Mon pc est devenu tres lent
yasaa
Messages postés
64
Statut
Membre
-
yasaa Messages postés 64 Statut Membre -
yasaa Messages postés 64 Statut Membre -
Bonjour,
j ai un pc portable sur lequel j avais installee kapersky et qui fonctionnait tres bien mais la licence est arrivee a expiration sa fai une semaine et j l ai pas renouvelle . et depuis 2 jours mon portable est devenu trop lent et se plante quasiment tt le tps . j ai voulu instalee avat , avast est insalee mais j ne peut pas desinstaller kapersky . de plus ni l icone d avast ni celle de kaperske n apparait surla barre de tache .merci de me venir en aide
j ai un pc portable sur lequel j avais installee kapersky et qui fonctionnait tres bien mais la licence est arrivee a expiration sa fai une semaine et j l ai pas renouvelle . et depuis 2 jours mon portable est devenu trop lent et se plante quasiment tt le tps . j ai voulu instalee avat , avast est insalee mais j ne peut pas desinstaller kapersky . de plus ni l icone d avast ni celle de kaperske n apparait surla barre de tache .merci de me venir en aide
A voir également:
- Mon pc est devenu tres lent
- Pc tres lent - Guide
- Mon mac est lent comment le nettoyer - Guide
- Reinitialiser pc - Guide
- Mon pc est trop lent et se bloque - Guide
- Ma cle usb n'est pas reconnu par mon pc - Guide
10 réponses
Bonjour,
Commence par poster un rapport HijackThis stp,
> Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,
A+
Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Commence par poster un rapport HijackThis stp,
> Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,
A+
Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:49, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.microsoft.com:80
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3378] "C:\Documents and Settings\sarr yacine\Local Settings\Application Data\br7779on.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{77F2FCF2-5C74-4C2E-9546-EA15992088F0}: NameServer = 212.217.0.3,212.217.0.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B371E24C-B083-4CBC-8DC0-601C347A2646}: NameServer = 212.217.0.13 212.217.1.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D3B7F2-FC68-4237-B2C9-815BE56B5EB5}: NameServer = 212.217.0.3,212.217.0.12
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Scan saved at 14:28:49, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.microsoft.com:80
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-3378] "C:\Documents and Settings\sarr yacine\Local Settings\Application Data\br7779on.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{77F2FCF2-5C74-4C2E-9546-EA15992088F0}: NameServer = 212.217.0.3,212.217.0.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B371E24C-B083-4CBC-8DC0-601C347A2646}: NameServer = 212.217.0.13 212.217.1.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D3B7F2-FC68-4237-B2C9-815BE56B5EB5}: NameServer = 212.217.0.3,212.217.0.12
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re.
Ok,
tu es infecté.
Alors :
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
A+
Ok,
tu es infecté.
Alors :
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
A+
ComboFix 08-07-30.02 - sarr yacine 2008-07-31 15:11:32.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.147 [GMT 1:00]
Running from: C:\Documents and Settings\sarr yacine\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1rfw8hjr.com
C:\autorun.inf
C:\Documents and Settings\Administrator\ravmonlog
C:\Documents and Settings\my friends\ravmonlog
C:\Documents and Settings\sarr yacine\ravmonlog
C:\kdxdweli.cmd
C:\Program Files\instant access
C:\Program Files\instant access\Center\NoCreditCard.upd
C:\Program Files\instant access\Center\tray1.ico
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\xmg.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-31 14:28 . 2008-07-31 14:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 11:14 . 2008-07-31 15:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 11:14 . 2008-07-31 11:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-17 14:19 . 2008-07-17 14:19 77,312 -r-hs---- C:\WINDOWS\system32\ckvo2.dll
2008-07-17 11:35 . 2008-07-22 14:15 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-16 21:48 . 2008-07-16 21:48 117,001 -r-hs---- C:\33gmhso.bat
2008-07-16 21:48 . 2008-07-29 16:18 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-16 12:31 . 2008-07-18 09:52 117,115 -r-hs---- C:\1yl2d.bat
2008-07-09 17:10 . 2008-07-09 17:10 <DIR> d-------- C:\Documents and Settings\sarr yacine\Application Data\ArcSoft
2008-07-09 17:08 . 2008-07-09 17:08 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-07-09 17:05 . 2006-11-10 15:05 18,688 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-07-09 17:02 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-06-30 13:34 . 2008-07-02 15:53 113,731 -r-hs---- C:\xmnm2.cmd
2008-06-22 10:14 . 2008-06-19 08:06 110,149 -r-hs---- C:\f6cavn.bat
2008-06-19 08:11 . 2008-06-19 08:11 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-18 16:25 . 2008-06-13 13:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 16:25 . 2008-06-13 13:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 08:15 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-06 08:15 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 14:15 8,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 14:15 351,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 14:15 3,308 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 14:15 1,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-20 16:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 16:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 09:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 09:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 09:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 08:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 08:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 11:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 06:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 06:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 06:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 04:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-09-23 07:25 24,192 ----a-w C:\Documents and Settings\sarr yacine\usbsermptxp.sys
2006-09-23 07:25 22,768 ----a-w C:\Documents and Settings\sarr yacine\usbsermpt.sys
2004-08-04 04:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 20:47 344064]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:41 393216]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 10:41 1385472]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"SiSPower"="SiSPower.dll" [2005-02-25 04:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 03:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\sarr yacine\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 20:47:48 344064]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 12:41:10 90112]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe [2008-04-05 09:48:42 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServicePROJET"=2 (0x2)
"OracleOraHome92TNSListener"=2 (0x2)
"OracleOraHome92SNMPPeerMasterAgent"=2 (0x2)
"OracleOraHome92SNMPPeerEncapsulator"=2 (0x2)
"OracleOraHome92PagingServer"=2 (0x2)
"OracleOraHome92HTTPServer"=2 (0x2)
"OracleOraHome92ClientCache"=2 (0x2)
"OracleOraHome92Agent"=2 (0x2)
"OracleMTSRecoveryService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18037:TCP"= 18037:TCP:*:Disabled:NortonAV
"17003:TCP"= 17003:TCP:*:Disabled:NortonAV
"18717:TCP"= 18717:TCP:*:Disabled:NortonAV
"15519:TCP"= 15519:TCP:*:Disabled:NortonAV
"16686:TCP"= 16686:TCP:*:Disabled:NortonAV
"16746:TCP"= 16746:TCP:*:Disabled:NortonAV
"16077:TCP"= 16077:TCP:*:Disabled:NortonAV
"13836:TCP"= 13836:TCP:*:Disabled:NortonAV
"18063:TCP"= 18063:TCP:*:Disabled:NortonAV
"15931:TCP"= 15931:TCP:*:Disabled:NortonAV
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 17:55]
S2 par1284;par1284;C:\WINDOWS\system32\drivers\par1284.sys [2003-05-08 11:44]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:20]
S4 OracleOraHome92Agent;OracleOraHome92Agent;D:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 17:29]
S4 OracleOraHome92ClientCache;OracleOraHome92ClientCache;D:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 19:34]
S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;D:\oracle\ora92\Apache\Apache\apache.exe [2002-04-18 22:02]
S4 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;D:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 08:23]
S4 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;D:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 08:23]
S4 OracleServicePROJET;OracleServicePROJET;d:\oracle\ora92\bin\ORACLE.EXE PROJET []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26830374-4dda-11dd-80a0-4d6564696130}]
\Shell\AutoRun\command - F:\xmnm2.cmd
\Shell\explore\Command - F:\xmnm2.cmd
\Shell\open\Command - F:\xmnm2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c9f7d4-9aae-11dc-bfce-0016363a873e}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c9f7d5-9aae-11dc-bfce-0016363a873e}]
\Shell\AutoRun\command - G:\t.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c5b2fee-50c1-11dc-bf80-0016363a873e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae763bda-bba8-11dc-bffe-0016363a873e}]
\Shell\AutoRun\command - F:\1rfw8hjr.com
\Shell\explore\Command - F:\1rfw8hjr.com
\Shell\open\Command - F:\1rfw8hjr.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff2a3e0-53dd-11dc-bf87-0016363a873e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c304facc-a7fe-11dc-bfee-0016363a873e}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74d1604-18a8-11dc-bf21-0016363a873e}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7e5984-4f72-11dd-80a5-4d6564696130}]
\Shell\AutoRun\command - F:\xmnm2.cmd
\Shell\explore\Command - F:\xmnm2.cmd
\Shell\open\Command - F:\xmnm2.cmd
.
Contents of the 'Scheduled Tasks' folder
2008-07-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Tok-Cirrhatus-3378 - C:\Documents and Settings\sarr yacine\Local Settings\Application Data\br7779on.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hotmail.com/
R1 -: HKCU-Internet Settings,ProxyServer = proxy.microsoft.com:80
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{77F2FCF2-5C74-4C2E-9546-EA15992088F0}: NameServer = 212.217.0.3,212.217.0.12
O17 -: HKLM\CCS\Interface\{B371E24C-B083-4CBC-8DC0-601C347A2646}: NameServer = 212.217.0.13 212.217.1.17
O17 -: HKLM\CCS\Interface\{D7D3B7F2-FC68-4237-B2C9-815BE56B5EB5}: NameServer = 212.217.0.3,212.217.0.12
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 15:17:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="D:\oracle\ora92/bin/pagntsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="D:\oracle\ora92\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VMWARE-AUTHD.EXE
C:\WINDOWS\SYSTEM32\VMNAT.EXE
C:\WINDOWS\SYSTEM32\VMNETDHCP.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMDIAG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2008-07-31 15:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 14:19:26
Pre-Run: 7,206,535,168 bytes free
Post-Run: 7,826,341,888 bytes free
255 --- E O F --- 2008-07-11 10:39:54
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.147 [GMT 1:00]
Running from: C:\Documents and Settings\sarr yacine\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1rfw8hjr.com
C:\autorun.inf
C:\Documents and Settings\Administrator\ravmonlog
C:\Documents and Settings\my friends\ravmonlog
C:\Documents and Settings\sarr yacine\ravmonlog
C:\kdxdweli.cmd
C:\Program Files\instant access
C:\Program Files\instant access\Center\NoCreditCard.upd
C:\Program Files\instant access\Center\tray1.ico
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\xmg.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-31 14:28 . 2008-07-31 14:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 11:14 . 2008-07-31 15:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 11:14 . 2008-07-31 11:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-17 14:19 . 2008-07-17 14:19 77,312 -r-hs---- C:\WINDOWS\system32\ckvo2.dll
2008-07-17 11:35 . 2008-07-22 14:15 117,757 -r-hs---- C:\ivcvknr.bat
2008-07-16 21:48 . 2008-07-16 21:48 117,001 -r-hs---- C:\33gmhso.bat
2008-07-16 21:48 . 2008-07-29 16:18 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-16 12:31 . 2008-07-18 09:52 117,115 -r-hs---- C:\1yl2d.bat
2008-07-09 17:10 . 2008-07-09 17:10 <DIR> d-------- C:\Documents and Settings\sarr yacine\Application Data\ArcSoft
2008-07-09 17:08 . 2008-07-09 17:08 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-07-09 17:05 . 2006-11-10 15:05 18,688 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-07-09 17:02 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-06-30 13:34 . 2008-07-02 15:53 113,731 -r-hs---- C:\xmnm2.cmd
2008-06-22 10:14 . 2008-06-19 08:06 110,149 -r-hs---- C:\f6cavn.bat
2008-06-19 08:11 . 2008-06-19 08:11 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-18 16:25 . 2008-06-13 13:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-18 16:25 . 2008-06-13 13:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 08:15 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-06 08:15 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 14:15 8,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 14:15 351,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 14:15 3,308 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 14:15 1,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-20 16:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 16:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 09:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 09:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 09:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 08:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 08:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 11:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 06:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 06:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 06:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 04:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-09-23 07:25 24,192 ----a-w C:\Documents and Settings\sarr yacine\usbsermptxp.sys
2006-09-23 07:25 22,768 ----a-w C:\Documents and Settings\sarr yacine\usbsermpt.sys
2004-08-04 04:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 20:47 344064]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:41 393216]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 10:41 1385472]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"SiSPower"="SiSPower.dll" [2005-02-25 04:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 03:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\sarr yacine\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 20:47:48 344064]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 12:41:10 90112]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe [2008-04-05 09:48:42 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServicePROJET"=2 (0x2)
"OracleOraHome92TNSListener"=2 (0x2)
"OracleOraHome92SNMPPeerMasterAgent"=2 (0x2)
"OracleOraHome92SNMPPeerEncapsulator"=2 (0x2)
"OracleOraHome92PagingServer"=2 (0x2)
"OracleOraHome92HTTPServer"=2 (0x2)
"OracleOraHome92ClientCache"=2 (0x2)
"OracleOraHome92Agent"=2 (0x2)
"OracleMTSRecoveryService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18037:TCP"= 18037:TCP:*:Disabled:NortonAV
"17003:TCP"= 17003:TCP:*:Disabled:NortonAV
"18717:TCP"= 18717:TCP:*:Disabled:NortonAV
"15519:TCP"= 15519:TCP:*:Disabled:NortonAV
"16686:TCP"= 16686:TCP:*:Disabled:NortonAV
"16746:TCP"= 16746:TCP:*:Disabled:NortonAV
"16077:TCP"= 16077:TCP:*:Disabled:NortonAV
"13836:TCP"= 13836:TCP:*:Disabled:NortonAV
"18063:TCP"= 18063:TCP:*:Disabled:NortonAV
"15931:TCP"= 15931:TCP:*:Disabled:NortonAV
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 17:55]
S2 par1284;par1284;C:\WINDOWS\system32\drivers\par1284.sys [2003-05-08 11:44]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:20]
S4 OracleOraHome92Agent;OracleOraHome92Agent;D:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 17:29]
S4 OracleOraHome92ClientCache;OracleOraHome92ClientCache;D:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 19:34]
S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;D:\oracle\ora92\Apache\Apache\apache.exe [2002-04-18 22:02]
S4 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;D:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 08:23]
S4 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;D:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 08:23]
S4 OracleServicePROJET;OracleServicePROJET;d:\oracle\ora92\bin\ORACLE.EXE PROJET []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26830374-4dda-11dd-80a0-4d6564696130}]
\Shell\AutoRun\command - F:\xmnm2.cmd
\Shell\explore\Command - F:\xmnm2.cmd
\Shell\open\Command - F:\xmnm2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c9f7d4-9aae-11dc-bfce-0016363a873e}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c9f7d5-9aae-11dc-bfce-0016363a873e}]
\Shell\AutoRun\command - G:\t.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c5b2fee-50c1-11dc-bf80-0016363a873e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae763bda-bba8-11dc-bffe-0016363a873e}]
\Shell\AutoRun\command - F:\1rfw8hjr.com
\Shell\explore\Command - F:\1rfw8hjr.com
\Shell\open\Command - F:\1rfw8hjr.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff2a3e0-53dd-11dc-bf87-0016363a873e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c304facc-a7fe-11dc-bfee-0016363a873e}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74d1604-18a8-11dc-bf21-0016363a873e}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7e5984-4f72-11dd-80a5-4d6564696130}]
\Shell\AutoRun\command - F:\xmnm2.cmd
\Shell\explore\Command - F:\xmnm2.cmd
\Shell\open\Command - F:\xmnm2.cmd
.
Contents of the 'Scheduled Tasks' folder
2008-07-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Tok-Cirrhatus-3378 - C:\Documents and Settings\sarr yacine\Local Settings\Application Data\br7779on.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hotmail.com/
R1 -: HKCU-Internet Settings,ProxyServer = proxy.microsoft.com:80
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{77F2FCF2-5C74-4C2E-9546-EA15992088F0}: NameServer = 212.217.0.3,212.217.0.12
O17 -: HKLM\CCS\Interface\{B371E24C-B083-4CBC-8DC0-601C347A2646}: NameServer = 212.217.0.13 212.217.1.17
O17 -: HKLM\CCS\Interface\{D7D3B7F2-FC68-4237-B2C9-815BE56B5EB5}: NameServer = 212.217.0.3,212.217.0.12
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 15:17:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="D:\oracle\ora92/bin/pagntsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="D:\oracle\ora92\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VMWARE-AUTHD.EXE
C:\WINDOWS\SYSTEM32\VMNAT.EXE
C:\WINDOWS\SYSTEM32\VMNETDHCP.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMDIAG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2008-07-31 15:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 14:19:26
Pre-Run: 7,206,535,168 bytes free
Post-Run: 7,826,341,888 bytes free
255 --- E O F --- 2008-07-11 10:39:54
voici le rapport de combofix. mais j aimerai savoir comment en lisant le rapport de hijackThis vous avez su k mon portable etait infecte. j aimerai savoir pour la prochaine fois car je sus curieuse .
Re,
ok il en reste.
Mais j'ai un amis (de CCM d'ailleurs) qui arrive. Je te préparerai un script après.
Alors,
as tu des éléments USB ? (Disque dur ext, clés.....)
Si oui, alors :
> Télécharge RavAntivirus d'Evosla sur ton bureau : http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX
- Clique droit sur le fichier .ZIP, puis "Extraire vers" Bureau.
- Doucle-clique sur "RAV.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
Je reviens plus tard. Désolé.
Ps : j aimerai savoir comment en lisant le rapport de hijackThis vous avez su k mon portable etait infecte. j aimerai savoir pour la prochaine fois car je sus curieuse .,
L'intuition, l'intuition....
http://www.commentcamarche.net/faq/sujet 12196 autoformation a l analyse d un rapport hijackthis
A+
ok il en reste.
Mais j'ai un amis (de CCM d'ailleurs) qui arrive. Je te préparerai un script après.
Alors,
as tu des éléments USB ? (Disque dur ext, clés.....)
Si oui, alors :
> Télécharge RavAntivirus d'Evosla sur ton bureau : http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX
- Clique droit sur le fichier .ZIP, puis "Extraire vers" Bureau.
- Doucle-clique sur "RAV.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
Je reviens plus tard. Désolé.
Ps : j aimerai savoir comment en lisant le rapport de hijackThis vous avez su k mon portable etait infecte. j aimerai savoir pour la prochaine fois car je sus curieuse .,
L'intuition, l'intuition....
http://www.commentcamarche.net/faq/sujet 12196 autoformation a l analyse d un rapport hijackthis
A+
