Vundo-dj et Agent-RVZ
Fermé
croisiere jaune
Messages postés
2
Date d'inscription
vendredi 9 février 2007
Statut
Membre
Dernière intervention
15 juillet 2008
-
15 juil. 2008 à 16:19
croisiere jaune - 17 juil. 2008 à 17:42
croisiere jaune - 17 juil. 2008 à 17:42
A voir également:
- Vundo-dj et Agent-RVZ
- Virtual dj gratuit - Télécharger - DJ & Karaoké
- Atomix virtual dj - Télécharger - DJ & Karaoké
- Faut il activer l'agent web - Forum Antivirus
- Cross dj - Télécharger - Lecture & Playlists
- Dj mix lite - Télécharger - DJ & Karaoké
7 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 juil. 2008 à 16:43
15 juil. 2008 à 16:43
slt
relance hijackhtis fais do a system scan only et fix cette ligne:
O4 - HKLM\..\Run: [lphctktj0ep17] C:\WINDOWS\system32\lphctktj0ep17.exe
______________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\lphctktj0ep17.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
________________________
colle un rapport avec combofix svp
relance hijackhtis fais do a system scan only et fix cette ligne:
O4 - HKLM\..\Run: [lphctktj0ep17] C:\WINDOWS\system32\lphctktj0ep17.exe
______________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\lphctktj0ep17.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
________________________
colle un rapport avec combofix svp
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
17 juil. 2008 à 08:04
17 juil. 2008 à 08:04
Salut !!
jlpjlp : il ne devrait pas réinstaller hijackthis ??
parce qu il est mal installé : D:\Virus Attack\Hijackthis\HijackThis.exe
jlpjlp : il ne devrait pas réinstaller hijackthis ??
parce qu il est mal installé : D:\Virus Attack\Hijackthis\HijackThis.exe
Salut Geoffrey et jlpjlp
voici le rapport Hijackthis apres l'avoir installe sur le bureau
ComboFix 08-07-14.2 - Franck 2008-07-16 20:38:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1005 [GMT -7:00]
Running from: D:\Virus Attack\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-16 11:57 . 2008-07-16 11:57 <DIR> d-------- C:\_OTMoveIt
2008-07-15 06:33 . 2008-07-15 06:33 <DIR> d-------- C:\VundoFix Backups
2008-07-14 13:12 . 2008-07-14 13:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Documents and Settings\Franck\Application Data\Malwarebytes
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 23:53 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 23:53 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 23:14 . 2008-07-13 23:22 4,004 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 23:14 . 2008-07-13 23:22 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-13 09:19 . 2006-02-28 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Program Files\3B-Editions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2042-01-28 04:23 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB20C.tmp
2042-01-28 04:15 3,047,424 ----a-w C:\WINDOWS\Internet Logs\xDB20B.tmp
2042-01-28 01:09 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2042-01-28 00:39 3,049,472 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2042-01-27 17:44 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2042-01-27 17:29 3,048,448 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2042-01-27 09:17 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2042-01-27 09:17 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2042-01-27 09:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-07-17 03:51 --------- d-----w C:\Documents and Settings\Franck\Application Data\Skype
2008-07-16 19:14 3,943,936 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-07-16 00:06 --------- d-----w C:\Program Files\RamBoost XP
2008-07-15 13:49 36,352 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-07-15 13:48 3,936,256 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-07-14 17:45 3,886,080 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-07-14 17:44 122,368 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-07-14 06:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-14 06:34 --------- d-----w C:\Program Files\Panda Security
2008-07-13 17:39 3,820,032 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-07-12 00:13 --------- d-----w C:\Documents and Settings\Franck\Application Data\Image Zone Express
2008-07-11 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-09 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-04 22:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-03 13:34 3,791,872 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-07-03 13:34 1,858,560 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-07-03 12:35 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-07-01 15:42 --------- d-----w C:\Program Files\Incomplete
2008-07-01 02:52 --------- d-----w C:\Program Files\LimeWire
2008-07-01 02:28 --------- d-----w C:\Documents and Settings\Franck\Application Data\LimeWire
2008-06-28 22:58 3,788,800 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-06-28 22:57 139,264 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 13:56 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-06-14 10:15 177,152 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-06-14 10:05 3,785,728 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 00:59 --------- d-----w C:\Program Files\iLiberty
2008-06-04 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:43 --------- d-----w C:\Program Files\IGC
2008-06-02 18:36 --------- d-----w C:\Documents and Settings\Franck\Application Data\TaoUSign
2008-06-01 19:42 --------- d-----w C:\Program Files\eMule48
2008-06-01 11:12 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-26 07:25 11,282,944 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-26 07:10 3,777,536 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-22 13:11 --------- d-----w C:\Program Files\GlobFX Technologies
2008-05-18 04:00 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-18 03:51 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-05-18 03:45 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-05-18 03:45 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-18 03:25 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-05-18 02:30 3,720,192 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-05-14 19:00 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-05-14 18:56 3,709,952 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-05-13 07:22 3,710,464 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-05-13 07:21 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 17:20 177,152 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-05-02 17:00 3,692,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 01:21 3,661,824 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-17 01:20 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-08 15:06 66,560 ---ha-w C:\Documents and Settings\Franck\Application Data\rbap500.dll
2008-01-08 15:06 41,984 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSMainPlugin1641.dll
2008-01-08 15:06 36,864 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSQTMovieExporterPlugin1677.dll
2008-01-08 15:06 26,112 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSRegistrationPlugin1636.dll
2007-12-10 07:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-15_ 6.57.12.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-07-17 03:26:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 16:18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"SpriteService"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" [2006-08-15 16:45 544768]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 23:48 1542144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-04-01 10:30 693520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-09-08 03:41 4866048]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 19:19 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-01-07 08:22 2242160]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 11:09 185896]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 10:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
C:\Documents and Settings\Franck\Start Menu\Programs\Startup\
Rappels Adresses.lnk - C:\Program Files\3B-Editions\Adresses\rappels.exe [2007-02-10 07:07:59 20480]
SpamPal.lnk - C:\Program Files\SpamPal\spampal.exe [2005-10-24 21:08:06 387616]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 15:34:48 3746856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-29 18:47:04 184320]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-01-02 23:42:08 118784]
Phone Connection Monitor.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2008-02-28 06:29:30 813056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Franck^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Franck\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Franck^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Franck\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a------ 2005-10-27 19:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-10 11:09 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\eMule48\\emule.exe"=
"C:\\Program Files\\Time Zone Clock V2.0\\Time Zone Clock.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-01-07 08:22]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-01-07 08:22]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-26 01:27]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 05:51]
R3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 17:15]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 00:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc29572-af0e-11dc-b865-00028adbdd4f}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37319f58-26e8-11dd-b8c8-080046c47c4f}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58650b09-30c7-11dd-b8cb-080046c47c4f}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 06:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 08:00:00 C:\WINDOWS\Tasks\Franck backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-07-12 08:20:00 C:\WINDOWS\Tasks\Franck scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-07-12 00:15:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-17 03:51:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 20:51:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-16 20:52:33
ComboFix-quarantined-files.txt 2008-07-17 03:52:26
ComboFix2.txt 2008-07-17 02:22:32
ComboFix3.txt 2008-07-15 13:57:50
Pre-Run: 11,330,498,560 bytes free
Post-Run: 11,319,226,368 bytes free
236 --- E O F --- 2008-07-17 03:23:27
voici le rapport Hijackthis apres l'avoir installe sur le bureau
ComboFix 08-07-14.2 - Franck 2008-07-16 20:38:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1005 [GMT -7:00]
Running from: D:\Virus Attack\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-16 11:57 . 2008-07-16 11:57 <DIR> d-------- C:\_OTMoveIt
2008-07-15 06:33 . 2008-07-15 06:33 <DIR> d-------- C:\VundoFix Backups
2008-07-14 13:12 . 2008-07-14 13:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Documents and Settings\Franck\Application Data\Malwarebytes
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 23:53 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 23:53 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 23:14 . 2008-07-13 23:22 4,004 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 23:14 . 2008-07-13 23:22 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-13 09:19 . 2006-02-28 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Program Files\3B-Editions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2042-01-28 04:23 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB20C.tmp
2042-01-28 04:15 3,047,424 ----a-w C:\WINDOWS\Internet Logs\xDB20B.tmp
2042-01-28 01:09 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2042-01-28 00:39 3,049,472 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2042-01-27 17:44 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2042-01-27 17:29 3,048,448 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2042-01-27 09:17 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2042-01-27 09:17 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2042-01-27 09:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-07-17 03:51 --------- d-----w C:\Documents and Settings\Franck\Application Data\Skype
2008-07-16 19:14 3,943,936 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-07-16 00:06 --------- d-----w C:\Program Files\RamBoost XP
2008-07-15 13:49 36,352 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-07-15 13:48 3,936,256 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-07-14 17:45 3,886,080 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-07-14 17:44 122,368 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-07-14 06:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-14 06:34 --------- d-----w C:\Program Files\Panda Security
2008-07-13 17:39 3,820,032 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-07-12 00:13 --------- d-----w C:\Documents and Settings\Franck\Application Data\Image Zone Express
2008-07-11 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-09 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-04 22:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-03 13:34 3,791,872 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-07-03 13:34 1,858,560 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-07-03 12:35 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-07-01 15:42 --------- d-----w C:\Program Files\Incomplete
2008-07-01 02:52 --------- d-----w C:\Program Files\LimeWire
2008-07-01 02:28 --------- d-----w C:\Documents and Settings\Franck\Application Data\LimeWire
2008-06-28 22:58 3,788,800 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-06-28 22:57 139,264 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 13:56 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-06-14 10:15 177,152 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-06-14 10:05 3,785,728 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 00:59 --------- d-----w C:\Program Files\iLiberty
2008-06-04 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:43 --------- d-----w C:\Program Files\IGC
2008-06-02 18:36 --------- d-----w C:\Documents and Settings\Franck\Application Data\TaoUSign
2008-06-01 19:42 --------- d-----w C:\Program Files\eMule48
2008-06-01 11:12 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-26 07:25 11,282,944 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-26 07:10 3,777,536 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-22 13:11 --------- d-----w C:\Program Files\GlobFX Technologies
2008-05-18 04:00 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-18 03:51 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-05-18 03:45 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-05-18 03:45 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-18 03:25 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-05-18 02:30 3,720,192 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-05-14 19:00 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-05-14 18:56 3,709,952 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-05-13 07:22 3,710,464 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-05-13 07:21 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 17:20 177,152 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-05-02 17:00 3,692,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 01:21 3,661,824 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-17 01:20 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-08 15:06 66,560 ---ha-w C:\Documents and Settings\Franck\Application Data\rbap500.dll
2008-01-08 15:06 41,984 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSMainPlugin1641.dll
2008-01-08 15:06 36,864 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSQTMovieExporterPlugin1677.dll
2008-01-08 15:06 26,112 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSRegistrationPlugin1636.dll
2007-12-10 07:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-15_ 6.57.12.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-07-17 03:26:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 16:18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"SpriteService"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" [2006-08-15 16:45 544768]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 23:48 1542144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-04-01 10:30 693520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-09-08 03:41 4866048]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 19:19 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-01-07 08:22 2242160]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 11:09 185896]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 10:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
C:\Documents and Settings\Franck\Start Menu\Programs\Startup\
Rappels Adresses.lnk - C:\Program Files\3B-Editions\Adresses\rappels.exe [2007-02-10 07:07:59 20480]
SpamPal.lnk - C:\Program Files\SpamPal\spampal.exe [2005-10-24 21:08:06 387616]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 15:34:48 3746856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-29 18:47:04 184320]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-01-02 23:42:08 118784]
Phone Connection Monitor.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2008-02-28 06:29:30 813056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Franck^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Franck\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Franck^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Franck\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a------ 2005-10-27 19:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-10 11:09 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\eMule48\\emule.exe"=
"C:\\Program Files\\Time Zone Clock V2.0\\Time Zone Clock.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-01-07 08:22]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-01-07 08:22]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-26 01:27]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 05:51]
R3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 17:15]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 00:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc29572-af0e-11dc-b865-00028adbdd4f}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37319f58-26e8-11dd-b8c8-080046c47c4f}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58650b09-30c7-11dd-b8cb-080046c47c4f}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 06:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 08:00:00 C:\WINDOWS\Tasks\Franck backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-07-12 08:20:00 C:\WINDOWS\Tasks\Franck scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-07-12 00:15:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-17 03:51:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 20:51:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-16 20:52:33
ComboFix-quarantined-files.txt 2008-07-17 03:52:26
ComboFix2.txt 2008-07-17 02:22:32
ComboFix3.txt 2008-07-15 13:57:50
Pre-Run: 11,330,498,560 bytes free
Post-Run: 11,319,226,368 bytes free
236 --- E O F --- 2008-07-17 03:23:27
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 juil. 2008 à 12:04
17 juil. 2008 à 12:04
colle un rapport hijackthis
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
et dis tes soucis actuels
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
et dis tes soucis actuels
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
slt jlpjlp
voici le nouveau rapport hijakthis apres tes reco.
je n'ai plus de manifestation du virus (du moins en apparence).
Logfile of HijackThis v1.99.1
Scan saved at 08:05:02, on 17-Jul-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\SpamPal\spampal.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lefigaro.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: Rappels Adresses.lnk = C:\Program Files\3B-Editions\Adresses\rappels.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
voici le nouveau rapport hijakthis apres tes reco.
je n'ai plus de manifestation du virus (du moins en apparence).
Logfile of HijackThis v1.99.1
Scan saved at 08:05:02, on 17-Jul-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\SpamPal\spampal.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lefigaro.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: Rappels Adresses.lnk = C:\Program Files\3B-Editions\Adresses\rappels.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 juil. 2008 à 17:27
17 juil. 2008 à 17:27
ok c'est bon pour toi
si tu veux garder ad aware mets la version 2008
et spybot la version 1.6.0
__________________
pour virer ce que l'on a utilisé: lance tools cleaner:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
__________________
sinon
pour protéger gratos ton ordi
https://www.commentcamarche.net/telecharger/ 4 securite
mettre un antivirus
((AVAST en français)) ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
http://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
si tu veux garder ad aware mets la version 2008
et spybot la version 1.6.0
__________________
pour virer ce que l'on a utilisé: lance tools cleaner:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
__________________
sinon
pour protéger gratos ton ordi
https://www.commentcamarche.net/telecharger/ 4 securite
mettre un antivirus
((AVAST en français)) ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
http://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
17 juil. 2008 à 08:00
voici les postes :
Moveit:
File/Folder C:\WINDOWS\system32\lphctktj0ep17.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07162008_115738
MSNFix
MSNFix 1.732
C:\Documents and Settings\Franck\Desktop\MSNFix
Fix exécuté le 16-Jul-08 - 16:04:41.17 By Franck
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
et enfin le rapport avec Comfix :
ComboFix 08-07-14.2 - Franck 2008-07-16 20:38:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1005 [GMT -7:00]
Running from: D:\Virus Attack\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-16 11:57 . 2008-07-16 11:57 <DIR> d-------- C:\_OTMoveIt
2008-07-15 06:33 . 2008-07-15 06:33 <DIR> d-------- C:\VundoFix Backups
2008-07-14 13:12 . 2008-07-14 13:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Documents and Settings\Franck\Application Data\Malwarebytes
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 23:53 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 23:53 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 23:14 . 2008-07-13 23:22 4,004 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 23:14 . 2008-07-13 23:22 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-13 09:19 . 2006-02-28 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Program Files\3B-Editions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2042-01-28 04:23 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB20C.tmp
2042-01-28 04:15 3,047,424 ----a-w C:\WINDOWS\Internet Logs\xDB20B.tmp
2042-01-28 01:09 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2042-01-28 00:39 3,049,472 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2042-01-27 17:44 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2042-01-27 17:29 3,048,448 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2042-01-27 09:17 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2042-01-27 09:17 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2042-01-27 09:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-07-17 03:51 --------- d-----w C:\Documents and Settings\Franck\Application Data\Skype
2008-07-16 19:14 3,943,936 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-07-16 00:06 --------- d-----w C:\Program Files\RamBoost XP
2008-07-15 13:49 36,352 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-07-15 13:48 3,936,256 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-07-14 17:45 3,886,080 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-07-14 17:44 122,368 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-07-14 06:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-14 06:34 --------- d-----w C:\Program Files\Panda Security
2008-07-13 17:39 3,820,032 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-07-12 00:13 --------- d-----w C:\Documents and Settings\Franck\Application Data\Image Zone Express
2008-07-11 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-09 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-04 22:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-03 13:34 3,791,872 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-07-03 13:34 1,858,560 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-07-03 12:35 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-07-01 15:42 --------- d-----w C:\Program Files\Incomplete
2008-07-01 02:52 --------- d-----w C:\Program Files\LimeWire
2008-07-01 02:28 --------- d-----w C:\Documents and Settings\Franck\Application Data\LimeWire
2008-06-28 22:58 3,788,800 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-06-28 22:57 139,264 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 13:56 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-06-14 10:15 177,152 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-06-14 10:05 3,785,728 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 00:59 --------- d-----w C:\Program Files\iLiberty
2008-06-04 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:43 --------- d-----w C:\Program Files\IGC
2008-06-02 18:36 --------- d-----w C:\Documents and Settings\Franck\Application Data\TaoUSign
2008-06-01 19:42 --------- d-----w C:\Program Files\eMule48
2008-06-01 11:12 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-26 07:25 11,282,944 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-26 07:10 3,777,536 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-22 13:11 --------- d-----w C:\Program Files\GlobFX Technologies
2008-05-18 04:00 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-18 03:51 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-05-18 03:45 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-05-18 03:45 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-18 03:25 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-05-18 02:30 3,720,192 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-05-14 19:00 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-05-14 18:56 3,709,952 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-05-13 07:22 3,710,464 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-05-13 07:21 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 17:20 177,152 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-05-02 17:00 3,692,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 01:21 3,661,824 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-17 01:20 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-08 15:06 66,560 ---ha-w C:\Documents and Settings\Franck\Application Data\rbap500.dll
2008-01-08 15:06 41,984 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSMainPlugin1641.dll
2008-01-08 15:06 36,864 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSQTMovieExporterPlugin1677.dll
2008-01-08 15:06 26,112 ---ha-w C:\Documents and Settings\Franck\Application Data\MBSRegistrationPlugin1636.dll
2007-12-10 07:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-15_ 6.57.12.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-07-17 03:26:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 16:18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"SpriteService"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" [2006-08-15 16:45 544768]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 23:48 1542144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-04-01 10:30 693520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-09-08 03:41 4866048]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 19:19 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-01-07 08:22 2242160]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 13:34 406016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 11:09 185896]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 10:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
C:\Documents and Settings\Franck\Start Menu\Programs\Startup\
Rappels Adresses.lnk - C:\Program Files\3B-Editions\Adresses\rappels.exe [2007-02-10 07:07:59 20480]
SpamPal.lnk - C:\Program Files\SpamPal\spampal.exe [2005-10-24 21:08:06 387616]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 15:34:48 3746856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-29 18:47:04 184320]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-01-02 23:42:08 118784]
Phone Connection Monitor.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2008-02-28 06:29:30 813056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.YV12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Franck^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Franck\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Franck^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Franck\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a------ 2005-10-27 19:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-10 11:09 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Program Files\\Sony Ericsson\\Mobile\\DXP SyncML.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\eMule48\\emule.exe"=
"C:\\Program Files\\Time Zone Clock V2.0\\Time Zone Clock.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 16:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 16:16]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-01-07 08:22]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-01-07 08:22]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-26 01:27]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 05:51]
R3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 17:15]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 00:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc29572-af0e-11dc-b865-00028adbdd4f}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37319f58-26e8-11dd-b8c8-080046c47c4f}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58650b09-30c7-11dd-b8cb-080046c47c4f}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 06:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 08:00:00 C:\WINDOWS\Tasks\Franck backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-07-12 08:20:00 C:\WINDOWS\Tasks\Franck scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-07-12 00:15:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-17 03:51:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 20:51:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-16 20:52:33
ComboFix-quarantined-files.txt 2008-07-17 03:52:26
ComboFix2.txt 2008-07-17 02:22:32
ComboFix3.txt 2008-07-15 13:57:50
Pre-Run: 11,330,498,560 bytes free
Post-Run: 11,319,226,368 bytes free
236 --- E O F --- 2008-07-17 03:23:27
merci pour ton aide.