09.sqm
2008-04-07 10:57 . 2008-04-07 10:57 232 --ah----- C:\sqmdata09.sqm
2008-04-07 10:54 . 2008-04-07 10:54 244 --ah----- C:\sqmnoopt08.sqm
2008-04-07 10:54 . 2008-04-07 10:54 232 --ah----- C:\sqmdata08.sqm
2008-04-07 10:53 . 2008-04-07 10:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-07 10:53 . 2008-04-07 10:53 232 --ah----- C:\sqmdata07.sqm
2008-04-07 10:51 . 2008-04-07 10:51 244 --ah----- C:\sqmnoopt06.sqm
2008-04-07 10:51 . 2008-04-07 10:51 232 --ah----- C:\sqmdata06.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt04.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata04.sqm
2008-04-05 14:25 . 2008-04-05 14:25 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-04-05 14:24 . 2008-04-05 14:24 <REP> d-------- C:\Program Files\Uniblue
2008-04-04 13:38 . 2008-04-04 13:38 <REP> d-------- C:\Program Files\iPod
2008-04-04 13:37 . 2008-04-04 13:39 <REP> d-------- C:\Program Files\iTunes
2008-04-04 13:22 . 2008-04-04 13:26 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 11:51 5,782,259 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 21:53 681,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-30 12:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-26 16:16 --------- d-----w C:\Documents and Settings\Tim\Application Data\gtk-2.0
2008-04-25 12:17 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-04-22 12:14 --------- d-----w C:\Program Files\Google
2008-04-21 07:30 --------- d-----w C:\Program Files\BeerSmith
2008-04-20 09:13 --------- d-----w C:\Documents and Settings\Tim\Application Data\OpenOffice.org2
2008-04-18 15:49 --------- d-----w C:\Program Files\Safari
2008-04-18 15:46 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 12:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 22:39 1,494,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-12 14:00 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\Tim\Application Data\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-01 07:23 --------- d-----w C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-03-28 18:02 --------- d-----w C:\Program Files\Network Stumbler
2008-03-21 14:29 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-18 11:10 --------- d-----w C:\Program Files\LimeWire
2008-03-14 14:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-14 14:16 --------- d-----w C:\Program Files\Ahead
2008-03-14 14:04 --------- d-----w C:\Program Files\Steinberg
2008-03-14 12:38 --------- d-----w C:\Program Files\RAR Password Cracker
2008-03-14 10:10 --------- d-----w C:\Program Files\BRL-CAD
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-12 11:40 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-11 14:49 --------- d-----w C:\Program Files\MSECache
2008-02-21 09:31 212,480 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-20 11:00 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-07 23:03 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-01 12:07 3,623,736 ----a-w C:\Program Files\procexp.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A7DCA88-77E6-4C2C-9209-C40985C2AB2D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFF2FC7-6C39-4697-804B-E571EEC98F7A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F377E7C1-29D3-40A6-8E99-65E504ECF1BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE946F62-F12F-4488-AA5F-8B147EF6BC62}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 18:52 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-03 12:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [2003-05-29 03:23 294912]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-29 09:58 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-18 22:51 135168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 12:59 45632]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 12:59 49216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 14:34 185896]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-16 14:35 214560]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-12-03 12:27 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-03 12:26 15360]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 09:33 8720384]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMabd0bf06]
C:\WINDOWS\system32\qdfxfxde.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Free.fr\\connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3:TCP"= 3:TCP:Free
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TBKNTService;TBKNTService;C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe [2007-11-16 16:07]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 AIDA32Driver;AIDA32Driver;C:\Program Files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 05:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-12-01 00:54]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-28 06:12:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 08:09:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 13:53:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\TEMP\_av_proI.tm~a02620\setup.lok
Scan termin‚ avec succŠs
Les fichiers cach‚s: 130
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:06:15 - machine was rebooted [Tim]
ComboFix-quarantined-files.txt 2008-05-02 12:05:59
Pre-Run: 9,782,263,808 octets libres
Post-Run: 9,732,186,112 octets libres
241 --- E O F --- 2008-04-26 09:31:09
ComboFix 08-05-01.1 - Tim 2008-05-02 13:45:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.363 [GMT 2:00]
Endroit: C:\Documents and Settings\Tim\Mes documents\Informatique\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bgvmnmsr.ini
C:\WINDOWS\system32\GiPAcfii.ini
C:\WINDOWS\system32\GiPAcfii.ini2
C:\WINDOWS\system32\JmooYJlm.ini
C:\WINDOWS\system32\JmooYJlm.ini2
C:\WINDOWS\system32\lwarmtqo.ini
C:\WINDOWS\system32\xbcLVvut.ini
C:\WINDOWS\system32\xbcLVvut.ini2
C:\WINDOWS\system32\xtuoerbr.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_MSUPDATE
-------\Legacy_NWSAPAGENT
-------\Service_6to4
-------\Service_NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 13:08 . 2008-05-02 13:08 <REP> d-------- C:\VundoFix Backups
2008-05-01 08:45 . 2008-05-01 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MySpace
2008-04-30 10:57 . 2008-04-30 11:33 <REP> d-------- C:\Program Files\RegCleaner
2008-04-26 10:47 . 2008-04-26 10:47 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-26 09:28 . 2008-04-29 11:58 109,743 --a------ C:\WINDOWS\BMabd0bf06.xml
2008-04-25 16:14 . 2008-04-29 17:17 <REP> d-------- C:\WINDOWS\system32\pnVes05
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp\zvebs14
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp
2008-04-25 16:00 . 2008-04-30 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-25 16:00 . 2008-04-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 15:59 . 2008-04-25 15:59 <REP> d-------- C:\Program Files\eMule
2008-04-25 13:46 . 2008-04-25 15:36 <REP> d-------- C:\Documents and Settings\Tim\Application Data\BitTorrent
2008-04-24 11:41 . 2008-04-24 11:41 <REP> d-------- C:\Program Files\MSBuild
2008-04-24 11:32 . 2008-04-24 11:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-24 11:29 . 2008-04-24 11:29 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-24 11:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-24 11:10 . 2008-04-24 11:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 10:41 . 2008-04-20 11:02 <REP> d-------- C:\xampp
2008-04-17 14:07 . 2008-04-17 14:07 <REP> d-------- C:\Program Files\Ghostgum
2008-04-17 14:05 . 2008-04-17 14:06 <REP> d-------- C:\Program Files\gs
2008-04-16 14:37 . 2008-04-16 14:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-12 16:00 . 2008-04-12 16:00 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Recordpad
2008-04-11 17:56 . 2008-04-11 18:07 <REP> d-------- C:\Program Files\QBrew
2008-04-10 12:28 . 2008-04-10 12:28 244 --ah----- C:\sqmnoopt13.sqm
2008-04-10 12:28 . 2008-04-10 12:28 232 --ah----- C:\sqmdata13.sqm
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Cadsoft
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 <REP> d-------- C:\Program Files\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
2008-04-08 09:01 . 2008-05-02 13:56 4,716,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 09:01 . 2008-05-02 13:50 56,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 08:57 . 2008-04-08 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-08 08:57 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-08 08:57 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-08 08:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-08 08:56 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-07 22:54 . 2008-04-07 22:54 244 --ah----- C:\sqmnoopt12.sqm
2008-04-07 22:54 . 2008-04-07 22:54 232 --ah----- C:\sqmdata12.sqm
2008-04-07 14:24 . 2008-04-10 15:22 <REP> d-------- C:\Program Files\ProMash
2008-04-07 10:59 . 2008-04-07 10:59 244 --ah----- C:\sqmnoopt11.sqm
2008-04-07 10:59 . 2008-04-07 10:59 232 --ah----- C:\sqmdata11.sqm
2008-04-07 10:58 . 2008-04-07 10:58 244 --ah----- C:\sqmnoopt10.sqm
2008-04-07 10:58 . 2008-04-07 10:58 232 --ah----- C:\sqmdata10.sqm
2008-04-07 10:57 . 2008-04-07 10:57 244 --ah----- C:\sqmnoopt09.sqm
2008-04-07 10:57 . 2008-04-07 10:57 232 --ah----- C:\sqmdata09.sqm
2008-04-07 10:54 . 2008-04-07 10:54 244 --ah----- C:\sqmnoopt08.sqm
2008-04-07 10:54 . 2008-04-07 10:54 232 --ah----- C:\sqmdata08.sqm
2008-04-07 10:53 . 2008-04-07 10:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-07 10:53 . 2008-04-07 10:53 232 --ah----- C:\sqmdata07.sqm
2008-04-07 10:51 . 2008-04-07 10:51 244 --ah----- C:\sqmnoopt06.sqm
2008-04-07 10:51 . 2008-04-07 10:51 232 --ah----- C:\sqmdata06.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt04.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata04.sqm
2008-04-05 14:25 . 2008-04-05 14:25 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-04-05 14:24 . 2008-04-05 14:24 <REP> d-------- C:\Program Files\Uniblue
2008-04-04 13:38 . 2008-04-04 13:38 <REP> d-------- C:\Program Files\iPod
2008-04-04 13:37 . 2008-04-04 13:39 <REP> d-------- C:\Program Files\iTunes
2008-04-04 13:22 . 2008-04-04 13:26 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 11:51 5,782,259 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 21:53 681,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-30 12:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-26 16:16 --------- d-----w C:\Documents and Settings\Tim\Application Data\gtk-2.0
2008-04-25 12:17 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-04-22 12:14 --------- d-----w C:\Program Files\Google
2008-04-21 07:30 --------- d-----w C:\Program Files\BeerSmith
2008-04-20 09:13 --------- d-----w C:\Documents and Settings\Tim\Application Data\OpenOffice.org2
2008-04-18 15:49 --------- d-----w C:\Program Files\Safari
2008-04-18 15:46 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 12:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 22:39 1,494,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-12 14:00 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\Tim\Application Data\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-01 07:23 --------- d-----w C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-03-28 18:02 --------- d-----w C:\Program Files\Network Stumbler
2008-03-21 14:29 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-18 11:10 --------- d-----w C:\Program Files\LimeWire
2008-03-14 14:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-14 14:16 --------- d-----w C:\Program Files\Ahead
2008-03-14 14:04 --------- d-----w C:\Program Files\Steinberg
2008-03-14 12:38 --------- d-----w C:\Program Files\RAR Password Cracker
2008-03-14 10:10 --------- d-----w C:\Program Files\BRL-CAD
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-12 11:40 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-11 14:49 --------- d-----w C:\Program Files\MSECache
2008-02-21 09:31 212,480 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-20 11:00 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-07 23:03 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-01 12:07 3,623,736 ----a-w C:\Program Files\procexp.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A7DCA88-77E6-4C2C-9209-C40985C2AB2D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFF2FC7-6C39-4697-804B-E571EEC98F7A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F377E7C1-29D3-40A6-8E99-65E504ECF1BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE946F62-F12F-4488-AA5F-8B147EF6BC62}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 18:52 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-03 12:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [2003-05-29 03:23 294912]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-29 09:58 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-18 22:51 135168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 12:59 45632]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 12:59 49216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 14:34 185896]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-16 14:35 214560]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-12-03 12:27 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-03 12:26 15360]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 09:33 8720384]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMabd0bf06]
C:\WINDOWS\system32\qdfxfxde.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Free.fr\\connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3:TCP"= 3:TCP:Free
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TBKNTService;TBKNTService;C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe [2007-11-16 16:07]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 AIDA32Driver;AIDA32Driver;C:\Program Files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 05:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-12-01 00:54]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-28 06:12:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 08:09:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 13:53:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\TEMP\_av_proI.tm~a02620\setup.lok
Scan termin‚ avec succŠs
Les fichiers cach‚s: 130
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:06:15 - machine was rebooted [Tim]
ComboFix-quarantined-files.txt 2008-05-02 12:05:59
Pre-Run: 9,782,263,808 octets libres
Post-Run: 9,732,186,112 octets libres
241 --- E O F --- 2008-04-26 09:31:09
Salut ludsfa
Et Mon HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:40, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Et Mon HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:40, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ensuite,
Télécharge MalwareByte's Anti-Malware sur ton Bureau:https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec :http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM :http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
Télécharge MalwareByte's Anti-Malware sur ton Bureau:https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec :http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM :http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
Salut ludsfa
de retour apres 3 heures avec Malwarebytes
voici log
S&D à voulu changer des entees de Regitre en start up
SCR Extension Loader Value Change old "%1" new "%1"%*
Regedit old "%1" new "%1"%*
je les ai refuse ?
Toujours la meme ligne dans utilitaire de configuration
qufxfxde (dans Utilitaire de configuration system)
Commande:- Rundll32.exe "C:\WINDOWS\system32\qdfxfxde.dll",s
Emplacement:- SOFTWARE\Microsoft\Windows\currentVersion\Run
Log
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 707
Type de recherche: Examen complet (C:\|)
Eléments examinés: 118942
Temps écoulé: 2 hour(s), 29 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci
de retour apres 3 heures avec Malwarebytes
voici log
S&D à voulu changer des entees de Regitre en start up
SCR Extension Loader Value Change old "%1" new "%1"%*
Regedit old "%1" new "%1"%*
je les ai refuse ?
Toujours la meme ligne dans utilitaire de configuration
qufxfxde (dans Utilitaire de configuration system)
Commande:- Rundll32.exe "C:\WINDOWS\system32\qdfxfxde.dll",s
Emplacement:- SOFTWARE\Microsoft\Windows\currentVersion\Run
Log
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 707
Type de recherche: Examen complet (C:\|)
Eléments examinés: 118942
Temps écoulé: 2 hour(s), 29 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci
c'est en cours
j'ai plus Process Explorer c'est celle de Windows
à tout suite avec 2eme combofix rapport
j'ai plus Process Explorer c'est celle de Windows
à tout suite avec 2eme combofix rapport
tu sais à mon avis on va supprimé avast et installer antivir à la place.
Il est beaucoup plus efficace et lui au moins va nous trouver des virus.
désinstalle avast avec ce lien:
https://www.avast.com/fr-fr/uninstall-utility
installe AntiVir à la place.
ton premier scan tu le fais en mode sans échec .
quand antivir trouve un virus une petite fenêtre s'ouvre et te demande ce que tu veux faire il faudra que tu coche la case DELETE , ce qui veut dire supprimé en français.
A la fin du scan il va te proposer un rapport,tu me l'enverra.
voici le tuto d'antivir: (tu peux aussi le télécharger de là)
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Il est beaucoup plus efficace et lui au moins va nous trouver des virus.
désinstalle avast avec ce lien:
https://www.avast.com/fr-fr/uninstall-utility
installe AntiVir à la place.
ton premier scan tu le fais en mode sans échec .
quand antivir trouve un virus une petite fenêtre s'ouvre et te demande ce que tu veux faire il faudra que tu coche la case DELETE , ce qui veut dire supprimé en français.
A la fin du scan il va te proposer un rapport,tu me l'enverra.
voici le tuto d'antivir: (tu peux aussi le télécharger de là)
https://www.malekal.com/avira-free-security-antivirus-gratuit/
ombo fix n'a pas encore fini
S&D demane encore des chagement base de reg
Browser page value change old www google ok
new micrsoft/israpi/redir.dll?prd=
je change d'ordi pour rapport
S&D demane encore des chagement base de reg
Browser page value change old www google ok
new micrsoft/israpi/redir.dll?prd=
je change d'ordi pour rapport
Combofix rapport
ComboFix 08-05-01.1 - Tim 2008-05-02 17:42:44.2 - NTFSx86
Endroit: C:\Documents and Settings\Tim\Mes documents\Informatique\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Malwarebytes
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 14:13 . 2008-05-02 14:18 <REP> d-------- C:\HijackThis
2008-05-02 13:08 . 2008-05-02 13:08 <REP> d-------- C:\VundoFix Backups
2008-05-01 08:45 . 2008-05-01 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MySpace
2008-04-30 10:57 . 2008-04-30 11:33 <REP> d-------- C:\Program Files\RegCleaner
2008-04-26 10:47 . 2008-04-26 10:47 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-26 09:28 . 2008-04-29 11:58 109,743 --a------ C:\WINDOWS\BMabd0bf06.xml
2008-04-25 16:14 . 2008-04-29 17:17 <REP> d-------- C:\WINDOWS\system32\pnVes05
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp\zvebs14
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp
2008-04-25 16:00 . 2008-04-30 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-25 16:00 . 2008-04-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 15:59 . 2008-04-25 15:59 <REP> d-------- C:\Program Files\eMule
2008-04-25 13:46 . 2008-04-25 15:36 <REP> d-------- C:\Documents and Settings\Tim\Application Data\BitTorrent
2008-04-24 11:41 . 2008-04-24 11:41 <REP> d-------- C:\Program Files\MSBuild
2008-04-24 11:32 . 2008-04-24 11:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-24 11:29 . 2008-04-24 11:29 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-24 11:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-24 11:10 . 2008-04-24 11:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 10:41 . 2008-04-20 11:02 <REP> d-------- C:\xampp
2008-04-17 14:07 . 2008-04-17 14:07 <REP> d-------- C:\Program Files\Ghostgum
2008-04-17 14:05 . 2008-04-17 14:06 <REP> d-------- C:\Program Files\gs
2008-04-16 14:37 . 2008-04-16 14:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-12 16:00 . 2008-04-12 16:00 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Recordpad
2008-04-11 17:56 . 2008-04-11 18:07 <REP> d-------- C:\Program Files\QBrew
2008-04-10 12:28 . 2008-04-10 12:28 244 --ah----- C:\sqmnoopt13.sqm
2008-04-10 12:28 . 2008-04-10 12:28 232 --ah----- C:\sqmdata13.sqm
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Cadsoft
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 <REP> d-------- C:\Program Files\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
2008-04-08 09:01 . 2008-05-02 17:57 4,769,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 09:01 . 2008-05-02 17:49 56,924 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 08:57 . 2008-04-08 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-08 08:57 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-08 08:57 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-08 08:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-08 08:56 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-07 22:54 . 2008-04-07 22:54 244 --ah----- C:\sqmnoopt12.sqm
2008-04-07 22:54 . 2008-04-07 22:54 232 --ah----- C:\sqmdata12.sqm
2008-04-07 14:24 . 2008-04-10 15:22 <REP> d-------- C:\Program Files\ProMash
2008-04-07 10:59 . 2008-04-07 10:59 244 --ah----- C:\sqmnoopt11.sqm
2008-04-07 10:59 . 2008-04-07 10:59 232 --ah----- C:\sqmdata11.sqm
2008-04-07 10:58 . 2008-04-07 10:58 244 --ah----- C:\sqmnoopt10.sqm
2008-04-07 10:58 . 2008-04-07 10:58 232 --ah----- C:\sqmdata10.sqm
2008-04-07 10:57 . 2008-04-07 10:57 244 --ah----- C:\sqmnoopt09.sqm
2008-04-07 10:57 . 2008-04-07 10:57 232 --ah----- C:\sqmdata09.sqm
2008-04-07 10:54 . 2008-04-07 10:54 244 --ah----- C:\sqmnoopt08.sqm
2008-04-07 10:54 . 2008-04-07 10:54 232 --ah----- C:\sqmdata08.sqm
2008-04-07 10:53 . 2008-04-07 10:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-07 10:53 . 2008-04-07 10:53 232 --ah----- C:\sqmdata07.sqm
2008-04-07 10:51 . 2008-04-07 10:51 244 --ah----- C:\sqmnoopt06.sqm
2008-04-07 10:51 . 2008-04-07 10:51 232 --ah----- C:\sqmdata06.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt04.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata04.sqm
2008-04-05 14:25 . 2008-04-05 14:25 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-04-05 14:24 . 2008-04-05 14:24 <REP> d-------- C:\Program Files\Uniblue
2008-04-04 13:38 . 2008-04-04 13:38 <REP> d-------- C:\Program Files\iPod
2008-04-04 13:37 . 2008-04-04 13:39 <REP> d-------- C:\Program Files\iTunes
2008-04-04 13:22 . 2008-04-04 13:26 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 11:51 5,782,259 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 21:53 681,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-30 12:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-26 16:16 --------- d-----w C:\Documents and Settings\Tim\Application Data\gtk-2.0
2008-04-25 12:17 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-04-22 12:14 --------- d-----w C:\Program Files\Google
2008-04-21 07:30 --------- d-----w C:\Program Files\BeerSmith
2008-04-20 09:13 --------- d-----w C:\Documents and Settings\Tim\Application Data\OpenOffice.org2
2008-04-18 15:49 --------- d-----w C:\Program Files\Safari
2008-04-18 15:46 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 12:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 22:39 1,494,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-12 14:00 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\Tim\Application Data\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-01 07:23 --------- d-----w C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-03-28 18:02 --------- d-----w C:\Program Files\Network Stumbler
2008-03-21 14:29 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-18 11:10 --------- d-----w C:\Program Files\LimeWire
2008-03-14 14:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-14 14:16 --------- d-----w C:\Program Files\Ahead
2008-03-14 14:04 --------- d-----w C:\Program Files\Steinberg
2008-03-14 12:38 --------- d-----w C:\Program Files\RAR Password Cracker
2008-03-14 10:10 --------- d-----w C:\Program Files\BRL-CAD
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-12 11:40 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-11 14:49 --------- d-----w C:\Program Files\MSECache
2008-02-21 09:31 212,480 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-20 11:00 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-07 23:03 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-01 12:07 3,623,736 ----a-w C:\Program Files\procexp.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_14.05.23.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 11:51:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 15:50:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 15:51:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_138.dat
+ 2008-05-02 15:51:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A7DCA88-77E6-4C2C-9209-C40985C2AB2D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFF2FC7-6C39-4697-804B-E571EEC98F7A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F377E7C1-29D3-40A6-8E99-65E504ECF1BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE946F62-F12F-4488-AA5F-8B147EF6BC62}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 18:52 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-03 12:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [2003-05-29 03:23 294912]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-29 09:58 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-18 22:51 135168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 12:59 45632]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 12:59 49216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-16 14:35 214560]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-12-03 12:27 160768]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 14:34 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-03 12:26 15360]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 09:33 8720384]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMabd0bf06]
C:\WINDOWS\system32\qdfxfxde.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-16 14:34 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Free.fr\\connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3:TCP"= 3:TCP:Free
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TBKNTService;TBKNTService;C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe [2007-11-16 16:07]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 AIDA32Driver;AIDA32Driver;C:\Program Files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 05:07]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-12-01 00:54]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-28 06:12:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 08:09:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 17:53:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 129
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 18:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 16:03:44
ComboFix2.txt 2008-05-02 12:06:18
Pre-Run: 9,704,136,704 octets libres
Post-Run: 9,678,049,280 octets libres
233 --- E O F --- 2008-04-26 09:31:09
Merci A+
ComboFix 08-05-01.1 - Tim 2008-05-02 17:42:44.2 - NTFSx86
Endroit: C:\Documents and Settings\Tim\Mes documents\Informatique\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Malwarebytes
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 14:13 . 2008-05-02 14:18 <REP> d-------- C:\HijackThis
2008-05-02 13:08 . 2008-05-02 13:08 <REP> d-------- C:\VundoFix Backups
2008-05-01 08:45 . 2008-05-01 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MySpace
2008-04-30 10:57 . 2008-04-30 11:33 <REP> d-------- C:\Program Files\RegCleaner
2008-04-26 10:47 . 2008-04-26 10:47 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-26 09:28 . 2008-04-29 11:58 109,743 --a------ C:\WINDOWS\BMabd0bf06.xml
2008-04-25 16:14 . 2008-04-29 17:17 <REP> d-------- C:\WINDOWS\system32\pnVes05
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp\zvebs14
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp
2008-04-25 16:00 . 2008-04-30 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-25 16:00 . 2008-04-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 15:59 . 2008-04-25 15:59 <REP> d-------- C:\Program Files\eMule
2008-04-25 13:46 . 2008-04-25 15:36 <REP> d-------- C:\Documents and Settings\Tim\Application Data\BitTorrent
2008-04-24 11:41 . 2008-04-24 11:41 <REP> d-------- C:\Program Files\MSBuild
2008-04-24 11:32 . 2008-04-24 11:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-24 11:29 . 2008-04-24 11:29 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-24 11:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-24 11:10 . 2008-04-24 11:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 10:41 . 2008-04-20 11:02 <REP> d-------- C:\xampp
2008-04-17 14:07 . 2008-04-17 14:07 <REP> d-------- C:\Program Files\Ghostgum
2008-04-17 14:05 . 2008-04-17 14:06 <REP> d-------- C:\Program Files\gs
2008-04-16 14:37 . 2008-04-16 14:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-12 16:00 . 2008-04-12 16:00 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Recordpad
2008-04-11 17:56 . 2008-04-11 18:07 <REP> d-------- C:\Program Files\QBrew
2008-04-10 12:28 . 2008-04-10 12:28 244 --ah----- C:\sqmnoopt13.sqm
2008-04-10 12:28 . 2008-04-10 12:28 232 --ah----- C:\sqmdata13.sqm
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Cadsoft
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 <REP> d-------- C:\Program Files\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
2008-04-08 09:01 . 2008-05-02 17:57 4,769,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 09:01 . 2008-05-02 17:49 56,924 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 08:57 . 2008-04-08 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-08 08:57 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-08 08:57 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-08 08:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-08 08:56 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-07 22:54 . 2008-04-07 22:54 244 --ah----- C:\sqmnoopt12.sqm
2008-04-07 22:54 . 2008-04-07 22:54 232 --ah----- C:\sqmdata12.sqm
2008-04-07 14:24 . 2008-04-10 15:22 <REP> d-------- C:\Program Files\ProMash
2008-04-07 10:59 . 2008-04-07 10:59 244 --ah----- C:\sqmnoopt11.sqm
2008-04-07 10:59 . 2008-04-07 10:59 232 --ah----- C:\sqmdata11.sqm
2008-04-07 10:58 . 2008-04-07 10:58 244 --ah----- C:\sqmnoopt10.sqm
2008-04-07 10:58 . 2008-04-07 10:58 232 --ah----- C:\sqmdata10.sqm
2008-04-07 10:57 . 2008-04-07 10:57 244 --ah----- C:\sqmnoopt09.sqm
2008-04-07 10:57 . 2008-04-07 10:57 232 --ah----- C:\sqmdata09.sqm
2008-04-07 10:54 . 2008-04-07 10:54 244 --ah----- C:\sqmnoopt08.sqm
2008-04-07 10:54 . 2008-04-07 10:54 232 --ah----- C:\sqmdata08.sqm
2008-04-07 10:53 . 2008-04-07 10:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-07 10:53 . 2008-04-07 10:53 232 --ah----- C:\sqmdata07.sqm
2008-04-07 10:51 . 2008-04-07 10:51 244 --ah----- C:\sqmnoopt06.sqm
2008-04-07 10:51 . 2008-04-07 10:51 232 --ah----- C:\sqmdata06.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt04.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata04.sqm
2008-04-05 14:25 . 2008-04-05 14:25 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-04-05 14:24 . 2008-04-05 14:24 <REP> d-------- C:\Program Files\Uniblue
2008-04-04 13:38 . 2008-04-04 13:38 <REP> d-------- C:\Program Files\iPod
2008-04-04 13:37 . 2008-04-04 13:39 <REP> d-------- C:\Program Files\iTunes
2008-04-04 13:22 . 2008-04-04 13:26 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 11:51 5,782,259 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 21:53 681,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-30 12:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-26 16:16 --------- d-----w C:\Documents and Settings\Tim\Application Data\gtk-2.0
2008-04-25 12:17 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-04-22 12:14 --------- d-----w C:\Program Files\Google
2008-04-21 07:30 --------- d-----w C:\Program Files\BeerSmith
2008-04-20 09:13 --------- d-----w C:\Documents and Settings\Tim\Application Data\OpenOffice.org2
2008-04-18 15:49 --------- d-----w C:\Program Files\Safari
2008-04-18 15:46 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 12:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 22:39 1,494,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-12 14:00 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\Tim\Application Data\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-01 07:23 --------- d-----w C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-03-28 18:02 --------- d-----w C:\Program Files\Network Stumbler
2008-03-21 14:29 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-18 11:10 --------- d-----w C:\Program Files\LimeWire
2008-03-14 14:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-14 14:16 --------- d-----w C:\Program Files\Ahead
2008-03-14 14:04 --------- d-----w C:\Program Files\Steinberg
2008-03-14 12:38 --------- d-----w C:\Program Files\RAR Password Cracker
2008-03-14 10:10 --------- d-----w C:\Program Files\BRL-CAD
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-12 11:40 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-11 14:49 --------- d-----w C:\Program Files\MSECache
2008-02-21 09:31 212,480 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-20 11:00 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-07 23:03 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-01 12:07 3,623,736 ----a-w C:\Program Files\procexp.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_14.05.23.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 11:51:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 15:50:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 15:51:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_138.dat
+ 2008-05-02 15:51:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A7DCA88-77E6-4C2C-9209-C40985C2AB2D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFF2FC7-6C39-4697-804B-E571EEC98F7A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F377E7C1-29D3-40A6-8E99-65E504ECF1BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE946F62-F12F-4488-AA5F-8B147EF6BC62}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 18:52 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-03 12:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [2003-05-29 03:23 294912]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-29 09:58 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-18 22:51 135168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 12:59 45632]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 12:59 49216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-16 14:35 214560]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-12-03 12:27 160768]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 14:34 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-03 12:26 15360]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 09:33 8720384]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMabd0bf06]
C:\WINDOWS\system32\qdfxfxde.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-16 14:34 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Free.fr\\connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3:TCP"= 3:TCP:Free
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TBKNTService;TBKNTService;C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe [2007-11-16 16:07]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 AIDA32Driver;AIDA32Driver;C:\Program Files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 05:07]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-12-01 00:54]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-28 06:12:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 08:09:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 17:53:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 129
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 18:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 16:03:44
ComboFix2.txt 2008-05-02 12:06:18
Pre-Run: 9,704,136,704 octets libres
Post-Run: 9,678,049,280 octets libres
233 --- E O F --- 2008-04-26 09:31:09
Merci A+
redemarrage Ok
A+