Probleme VIRUS ALERT
Résolu
Mohti
Messages postés
155
Statut
Membre
-
Max401 -
Max401 -
Bonjour,
Voila j'ai un probleme avec mon pc . Chaque fois que je l'allume il me met a coté de l'horloge : VIRUS ALERT . J'ai vu que la solution a deja ete resolu mais toute ne fonctionne pas pour moi !! donc sa serai gentil de m'aider .
J'ai fait un hijackthis si sa interesse quelqu'un !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47: VIRUS ALERT!, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Mohammed\Mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google/com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\exyyeqpc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: kvxqmtre - {AF310F49-0927-4EC8-B83B-AE499DC9C32C} - (no file)
O21 - SSODL: evgratsm - {719DAA0F-5723-4C33-B2A8-83451FE7CF53} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Voila j'ai un probleme avec mon pc . Chaque fois que je l'allume il me met a coté de l'horloge : VIRUS ALERT . J'ai vu que la solution a deja ete resolu mais toute ne fonctionne pas pour moi !! donc sa serai gentil de m'aider .
J'ai fait un hijackthis si sa interesse quelqu'un !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47: VIRUS ALERT!, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Mohammed\Mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google/com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\exyyeqpc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: kvxqmtre - {AF310F49-0927-4EC8-B83B-AE499DC9C32C} - (no file)
O21 - SSODL: evgratsm - {719DAA0F-5723-4C33-B2A8-83451FE7CF53} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
A voir également:
- Probleme VIRUS ALERT
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Alerte virus google - Accueil - Virus
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
11 réponses
Salut
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
Désolé pour mon retard !! je m'attendai pas a une reponse si rapide !!! :-) merci
voila le rapport :
SmitFraudFix v2.332
Rapport fait à 19:37:50,35, jeu. 31/07/2008
Executé à partir de C:\Documents and Settings\Mohammed\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mohammed\Mes documents\SmitfraudFix\Policies.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mohammed
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mohammed\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MOHAMMED\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8EACA02-D9CF-4F45-A8C5-4E9972836CD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8EACA02-D9CF-4F45-A8C5-4E9972836CD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F8EACA02-D9CF-4F45-A8C5-4E9972836CD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voila le rapport :
SmitFraudFix v2.332
Rapport fait à 19:37:50,35, jeu. 31/07/2008
Executé à partir de C:\Documents and Settings\Mohammed\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mohammed\Mes documents\SmitfraudFix\Policies.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mohammed
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mohammed\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MOHAMMED\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8EACA02-D9CF-4F45-A8C5-4E9972836CD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8EACA02-D9CF-4F45-A8C5-4E9972836CD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F8EACA02-D9CF-4F45-A8C5-4E9972836CD6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
pas de soucis
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Je pense que meme la personne qui a crée le programme n'aurai pas pu me donner des explications aussi clair !! lol . merci .
Voila le rapport :
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2
20:38:25 31/07/2008
mbam-log-7-31-2008 (20-38-25).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 83342
Temps écoulé: 16 minute(s), 46 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 34
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bdlpqoux.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mLeExVNg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\exyyeqpc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqewrs.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3962eedb-58ec-417c-9711-77117e55b1d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3962eedb-58ec-417c-9711-77117e55b1d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8f0bee5-4455-4be2-8a44-2a356baecb66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c8f0bee5-4455-4be2-8a44-2a356baecb66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\09541673 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mleexvng -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mleexvng -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\rqewrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mLeExVNg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gNVxEeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gNVxEeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdlpqoux.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xuoqpldb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfuktcei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iectkufv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exyyeqpc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cpqeyyxe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctewpsah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zbbkph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwyykfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbdtin.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yidkxfyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwblsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulphekbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huvuzp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjruqvma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nbqqos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amgwgkmd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mohammed\Local Settings\Temporary Internet Files\Content.IE5\7L8AHP7L\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP11\A0000843.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP12\A0001122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP14\A0001408.ico (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP16\A0001958.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP17\A0002100.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP19\A0004171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP19\A0004172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP22\A0004262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP22\A0004263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP23\A0004696.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP23\A0004699.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP23\A0004745.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Voila le rapport :
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2
20:38:25 31/07/2008
mbam-log-7-31-2008 (20-38-25).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 83342
Temps écoulé: 16 minute(s), 46 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 34
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bdlpqoux.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mLeExVNg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\exyyeqpc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqewrs.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3962eedb-58ec-417c-9711-77117e55b1d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3962eedb-58ec-417c-9711-77117e55b1d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8f0bee5-4455-4be2-8a44-2a356baecb66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c8f0bee5-4455-4be2-8a44-2a356baecb66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\09541673 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mleexvng -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mleexvng -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\rqewrs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mLeExVNg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gNVxEeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gNVxEeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdlpqoux.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xuoqpldb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfuktcei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iectkufv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exyyeqpc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cpqeyyxe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctewpsah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zbbkph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwyykfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbdtin.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yidkxfyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwblsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulphekbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huvuzp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjruqvma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nbqqos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amgwgkmd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mohammed\Local Settings\Temporary Internet Files\Content.IE5\7L8AHP7L\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP11\A0000843.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP12\A0001122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP14\A0001408.ico (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP16\A0001958.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP17\A0002100.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP19\A0004171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP19\A0004172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP22\A0004262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP22\A0004263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP23\A0004696.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP23\A0004699.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A3D9363-D3E4-41F4-BAE5-1195400DC9DE}\RP23\A0004745.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
réouvre malewarebyte
va sur quarantaine
supprime tout
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
va sur quarantaine
supprime tout
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
voila les deux rapports !! :
ComboFix 08-07-31.01 - Mohammed 2008-07-31 21:19:05.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503 [GMT 2:00]
Endroit: C:\Documents and Settings\Mohammed\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aeadxydw.ini
C:\WINDOWS\system32\agdblvgm.ini
C:\WINDOWS\system32\fqssgttb.ini
C:\WINDOWS\system32\gbnjcfle.dll
C:\WINDOWS\system32\gNVxEeLm.ini
C:\WINDOWS\system32\gNVxEeLm.ini2
C:\WINDOWS\system32\jfqrapnh.dll
C:\WINDOWS\system32\kgkhkjvk.dll
C:\WINDOWS\system32\koeydjob.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mLeExVNg.dll
C:\WINDOWS\system32\ohegfapx.ini
C:\WINDOWS\system32\opkcvd.dll
C:\WINDOWS\system32\ornrvjca.ini
C:\WINDOWS\system32\ovvcmj.dll
C:\WINDOWS\system32\rnwmftar.ini
C:\WINDOWS\system32\vbvbxhwc.ini
C:\WINDOWS\system32\xaxhcb.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 20:33 . 2008-07-31 20:33 99,712 --a------ C:\WINDOWS\system32\bttgssqf.dll
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 20:02 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Grisoft
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-30 22:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-30 22:00 . 2008-07-30 22:00 262,144 --a------ C:\ntuser.dat
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 21:57 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-30 21:29 . 2008-07-30 21:29 0 --a------ C:\WINDOWS\system32\lo2.txtt
2008-07-30 21:06 . 2008-07-31 19:38 4,340 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 20:10 . 2008-07-30 20:10 <REP> d-------- C:\Program Files\XoftSpySE
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-29 00:03 . 2008-07-29 00:03 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\vlc
2008-07-29 00:01 . 2008-07-29 00:01 <REP> d-------- C:\Program Files\VideoLAN
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-07-23 22:06 . 2008-07-24 18:06 44,001 ---hs---- C:\WINDOWS\system32\gfywerwk.ini
2008-07-23 19:02 . 2008-07-23 19:02 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-23 19:02 . 2008-07-23 19:03 <REP> d-------- C:\Program Files\Norton Security Scan
2008-07-23 17:39 . 2008-07-31 21:23 41 --a------ C:\WINDOWS\win.ini
2008-07-23 01:07 . 2008-07-31 21:22 7,159 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-23 00:07 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-23 00:07 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-23 00:07 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-23 00:07 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-23 00:07 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-23 00:06 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee.com
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-07-22 23:50 . 2008-07-22 23:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-22 22:06 . 2008-07-23 17:57 43,821 ---hs---- C:\WINDOWS\system32\xenjcmym.ini
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\drivers\Icam5USB.sys
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\Icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\Icam5EXT.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-22 19:31 . 2008-07-22 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-22 19:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-22 19:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-22 19:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-22 19:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-21 20:08 . 2008-07-21 20:08 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Media Player Classic
2008-07-21 20:07 . 2008-07-21 20:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-21 20:07 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-21 19:40 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-21 18:43 . 2008-07-21 18:43 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-07-21 18:43 . 2008-07-21 18:43 64,111 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-07-21 18:25 . 2008-07-21 18:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-07-21 18:25 . 2008-07-21 18:43 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-21 17:20 . 2008-07-21 17:20 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\CyberLink
2008-07-21 17:19 . 2008-07-21 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-21 16:50 . 2008-07-21 16:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 16:11 . 2008-07-21 16:11 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 16:04 . 2008-07-21 18:48 43,813 ---hs---- C:\WINDOWS\system32\wegjpmjr.ini
2008-07-21 15:55 . 2008-07-21 15:55 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\TmpRecentIcons
2008-07-21 15:39 . 2008-07-21 15:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-21 15:31 . 2008-07-21 15:31 <REP> d--hs---- C:\Recycled
2008-07-21 15:10 . 2008-07-31 20:41 451 --a------ C:\WINDOWS\system32\eRLog.ini
2008-07-21 15:10 . 2008-07-21 15:10 92 --a------ C:\WINDOWS\GridV.UNI
2008-07-21 15:06 . 2005-09-26 16:40 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-07-21 15:04 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2008-07-21 15:04 . 2008-07-21 15:04 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-21 15:04 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2008-07-21 15:03 . 2008-07-21 15:03 <REP> d-------- C:\Program Files\Launch Manager
2008-07-21 15:03 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll
2008-07-21 15:03 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2008-07-21 15:03 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-07-21 15:03 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2008-07-21 15:03 . 2008-07-21 15:03 83 --a------ C:\WINDOWS\QtZgAcer.UNI
2008-07-21 15:03 . 2008-07-21 15:03 0 --a------ C:\WINDOWS\MCE.INI
2008-07-21 15:02 . 2008-07-21 15:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\ATI
2008-07-21 15:02 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-07-21 15:02 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-07-21 12:55 --------- d-----w C:\Program Files\ATI Technologies
.
------- Sigcheck -------
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-10 20:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\ie7\wininet.dll
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-06-14 17:05 6856704]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-08-25 20:10]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 07:07]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2005-11-30 05:28]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-22 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-30 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
2008-07-31 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
.
- - - - ORPHANS REMOVED - - - -
BHO-{48FBF8EA-9404-4420-83C2-5204B86FE9D6} - (no file)
BHO-{5E3BE563-A9FC-46BB-8EB0-508236C48B4C} - (no file)
BHO-{726cb672-dfd1-4a12-b6ff-923ab6b9a9c8} - (no file)
BHO-{A805F274-F1BD-4FB9-9340-7F6216A51E93} - (no file)
BHO-{C8F0BEE5-4455-4BE2-8A44-2A356BAECB66} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-nnnKcaAP - nnnKcaAP.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\z346vjhm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.be
FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:23:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\EHOME\EHMSAS.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 21:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 19:25:22
Pre-Run: 8,805,908,480 octets libres
Post-Run: 8,734,146,560 octets libres
270
ComboFix 08-07-31.01 - Mohammed 2008-07-31 21:19:05.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503 [GMT 2:00]
Endroit: C:\Documents and Settings\Mohammed\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aeadxydw.ini
C:\WINDOWS\system32\agdblvgm.ini
C:\WINDOWS\system32\fqssgttb.ini
C:\WINDOWS\system32\gbnjcfle.dll
C:\WINDOWS\system32\gNVxEeLm.ini
C:\WINDOWS\system32\gNVxEeLm.ini2
C:\WINDOWS\system32\jfqrapnh.dll
C:\WINDOWS\system32\kgkhkjvk.dll
C:\WINDOWS\system32\koeydjob.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mLeExVNg.dll
C:\WINDOWS\system32\ohegfapx.ini
C:\WINDOWS\system32\opkcvd.dll
C:\WINDOWS\system32\ornrvjca.ini
C:\WINDOWS\system32\ovvcmj.dll
C:\WINDOWS\system32\rnwmftar.ini
C:\WINDOWS\system32\vbvbxhwc.ini
C:\WINDOWS\system32\xaxhcb.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 20:33 . 2008-07-31 20:33 99,712 --a------ C:\WINDOWS\system32\bttgssqf.dll
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 20:02 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Grisoft
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-30 22:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-30 22:00 . 2008-07-30 22:00 262,144 --a------ C:\ntuser.dat
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 21:57 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-30 21:29 . 2008-07-30 21:29 0 --a------ C:\WINDOWS\system32\lo2.txtt
2008-07-30 21:06 . 2008-07-31 19:38 4,340 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 20:10 . 2008-07-30 20:10 <REP> d-------- C:\Program Files\XoftSpySE
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-29 00:03 . 2008-07-29 00:03 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\vlc
2008-07-29 00:01 . 2008-07-29 00:01 <REP> d-------- C:\Program Files\VideoLAN
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-07-23 22:06 . 2008-07-24 18:06 44,001 ---hs---- C:\WINDOWS\system32\gfywerwk.ini
2008-07-23 19:02 . 2008-07-23 19:02 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-23 19:02 . 2008-07-23 19:03 <REP> d-------- C:\Program Files\Norton Security Scan
2008-07-23 17:39 . 2008-07-31 21:23 41 --a------ C:\WINDOWS\win.ini
2008-07-23 01:07 . 2008-07-31 21:22 7,159 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-23 00:07 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-23 00:07 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-23 00:07 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-23 00:07 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-23 00:07 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-23 00:06 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee.com
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-07-22 23:50 . 2008-07-22 23:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-22 22:06 . 2008-07-23 17:57 43,821 ---hs---- C:\WINDOWS\system32\xenjcmym.ini
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\drivers\Icam5USB.sys
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\Icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\Icam5EXT.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-22 19:31 . 2008-07-22 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-22 19:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-22 19:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-22 19:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-22 19:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-21 20:08 . 2008-07-21 20:08 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Media Player Classic
2008-07-21 20:07 . 2008-07-21 20:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-21 20:07 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-21 19:40 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-21 18:43 . 2008-07-21 18:43 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-07-21 18:43 . 2008-07-21 18:43 64,111 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-07-21 18:25 . 2008-07-21 18:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-07-21 18:25 . 2008-07-21 18:43 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-21 17:20 . 2008-07-21 17:20 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\CyberLink
2008-07-21 17:19 . 2008-07-21 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-21 16:50 . 2008-07-21 16:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 16:11 . 2008-07-21 16:11 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 16:04 . 2008-07-21 18:48 43,813 ---hs---- C:\WINDOWS\system32\wegjpmjr.ini
2008-07-21 15:55 . 2008-07-21 15:55 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\TmpRecentIcons
2008-07-21 15:39 . 2008-07-21 15:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-21 15:31 . 2008-07-21 15:31 <REP> d--hs---- C:\Recycled
2008-07-21 15:10 . 2008-07-31 20:41 451 --a------ C:\WINDOWS\system32\eRLog.ini
2008-07-21 15:10 . 2008-07-21 15:10 92 --a------ C:\WINDOWS\GridV.UNI
2008-07-21 15:06 . 2005-09-26 16:40 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-07-21 15:04 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2008-07-21 15:04 . 2008-07-21 15:04 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-21 15:04 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2008-07-21 15:03 . 2008-07-21 15:03 <REP> d-------- C:\Program Files\Launch Manager
2008-07-21 15:03 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll
2008-07-21 15:03 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2008-07-21 15:03 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-07-21 15:03 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2008-07-21 15:03 . 2008-07-21 15:03 83 --a------ C:\WINDOWS\QtZgAcer.UNI
2008-07-21 15:03 . 2008-07-21 15:03 0 --a------ C:\WINDOWS\MCE.INI
2008-07-21 15:02 . 2008-07-21 15:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\ATI
2008-07-21 15:02 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-07-21 15:02 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-07-21 12:55 --------- d-----w C:\Program Files\ATI Technologies
.
------- Sigcheck -------
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-10 20:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\ie7\wininet.dll
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-06-14 17:05 6856704]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-08-25 20:10]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 07:07]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2005-11-30 05:28]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-22 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-30 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
2008-07-31 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
.
- - - - ORPHANS REMOVED - - - -
BHO-{48FBF8EA-9404-4420-83C2-5204B86FE9D6} - (no file)
BHO-{5E3BE563-A9FC-46BB-8EB0-508236C48B4C} - (no file)
BHO-{726cb672-dfd1-4a12-b6ff-923ab6b9a9c8} - (no file)
BHO-{A805F274-F1BD-4FB9-9340-7F6216A51E93} - (no file)
BHO-{C8F0BEE5-4455-4BE2-8A44-2A356BAECB66} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-nnnKcaAP - nnnKcaAP.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\z346vjhm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.be
FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:23:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\EHOME\EHMSAS.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 21:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 19:25:22
Pre-Run: 8,805,908,480 octets libres
Post-Run: 8,734,146,560 octets libres
270
ComboFix 08-07-31.01 - Mohammed 2008-07-31 21:19:05.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503 [GMT 2:00]
Endroit: C:\Documents and Settings\Mohammed\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aeadxydw.ini
C:\WINDOWS\system32\agdblvgm.ini
C:\WINDOWS\system32\fqssgttb.ini
C:\WINDOWS\system32\gbnjcfle.dll
C:\WINDOWS\system32\gNVxEeLm.ini
C:\WINDOWS\system32\gNVxEeLm.ini2
C:\WINDOWS\system32\jfqrapnh.dll
C:\WINDOWS\system32\kgkhkjvk.dll
C:\WINDOWS\system32\koeydjob.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mLeExVNg.dll
C:\WINDOWS\system32\ohegfapx.ini
C:\WINDOWS\system32\opkcvd.dll
C:\WINDOWS\system32\ornrvjca.ini
C:\WINDOWS\system32\ovvcmj.dll
C:\WINDOWS\system32\rnwmftar.ini
C:\WINDOWS\system32\vbvbxhwc.ini
C:\WINDOWS\system32\xaxhcb.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 20:33 . 2008-07-31 20:33 99,712 --a------ C:\WINDOWS\system32\bttgssqf.dll
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 20:02 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Grisoft
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-30 22:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-30 22:00 . 2008-07-30 22:00 262,144 --a------ C:\ntuser.dat
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 21:57 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-30 21:29 . 2008-07-30 21:29 0 --a------ C:\WINDOWS\system32\lo2.txtt
2008-07-30 21:06 . 2008-07-31 19:38 4,340 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 20:10 . 2008-07-30 20:10 <REP> d-------- C:\Program Files\XoftSpySE
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-29 00:03 . 2008-07-29 00:03 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\vlc
2008-07-29 00:01 . 2008-07-29 00:01 <REP> d-------- C:\Program Files\VideoLAN
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-07-23 22:06 . 2008-07-24 18:06 44,001 ---hs---- C:\WINDOWS\system32\gfywerwk.ini
2008-07-23 19:02 . 2008-07-23 19:02 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-23 19:02 . 2008-07-23 19:03 <REP> d-------- C:\Program Files\Norton Security Scan
2008-07-23 17:39 . 2008-07-31 21:23 41 --a------ C:\WINDOWS\win.ini
2008-07-23 01:07 . 2008-07-31 21:22 7,159 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-23 00:07 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-23 00:07 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-23 00:07 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-23 00:07 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-23 00:07 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-23 00:06 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee.com
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-07-22 23:50 . 2008-07-22 23:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-22 22:06 . 2008-07-23 17:57 43,821 ---hs---- C:\WINDOWS\system32\xenjcmym.ini
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\drivers\Icam5USB.sys
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\Icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\Icam5EXT.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-22 19:31 . 2008-07-22 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-22 19:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-22 19:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-22 19:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-22 19:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-21 20:08 . 2008-07-21 20:08 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Media Player Classic
2008-07-21 20:07 . 2008-07-21 20:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-21 20:07 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-21 19:40 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-21 18:43 . 2008-07-21 18:43 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-07-21 18:43 . 2008-07-21 18:43 64,111 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-07-21 18:25 . 2008-07-21 18:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-07-21 18:25 . 2008-07-21 18:43 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-21 17:20 . 2008-07-21 17:20 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\CyberLink
2008-07-21 17:19 . 2008-07-21 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-21 16:50 . 2008-07-21 16:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 16:11 . 2008-07-21 16:11 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 16:04 . 2008-07-21 18:48 43,813 ---hs---- C:\WINDOWS\system32\wegjpmjr.ini
2008-07-21 15:55 . 2008-07-21 15:55 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\TmpRecentIcons
2008-07-21 15:39 . 2008-07-21 15:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-21 15:31 . 2008-07-21 15:31 <REP> d--hs---- C:\Recycled
2008-07-21 15:10 . 2008-07-31 20:41 451 --a------ C:\WINDOWS\system32\eRLog.ini
2008-07-21 15:10 . 2008-07-21 15:10 92 --a------ C:\WINDOWS\GridV.UNI
2008-07-21 15:06 . 2005-09-26 16:40 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-07-21 15:04 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2008-07-21 15:04 . 2008-07-21 15:04 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-21 15:04 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2008-07-21 15:03 . 2008-07-21 15:03 <REP> d-------- C:\Program Files\Launch Manager
2008-07-21 15:03 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll
2008-07-21 15:03 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2008-07-21 15:03 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-07-21 15:03 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2008-07-21 15:03 . 2008-07-21 15:03 83 --a------ C:\WINDOWS\QtZgAcer.UNI
2008-07-21 15:03 . 2008-07-21 15:03 0 --a------ C:\WINDOWS\MCE.INI
2008-07-21 15:02 . 2008-07-21 15:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\ATI
2008-07-21 15:02 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-07-21 15:02 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-07-21 12:55 --------- d-----w C:\Program Files\ATI Technologies
.
------- Sigcheck -------
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-10 20:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\ie7\wininet.dll
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-06-14 17:05 6856704]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-08-25 20:10]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 07:07]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2005-11-30 05:28]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-22 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-30 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
2008-07-31 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
.
- - - - ORPHANS REMOVED - - - -
BHO-{48FBF8EA-9404-4420-83C2-5204B86FE9D6} - (no file)
BHO-{5E3BE563-A9FC-46BB-8EB0-508236C48B4C} - (no file)
BHO-{726cb672-dfd1-4a12-b6ff-923ab6b9a9c8} - (no file)
BHO-{A805F274-F1BD-4FB9-9340-7F6216A51E93} - (no file)
BHO-{C8F0BEE5-4455-4BE2-8A44-2A356BAECB66} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-nnnKcaAP - nnnKcaAP.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\z346vjhm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.be
FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:23:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\EHOME\EHMSAS.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 21:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 19:25:22
Pre-Run: 8,805,908,480 octets libres
Post-Run: 8,734,146,560 octets libres
270
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503 [GMT 2:00]
Endroit: C:\Documents and Settings\Mohammed\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aeadxydw.ini
C:\WINDOWS\system32\agdblvgm.ini
C:\WINDOWS\system32\fqssgttb.ini
C:\WINDOWS\system32\gbnjcfle.dll
C:\WINDOWS\system32\gNVxEeLm.ini
C:\WINDOWS\system32\gNVxEeLm.ini2
C:\WINDOWS\system32\jfqrapnh.dll
C:\WINDOWS\system32\kgkhkjvk.dll
C:\WINDOWS\system32\koeydjob.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mLeExVNg.dll
C:\WINDOWS\system32\ohegfapx.ini
C:\WINDOWS\system32\opkcvd.dll
C:\WINDOWS\system32\ornrvjca.ini
C:\WINDOWS\system32\ovvcmj.dll
C:\WINDOWS\system32\rnwmftar.ini
C:\WINDOWS\system32\vbvbxhwc.ini
C:\WINDOWS\system32\xaxhcb.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 20:33 . 2008-07-31 20:33 99,712 --a------ C:\WINDOWS\system32\bttgssqf.dll
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-31 20:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 20:02 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 20:02 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Grisoft
2008-07-30 22:11 . 2008-07-30 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-30 22:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-30 22:00 . 2008-07-30 22:00 262,144 --a------ C:\ntuser.dat
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-07-30 21:58 . 2008-07-30 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-30 21:57 . 2008-07-30 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 21:57 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-30 21:29 . 2008-07-30 21:29 0 --a------ C:\WINDOWS\system32\lo2.txtt
2008-07-30 21:06 . 2008-07-31 19:38 4,340 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 20:10 . 2008-07-30 20:10 <REP> d-------- C:\Program Files\XoftSpySE
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Program Files\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Software Informer
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Free Download Manager
2008-07-29 00:51 . 2008-07-29 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-29 00:03 . 2008-07-29 00:03 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\vlc
2008-07-29 00:01 . 2008-07-29 00:01 <REP> d-------- C:\Program Files\VideoLAN
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-07-28 11:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-07-23 22:06 . 2008-07-24 18:06 44,001 ---hs---- C:\WINDOWS\system32\gfywerwk.ini
2008-07-23 19:02 . 2008-07-23 19:02 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-23 19:02 . 2008-07-23 19:03 <REP> d-------- C:\Program Files\Norton Security Scan
2008-07-23 17:39 . 2008-07-31 21:23 41 --a------ C:\WINDOWS\win.ini
2008-07-23 01:07 . 2008-07-31 21:22 7,159 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-23 00:07 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-23 00:07 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-23 00:07 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-23 00:07 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-23 00:07 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-23 00:06 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee.com
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\McAfee
2008-07-23 00:05 . 2008-07-23 00:05 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-07-22 23:50 . 2008-07-22 23:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-22 22:06 . 2008-07-23 17:57 43,821 ---hs---- C:\WINDOWS\system32\xenjcmym.ini
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\drivers\Icam5USB.sys
2008-07-22 20:40 . 2001-08-17 22:06 100,992 --a------ C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\Icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 45,056 --a------ C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\Icam5EXT.dll
2008-07-22 20:40 . 2001-08-23 17:47 20,992 --a------ C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-22 19:31 . 2008-07-22 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:21 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-22 19:21 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-22 19:21 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-22 19:21 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-22 19:21 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-21 20:08 . 2008-07-21 20:08 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\Media Player Classic
2008-07-21 20:07 . 2008-07-21 20:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-21 20:07 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-21 19:40 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-21 18:43 . 2008-07-21 18:43 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-07-21 18:43 . 2008-07-21 18:43 64,111 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-07-21 18:25 . 2008-07-21 18:25 <REP> d-------- C:\WINDOWS\BricoPacks
2008-07-21 18:25 . 2008-07-21 18:43 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-21 17:20 . 2008-07-21 17:20 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\CyberLink
2008-07-21 17:19 . 2008-07-21 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-21 16:50 . 2008-07-21 16:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-21 16:11 . 2008-07-21 16:11 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-21 16:07 . 2008-07-21 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 16:04 . 2008-07-21 18:48 43,813 ---hs---- C:\WINDOWS\system32\wegjpmjr.ini
2008-07-21 15:55 . 2008-07-21 15:55 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\TmpRecentIcons
2008-07-21 15:39 . 2008-07-21 15:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-21 15:31 . 2008-07-21 15:31 <REP> d--hs---- C:\Recycled
2008-07-21 15:10 . 2008-07-31 20:41 451 --a------ C:\WINDOWS\system32\eRLog.ini
2008-07-21 15:10 . 2008-07-21 15:10 92 --a------ C:\WINDOWS\GridV.UNI
2008-07-21 15:06 . 2005-09-26 16:40 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-21 15:04 . 2008-07-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-07-21 15:04 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2008-07-21 15:04 . 2008-07-21 15:04 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-21 15:04 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2008-07-21 15:03 . 2008-07-21 15:03 <REP> d-------- C:\Program Files\Launch Manager
2008-07-21 15:03 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll
2008-07-21 15:03 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2008-07-21 15:03 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-07-21 15:03 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2008-07-21 15:03 . 2008-07-21 15:03 83 --a------ C:\WINDOWS\QtZgAcer.UNI
2008-07-21 15:03 . 2008-07-21 15:03 0 --a------ C:\WINDOWS\MCE.INI
2008-07-21 15:02 . 2008-07-21 15:02 <REP> d-------- C:\Documents and Settings\Mohammed\Application Data\ATI
2008-07-21 15:02 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-07-21 15:02 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-21 16:43 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-07-21 12:55 --------- d-----w C:\Program Files\ATI Technologies
.
------- Sigcheck -------
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-10 20:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 20:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\ie7\wininet.dll
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2004-08-10 20:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-06-14 17:05 6856704]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-08-25 20:10]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 07:07]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2005-11-30 05:28]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-22 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-30 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
2008-07-31 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-30 23:46]
.
- - - - ORPHANS REMOVED - - - -
BHO-{48FBF8EA-9404-4420-83C2-5204B86FE9D6} - (no file)
BHO-{5E3BE563-A9FC-46BB-8EB0-508236C48B4C} - (no file)
BHO-{726cb672-dfd1-4a12-b6ff-923ab6b9a9c8} - (no file)
BHO-{A805F274-F1BD-4FB9-9340-7F6216A51E93} - (no file)
BHO-{C8F0BEE5-4455-4BE2-8A44-2A356BAECB66} - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-nnnKcaAP - nnnKcaAP.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mohammed\Application Data\Mozilla\Firefox\Profiles\z346vjhm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.be
FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 21:23:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\EHOME\EHMSAS.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\DOCUME~1\Mohammed\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 21:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 19:25:22
Pre-Run: 8,805,908,480 octets libres
Post-Run: 8,734,146,560 octets libres
270
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\bttgssqf.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ensuite refis un scan hijckthis et post le rapport et dis si t as encore des soucis stp
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\bttgssqf.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ensuite refis un scan hijckthis et post le rapport et dis si t as encore des soucis stp
J'ai pas besoin de faire ce que tu ma demander car tout refonctione normalement . c'est parfait j'arrive a faire mes mis a jours maintenant et tout est parfait ! . Un grand merci de ta part !!!
J'espere te rendre utile un jour :-)
Merciii .
J'espere te rendre utile un jour :-)
Merciii .
Voici la réponse. Réussite assurée. Pas mal moins compliqué que toutes les autres recettes. Excuse-moi si c'est en anglais. Si tu ne comprends pas tout, revient moi.
If you are running Vista:
1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator")
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
Next:
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Next:
Please download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
If you are running Vista:
1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator")
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
Next:
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Next:
Please download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
