Infection antivirus xp2008 - Page 2

Précédent
  • 1
  • 2
  1. snake
     
    J'ai refait un scan avec anti-mawares (mais pas en mode sans echec ?) et j'annexe le rapport .
    Pour j'ai encorre un message " windows security alert : Name Trojan-Spy.Win32KeyLogger.aa avec risque CRITICAL"

    Rapport :
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1062
    Windows 5.1.2600 Service Pack 2

    18:31:26 23/08/2008
    mbam-log-08-23-2008 (18-31-26).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 98784
    Temps écoulé: 24 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  2. InfernO.vir
     
    bon alors,rien de detecté

    -Telcharges combofix-->Telecharges combofix--> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    -Suis ce tuto et poste moi le rapport--> https://www.androidworld.fr/
    0
    1. snake
       
      Comme prévu j'ai télécharger combo fix et voici le rapport. Merci d'avance
      ComboFix 08-08-21.02 - vincent 2008-08-23 19:12:28.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
      Endroit: C:\Documents and Settings\vincent\Bureau\ComboFix13.exe
      * Création d'un nouveau point de restauration
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-23 13:54 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-08-23 12:12 . 2008-08-23 13:18 <REP> d-------- C:\Program Files\Navilog1
      2008-08-22 13:31 . 2008-08-22 13:31 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Malwarebytes
      2008-08-22 13:30 . 2008-08-22 13:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-08-22 13:30 . 2008-08-22 13:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-08-22 13:30 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-08-22 13:30 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-08-22 12:31 . 2008-08-22 12:31 <REP> d-------- C:\Documents and Settings\la belle Lynda\Application Data\Spyware Terminator
      2008-08-22 11:33 . 2008-08-22 11:33 <REP> d-------- C:\WINDOWS\ERUNT
      2008-08-22 10:30 . 2008-08-22 12:00 <REP> d-------- C:\SDFix
      2008-08-22 08:30 . 2008-08-23 19:04 <REP> d-------- C:\Program Files\Spyware Terminator
      2008-08-22 08:30 . 2008-08-23 11:00 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Spyware Terminator
      2008-08-22 08:30 . 2008-08-23 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
      2008-08-22 08:30 . 2008-08-22 08:30 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
      2008-08-22 08:11 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
      2008-08-22 08:11 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-08-22 08:11 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
      2008-08-22 08:11 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
      2008-08-22 08:11 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
      2008-08-22 08:11 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
      2008-08-22 08:11 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
      2008-08-22 08:11 . 2008-08-22 08:11 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-08-22 07:35 . 2008-08-23 13:55 3,738 --a------ C:\WINDOWS\system32\tmp.reg
      2008-08-22 07:33 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-08-22 07:33 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-08-22 07:33 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
      2008-08-22 07:33 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-08-22 07:33 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-08-22 07:33 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-08-22 07:33 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-08-22 07:33 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-08-22 07:33 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Program Files\Trend Micro
      2008-08-22 01:13 . 2008-08-22 07:26 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-08-22 00:54 . 2008-08-22 00:54 <REP> d-------- C:\Program Files\krmtulf
      2008-08-22 00:54 . 2008-08-22 00:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\lqdsrohk
      2008-08-22 00:54 . 2008-08-22 00:54 81,920 --a------ C:\WINDOWS\system32\ngravebi.exe
      2008-08-21 18:10 . 2002-11-25 15:57 811,008 --a------ C:\WINDOWS\AquaReal.scr
      2008-08-21 18:10 . 2002-11-15 17:56 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
      2008-08-21 13:57 . 2008-08-21 18:10 <REP> d-------- C:\Program Files\Formosoft
      2008-08-21 13:57 . 2007-12-21 13:02 1,028,096 --a------ C:\WINDOWS\AquaReal2.scr
      2008-08-17 22:40 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
      2008-08-02 09:06 . 2008-08-22 14:09 <REP> d-------- C:\Program Files\Google

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-23 13:51 --------- d-----w C:\Documents and Settings\vincent\Application Data\uTorrent
      2008-08-23 12:30 --------- d-----w C:\Program Files\eMule
      2008-08-23 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-08-05 19:35 --------- d-----w C:\Program Files\Java
      2008-07-22 10:19 --------- d-----w C:\Program Files\EA GAMES
      2008-07-19 15:03 --------- d-----w C:\Documents and Settings\la belle Lynda\Application Data\vlc
      2008-07-19 15:00 --------- d-----w C:\Documents and Settings\la belle Lynda\Application Data\Ahead
      2008-07-17 14:10 --------- d-----w C:\Program Files\Auchan Photogénie
      2008-07-17 13:49 --------- d-----w C:\Program Files\SuperBlank
      2008-07-17 08:29 14,196 ----a-w C:\Documents and Settings\vincent\Application Data\mdb.bin
      2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
      2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
      2008-07-05 14:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-07-05 13:47 --------- d-----w C:\Program Files\PDFCreator
      2008-07-04 18:45 --------- d-----w C:\Program Files\Valve
      2008-07-02 18:06 --------- d-----w C:\Program Files\Nosibay
      2008-07-02 18:06 --------- d-----w C:\Documents and Settings\vincent\Application Data\Nosibay
      2008-06-29 14:51 --------- d-----w C:\Program Files\user
      2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
      2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
      2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
      2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
      2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
      2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
      2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
      2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
      2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
      "VPbubble"="C:\Program Files\Nosibay\VPbubble\launcher.exe" [2008-06-03 09:36 239120]
      "EnHlpSet"="C:\WINDOWS\system32\ngravebi.exe" [2008-08-22 00:54 81920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
      "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05 339968]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 20:55 94208]
      "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 20:03 102400]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
      "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 18:04 707376]
      "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01 277296]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
      "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-22 08:30 1783808]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
      "SoundMan"="SOUNDMAN.EXE" [2004-09-10 19:29 77824 C:\WINDOWS\SoundMan.exe]
      "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 12:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

      C:\Documents and Settings\vincent\Menu D‚marrer\Programmes\D‚marrage\
      OFFICE One 6.5.lnk - C:\Program Files\OFFICE One6.5\program\quickstart.exe [2004-03-08 07:00:00 36864]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-17 23:05:34 805392]
      LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-05-29 14:06:39 57344]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "GenSmart"= {553585D5-92AE-AD18-520F-05291A76A4E5} - C:\Program Files\krmtulf\GenSmart.dll [2008-08-22 00:54 106496]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
      2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
      "C:\\Program Files\\eMule\\eMule.exe"=
      "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
      "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
      R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-22 08:30]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
      R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 18:01]
      R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96f18781-710e-11dd-b356-00148543e8e5}]
      \Shell\AutoRun\command - RavMon.exe
      \Shell\explore\Command - RavMon.exe -e
      \Shell\open\Command - RavMon.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f3f394-2d62-11dd-b310-00148543e8e5}]
      \Shell\AutoRun\command - I:\RavMon.exe
      \Shell\explore\Command - I:\RavMon.exe -e
      \Shell\open\Command - I:\RavMon.exe

      *Newly Created Service* - PROCEXP90
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

      2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
      .
      .
      ------- Supplementary Scan -------
      .
      R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      R0 -: HKCU-Main,Start Page = hxxp://www.01net.com/telecharger/
      R0 -: HKLM-Main,Start Page = hxxp://www.01net.com/telecharger/

      O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-23 19:14:55
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-23 19:16:00
      ComboFix-quarantined-files.txt 2008-08-23 17:15:57

      Pre-Run: 96,487,694,336 octets libres
      Post-Run: 96,705,675,264 octets libres

      200 --- E O F --- 2008-08-17 22:17:17
      0
  3. snake
     
    Voici le rapport combo Fix et Hijackthis

    ComboFix 08-08-21.02 - vincent 2008-08-23 19:12:28.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.553 [GMT 2:00]
    Endroit: C:\Documents and Settings\vincent\Bureau\ComboFix13.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-23 13:54 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-23 12:12 . 2008-08-23 13:18 <REP> d-------- C:\Program Files\Navilog1
    2008-08-22 13:31 . 2008-08-22 13:31 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Malwarebytes
    2008-08-22 13:30 . 2008-08-22 13:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-22 13:30 . 2008-08-22 13:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-22 13:30 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-22 13:30 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-22 12:31 . 2008-08-22 12:31 <REP> d-------- C:\Documents and Settings\la belle Lynda\Application Data\Spyware Terminator
    2008-08-22 11:33 . 2008-08-22 11:33 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-22 10:30 . 2008-08-22 12:00 <REP> d-------- C:\SDFix
    2008-08-22 08:30 . 2008-08-23 19:04 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-08-22 08:30 . 2008-08-23 11:00 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Spyware Terminator
    2008-08-22 08:30 . 2008-08-23 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-08-22 08:30 . 2008-08-22 08:30 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-22 08:11 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-08-22 08:11 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-22 08:11 . 2004-08-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-08-22 08:11 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-22 08:11 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-08-22 08:11 . 2004-08-16 19:19 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-22 08:11 . 2004-08-16 18:55 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-22 08:11 . 2008-08-22 08:11 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-22 07:35 . 2008-08-23 13:55 3,738 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-22 07:33 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-22 07:33 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-22 07:33 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-08-22 07:33 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-22 07:33 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-22 07:33 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-22 07:33 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-22 07:33 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-22 07:33 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-22 01:13 . 2008-08-22 07:26 <REP> d-------- C:\Program Files\RogueRemover FREE
    2008-08-22 00:54 . 2008-08-22 00:54 <REP> d-------- C:\Program Files\krmtulf
    2008-08-22 00:54 . 2008-08-22 00:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\lqdsrohk
    2008-08-22 00:54 . 2008-08-22 00:54 81,920 --a------ C:\WINDOWS\system32\ngravebi.exe
    2008-08-21 18:10 . 2002-11-25 15:57 811,008 --a------ C:\WINDOWS\AquaReal.scr
    2008-08-21 18:10 . 2002-11-15 17:56 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
    2008-08-21 13:57 . 2008-08-21 18:10 <REP> d-------- C:\Program Files\Formosoft
    2008-08-21 13:57 . 2007-12-21 13:02 1,028,096 --a------ C:\WINDOWS\AquaReal2.scr
    2008-08-17 22:40 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-02 09:06 . 2008-08-22 14:09 <REP> d-------- C:\Program Files\Google

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-23 13:51 --------- d-----w C:\Documents and Settings\vincent\Application Data\uTorrent
    2008-08-23 12:30 --------- d-----w C:\Program Files\eMule
    2008-08-23 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-05 19:35 --------- d-----w C:\Program Files\Java
    2008-07-22 10:19 --------- d-----w C:\Program Files\EA GAMES
    2008-07-19 15:03 --------- d-----w C:\Documents and Settings\la belle Lynda\Application Data\vlc
    2008-07-19 15:00 --------- d-----w C:\Documents and Settings\la belle Lynda\Application Data\Ahead
    2008-07-17 14:10 --------- d-----w C:\Program Files\Auchan Photogénie
    2008-07-17 13:49 --------- d-----w C:\Program Files\SuperBlank
    2008-07-17 08:29 14,196 ----a-w C:\Documents and Settings\vincent\Application Data\mdb.bin
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-07-05 14:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-05 13:47 --------- d-----w C:\Program Files\PDFCreator
    2008-07-04 18:45 --------- d-----w C:\Program Files\Valve
    2008-07-02 18:06 --------- d-----w C:\Program Files\Nosibay
    2008-07-02 18:06 --------- d-----w C:\Documents and Settings\vincent\Application Data\Nosibay
    2008-06-29 14:51 --------- d-----w C:\Program Files\user
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
    "VPbubble"="C:\Program Files\Nosibay\VPbubble\launcher.exe" [2008-06-03 09:36 239120]
    "EnHlpSet"="C:\WINDOWS\system32\ngravebi.exe" [2008-08-22 00:54 81920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05 339968]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 20:55 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 20:03 102400]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 18:04 707376]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01 277296]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-22 08:30 1783808]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 19:29 77824 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 12:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    C:\Documents and Settings\vincent\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One 6.5.lnk - C:\Program Files\OFFICE One6.5\program\quickstart.exe [2004-03-08 07:00:00 36864]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-17 23:05:34 805392]
    LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-05-29 14:06:39 57344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "GenSmart"= {553585D5-92AE-AD18-520F-05291A76A4E5} - C:\Program Files\krmtulf\GenSmart.dll [2008-08-22 00:54 106496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-22 08:30]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 18:01]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96f18781-710e-11dd-b356-00148543e8e5}]
    \Shell\AutoRun\command - RavMon.exe
    \Shell\explore\Command - RavMon.exe -e
    \Shell\open\Command - RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f3f394-2d62-11dd-b310-00148543e8e5}]
    \Shell\AutoRun\command - I:\RavMon.exe
    \Shell\explore\Command - I:\RavMon.exe -e
    \Shell\open\Command - I:\RavMon.exe

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    R0 -: HKCU-Main,Start Page = hxxp://www.01net.com/telecharger/
    R0 -: HKLM-Main,Start Page = hxxp://www.01net.com/telecharger/

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-23 19:14:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-23 19:16:00
    ComboFix-quarantined-files.txt 2008-08-23 17:15:57

    Pre-Run: 96,487,694,336 octets libres
    Post-Run: 96,705,675,264 octets libres

    200 --- E O F --- 2008-08-17 22:17:17

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:31:55, on 23/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ngravebi.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    C:\Program Files\OFFICE One6.5\program\soffice.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VPbubble] "C:\Program Files\Nosibay\VPbubble\launcher.exe"
    O4 - HKCU\..\Run: [EnHlpSet] C:\WINDOWS\system32\ngravebi.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OFFICE One 6.5.lnk
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O21 - SSODL: GenSmart - {553585D5-92AE-AD18-520F-05291A76A4E5} - C:\Program Files\krmtulf\GenSmart.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
    0
  4. InfernO.vir
     
    Re,

    go ici--> https://www.virustotal.com/gui/

    Fait analyser ceci-->

    C:\Program Files\krmtulf
    C:\Documents and Settings\All Users\Application Data\lqdsrohk
    C:\WINDOWS\system32\ngravebi.exe

    Ensuite tu as des infections par disques amovibles donc ta ou tes clé usb,mais ca quelqu'un d'autre va s'en chargé!
    0
Précédent
  • 1
  • 2