Trojan -Spy.Win32
mehdibenoit
Messages postés
18
Statut
Membre
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Je pense avoir chopé un ou plusieurs virus. Mon pare feu windows affiche un message d'alerte en anglais : "do you want to block this software from sending data over the internet ?
Name : Trojan -Spy.Win32.greenScreen ou Trojan-Spy.Win32.keylogger.aa.
Le nom du cheval de troie change à chaque fois...
Trois options sont proposées : "keep blocking", "Unblock", "Enable protection" mais seul "enable protection" n'est pas grisée. Quand je clique sur enable protection, une page internet s'ouvre sur des produits SmartSoft, des logiciels anti espion ; si je ferme la fenetre m'indiquant que le cheval de troie essaye d'acceder a internet, il ne passe rien.
Quelqu'un pourrait-il m'aider?
Merci
antivirus : Avast.
Je pense avoir chopé un ou plusieurs virus. Mon pare feu windows affiche un message d'alerte en anglais : "do you want to block this software from sending data over the internet ?
Name : Trojan -Spy.Win32.greenScreen ou Trojan-Spy.Win32.keylogger.aa.
Le nom du cheval de troie change à chaque fois...
Trois options sont proposées : "keep blocking", "Unblock", "Enable protection" mais seul "enable protection" n'est pas grisée. Quand je clique sur enable protection, une page internet s'ouvre sur des produits SmartSoft, des logiciels anti espion ; si je ferme la fenetre m'indiquant que le cheval de troie essaye d'acceder a internet, il ne passe rien.
Quelqu'un pourrait-il m'aider?
Merci
antivirus : Avast.
A voir également:
- Trojan -Spy.Win32
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
33 réponses
Salut,
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Merci pour ton aide, voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:17, on 23/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Lexmark 3300 Series\ezprint.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\smartact\fovwzsns.exe
C:\ProgramData\pmfkfenk\pepifijg.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\smartact\fovwzsns.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lphcpjmj0ej25] C:\Windows\system32\lphcpjmj0ej25.exe
O4 - HKCU\..\Run: [smartact] C:\ProgramData\smartact\fovwzsns.exe
O4 - HKCU\..\Run: [bKOMZ8u2Gh] C:\ProgramData\pmfkfenk\pepifijg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O13 - Gopher Prefix:
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:17, on 23/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Lexmark 3300 Series\ezprint.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\smartact\fovwzsns.exe
C:\ProgramData\pmfkfenk\pepifijg.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\smartact\fovwzsns.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lphcpjmj0ej25] C:\Windows\system32\lphcpjmj0ej25.exe
O4 - HKCU\..\Run: [smartact] C:\ProgramData\smartact\fovwzsns.exe
O4 - HKCU\..\Run: [bKOMZ8u2Gh] C:\ProgramData\pmfkfenk\pepifijg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O13 - Gopher Prefix:
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Ah oui, il souffre ton PC...
---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
ça y est , volà ce qui en ressort :
-----------\\ ToolBar S&D 1.1.3 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
Phoenix - AwardBIOS v6.00PG
BOOT : Normal boot
"C:\ToolBar SD" ( MAJ : 22-08-2008|17:30 )
Option : [1] ( 24/08/2008| 1:01 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Dealio
C:\Program Files\Dealio\kb125
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb125
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Mehdiben\Downloads\eMule\Incoming\VA-JARRING_EFFECTS-JFXBits_1-2007\VA-JARRING EFFECTS-JFXBits_#1-2007\VA - JARRING EFFECTS - JFX Bits #1 - 2007\14-GROSSO_GADGETTO-your_mother_smokes_crack.mp3
[ UAC => 1 ]
-----------\\ Fin du rapport a 1:01:36,68
-----------\\ ToolBar S&D 1.1.3 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
Phoenix - AwardBIOS v6.00PG
BOOT : Normal boot
"C:\ToolBar SD" ( MAJ : 22-08-2008|17:30 )
Option : [1] ( 24/08/2008| 1:01 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Dealio
C:\Program Files\Dealio\kb125
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb125
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Mehdiben\Downloads\eMule\Incoming\VA-JARRING_EFFECTS-JFXBits_1-2007\VA-JARRING EFFECTS-JFXBits_#1-2007\VA - JARRING EFFECTS - JFX Bits #1 - 2007\14-GROSSO_GADGETTO-your_mother_smokes_crack.mp3
[ UAC => 1 ]
-----------\\ Fin du rapport a 1:01:36,68
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci pour ton efficaité :
Voilà le rapport :
-----------\\ ToolBar S&D 1.1.3 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
Phoenix - AwardBIOS v6.00PG
BOOT : Normal boot
"C:\ToolBar SD" ( MAJ : 22-08-2008|17:30 )
Option : [2] ( 24/08/2008| 1:05 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb125
Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
Echec ! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch\SrchAstt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\Program Files\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Windows\System32\f3PSSavr.scr
Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Echec ! - C:\Program Files\MSN Messenger\msimg32.dll
Supprime! - C:\Program Files\MSN Messenger\riched20.dll
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\FunWebProducts
Echec ! - C:\Program Files\MyWebSearch
Supprime! - C:\Program Files\Search Settings
-----------\\ DEUXIEME PASSAGE
Echec ! - C:\Program Files\MyWebSearch\bar
Echec ! - C:\Program Files\MSN Messenger\msimg32.dll
Echec ! - C:\Program Files\MyWebSearch
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MSN Messenger\msimg32.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Mehdiben\Downloads\eMule\Incoming\VA-JARRING_EFFECTS-JFXBits_1-2007\VA-JARRING EFFECTS-JFXBits_#1-2007\VA - JARRING EFFECTS - JFX Bits #1 - 2007\14-GROSSO_GADGETTO-your_mother_smokes_crack.mp3
[ UAC => 1 ]
-----------\\ Fin du rapport a 1:06:53,29
Voilà le rapport :
-----------\\ ToolBar S&D 1.1.3 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
Phoenix - AwardBIOS v6.00PG
BOOT : Normal boot
"C:\ToolBar SD" ( MAJ : 22-08-2008|17:30 )
Option : [2] ( 24/08/2008| 1:05 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb125
Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
Echec ! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch\SrchAstt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\Program Files\Search Settings\kb125
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Windows\System32\f3PSSavr.scr
Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Echec ! - C:\Program Files\MSN Messenger\msimg32.dll
Supprime! - C:\Program Files\MSN Messenger\riched20.dll
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\FunWebProducts
Echec ! - C:\Program Files\MyWebSearch
Supprime! - C:\Program Files\Search Settings
-----------\\ DEUXIEME PASSAGE
Echec ! - C:\Program Files\MyWebSearch\bar
Echec ! - C:\Program Files\MSN Messenger\msimg32.dll
Echec ! - C:\Program Files\MyWebSearch
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MSN Messenger\msimg32.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Mehdiben\Downloads\eMule\Incoming\VA-JARRING_EFFECTS-JFXBits_1-2007\VA-JARRING EFFECTS-JFXBits_#1-2007\VA - JARRING EFFECTS - JFX Bits #1 - 2007\14-GROSSO_GADGETTO-your_mother_smokes_crack.mp3
[ UAC => 1 ]
-----------\\ Fin du rapport a 1:06:53,29
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
ça y est, c'etait long mais j'ai supprimer les 27 fichiers infectés.
Par contre au redemarage de mozilla, avast m'a trouvé un mouveau virus. Je l'ai supprimer (via avast) et j'ai redémarré.
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 6.0.6000
01:46:49 24/08/2008
mbam-log-08-24-2008 (01-46-49).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158671
Temps écoulé: 28 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 36
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpjmj0ej25 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Par contre au redemarage de mozilla, avast m'a trouvé un mouveau virus. Je l'ai supprimer (via avast) et j'ai redémarré.
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 6.0.6000
01:46:49 24/08/2008
mbam-log-08-24-2008 (01-46-49).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158671
Temps écoulé: 28 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 36
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 8
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpjmj0ej25 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Voila le rapport mais pendant l'analyse, le message du parefeu windows est réapparu...
-----------\\ ToolBar S&D 1.1.3 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
Phoenix - AwardBIOS v6.00PG
BOOT : Normal boot
"C:\ToolBar SD" ( MAJ : 22-08-2008|17:30 )
Option : [2] ( 24/08/2008| 2:08 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="http://ie.redirect.hp.com/..."
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Mehdiben\Downloads\eMule\Incoming\VA-JARRING_EFFECTS-JFXBits_1-2007\VA-JARRING EFFECTS-JFXBits_#1-2007\VA - JARRING EFFECTS - JFX Bits #1 - 2007\14-GROSSO_GADGETTO-your_mother_smokes_crack.mp3
[ UAC => 1 ]
-----------\\ Fin du rapport a 2:09:01,03
-----------\\ ToolBar S&D 1.1.3 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
Phoenix - AwardBIOS v6.00PG
BOOT : Normal boot
"C:\ToolBar SD" ( MAJ : 22-08-2008|17:30 )
Option : [2] ( 24/08/2008| 2:08 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="http://ie.redirect.hp.com/..."
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Mehdiben\Downloads\eMule\Incoming\VA-JARRING_EFFECTS-JFXBits_1-2007\VA-JARRING EFFECTS-JFXBits_#1-2007\VA - JARRING EFFECTS - JFX Bits #1 - 2007\14-GROSSO_GADGETTO-your_mother_smokes_crack.mp3
[ UAC => 1 ]
-----------\\ Fin du rapport a 2:09:01,03
---> Désinstalle ToolBar S&D
---> Relance MBAM, va dans Quarantaine et supprime tout
---> Poste un nouveau rapport HijackThis
---> Relance MBAM, va dans Quarantaine et supprime tout
---> Poste un nouveau rapport HijackThis
Voila le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23:25, on 24/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Lexmark 3300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\pmfkfenk\pepifijg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\moncomcmd\hchazwxs.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [smartact] C:\ProgramData\smartact\fovwzsns.exe
O4 - HKCU\..\Run: [bKOMZ8u2Gh] C:\ProgramData\pmfkfenk\pepifijg.exe
O4 - HKCU\..\Run: [moncomcmd] C:\ProgramData\moncomcmd\hchazwxs.exe
O4 - HKCU\..\Run: [lphcpjmj0ej25] C:\Windows\system32\lphcpjmj0ej25.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23:25, on 24/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Lexmark 3300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\pmfkfenk\pepifijg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\moncomcmd\hchazwxs.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [smartact] C:\ProgramData\smartact\fovwzsns.exe
O4 - HKCU\..\Run: [bKOMZ8u2Gh] C:\ProgramData\pmfkfenk\pepifijg.exe
O4 - HKCU\..\Run: [moncomcmd] C:\ProgramData\moncomcmd\hchazwxs.exe
O4 - HKCU\..\Run: [lphcpjmj0ej25] C:\Windows\system32\lphcpjmj0ej25.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
---> Désactive l'UAC le temps de la désinfection :
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
voila le rapport :
ComboFix 08-08-23.01 - Mehdiben 2008-08-24 2:44:26.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1972 [GMT 2:00]
Endroit: C:\Users\Mehdiben\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:49 --------- d-----w C:\ProgramData\shhlp
2008-08-23 23:49 --------- d-----w C:\ProgramData\moncomcmd
2008-08-23 23:14 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 23:06 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 20:54 --------- d-----w C:\Program Files\Trend Micro
2008-08-23 12:51 --------- d-----w C:\ProgramData\smartact
2008-08-23 12:51 --------- d-----w C:\ProgramData\pmfkfenk
2008-08-23 12:51 --------- d-----w C:\ProgramData\appchkadm
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-15 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-07 17:14 --------- d-----w C:\Program Files\PokerStars
2008-07-30 18:38 --------- d-----w C:\Program Files\Lx_cats
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 01:09 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:12 --------- d-----w C:\Program Files\Avanquest update
2008-06-28 21:03 --------- d-----w C:\ProgramData\BVRP Software
2008-06-28 20:51 --------- d-----w C:\ProgramData\Sony Ericsson
2008-06-28 20:51 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-28 18:57 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Sony
2008-06-28 18:57 --------- d-----w C:\ProgramData\Sony
2008-06-28 18:54 --------- d-----w C:\Program Files\Sony
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-14 18:24 4,008 ----a-w C:\Users\Mehdiben\AppData\Roaming\wklnhst.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-08 20:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:41 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"smartact"="C:\ProgramData\smartact\fovwzsns.exe" [2008-08-23 14:51 106496]
"bKOMZ8u2Gh"="C:\ProgramData\pmfkfenk\pepifijg.exe" [2008-08-23 14:51 77824]
"moncomcmd"="C:\ProgramData\moncomcmd\hchazwxs.exe" [2008-08-24 01:49 98304]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 06:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 06:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 06:03 81920]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608]
"LXCCCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 05:13 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 08:57 205744]
"EzPrint"="C:\Program Files\Lexmark 3300 Series\ezprint.exe" [2007-05-11 08:58 103344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bKOMZ8u2Gh"="C:\ProgramData\pmfkfenk\pepifijg.exe" [2008-08-23 14:51 77824]
C:\Users\Mehdiben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 19:57:54 110592]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3EC4228F-B65C-4AC2-ADAF-2CC0E46D6920}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6BEAC36-DAD5-4121-8B4A-4CAD4F0A0E45}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4EB66716-7C1A-41D6-A379-094ADA475E06}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1913B57D-2D14-44CF-B2F9-30030B65E601}"= UDP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{6714BFD2-9D82-4472-B23B-39BA76D0D519}"= TCP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{04506C71-E6B7-4641-8CC4-BD9B8CD19B05}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"{5999A339-CB1E-4E78-A900-2EE37771453D}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"TCP Query User{403FAA7A-F576-4319-B922-6D44F71730D1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F8BB49E9-391C-443C-9FCD-54AF62298780}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7D3CCC28-46B8-4EA6-807E-5D11CB178625}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FDE2B538-3229-4C73-94C6-FAC4BBCB3921}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{5C96DDB6-F452-4D6B-A4B1-8D34A78DA8BC}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= UDP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{31D8E545-2A58-49A5-845C-85A3B1908B4F}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= TCP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{0D6B604B-C9C6-4EE7-9FA5-B85759040380}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{90F716B4-CAC7-4970-A8B0-0EA7EE2B21FB}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{7B769D21-C5FF-48E9-A024-1EC0F20B2C9E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{24CDB0E9-22CD-434C-8180-04ABCE5A0FAE}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B34CA701-0516-4275-AB5E-C6F65F9C631F}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{49AF9205-204F-4A85-9DD2-1941E7B3E93C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{9E1B883C-84EB-44BF-8B15-EBF093AC5FB2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D7363201-406F-4CFC-BE7B-24AC12F328AF}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{93FA4D14-2BE4-4159-BB30-D0A57ABA4FA7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D4F15E58-6244-44BB-8AF0-4DB192721E1E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8A64A101-3A1C-4B50-B30A-DB62735B57FE}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{FA4857E3-35D2-4179-817F-3B75E194308D}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 10:47]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 10:47]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 10:47]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 12:47]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s916obex.sys [2007-11-02 12:47]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 19:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aedaedc0-c886-11dc-b1a0-001bb985d63a}]
\shell\AutoRun\command - J:\80avp08.com
\shell\explore\Command - J:\80avp08.com
\shell\open\Command - J:\80avp08.com
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{6E575C06-F09E-4B88-B641-40F971E0DFBF}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Mehdiben\AppData\Roaming\Mozilla\Firefox\Profiles\vaw8almc.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 02:45:36
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-24 2:46:48
ComboFix-quarantined-files.txt 2008-08-24 00:46:23
ComboFix2.txt 2008-08-24 00:42:28
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 180,192,608,256 octets libres
178 --- E O F --- 2008-08-23 18:39:33
ComboFix 08-08-23.01 - Mehdiben 2008-08-24 2:44:26.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1972 [GMT 2:00]
Endroit: C:\Users\Mehdiben\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:49 --------- d-----w C:\ProgramData\shhlp
2008-08-23 23:49 --------- d-----w C:\ProgramData\moncomcmd
2008-08-23 23:14 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 23:06 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 20:54 --------- d-----w C:\Program Files\Trend Micro
2008-08-23 12:51 --------- d-----w C:\ProgramData\smartact
2008-08-23 12:51 --------- d-----w C:\ProgramData\pmfkfenk
2008-08-23 12:51 --------- d-----w C:\ProgramData\appchkadm
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-15 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-07 17:14 --------- d-----w C:\Program Files\PokerStars
2008-07-30 18:38 --------- d-----w C:\Program Files\Lx_cats
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 01:09 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:12 --------- d-----w C:\Program Files\Avanquest update
2008-06-28 21:03 --------- d-----w C:\ProgramData\BVRP Software
2008-06-28 20:51 --------- d-----w C:\ProgramData\Sony Ericsson
2008-06-28 20:51 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-28 18:57 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Sony
2008-06-28 18:57 --------- d-----w C:\ProgramData\Sony
2008-06-28 18:54 --------- d-----w C:\Program Files\Sony
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-14 18:24 4,008 ----a-w C:\Users\Mehdiben\AppData\Roaming\wklnhst.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-08 20:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:41 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"smartact"="C:\ProgramData\smartact\fovwzsns.exe" [2008-08-23 14:51 106496]
"bKOMZ8u2Gh"="C:\ProgramData\pmfkfenk\pepifijg.exe" [2008-08-23 14:51 77824]
"moncomcmd"="C:\ProgramData\moncomcmd\hchazwxs.exe" [2008-08-24 01:49 98304]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 06:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 06:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 06:03 81920]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608]
"LXCCCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 05:13 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 08:57 205744]
"EzPrint"="C:\Program Files\Lexmark 3300 Series\ezprint.exe" [2007-05-11 08:58 103344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bKOMZ8u2Gh"="C:\ProgramData\pmfkfenk\pepifijg.exe" [2008-08-23 14:51 77824]
C:\Users\Mehdiben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 19:57:54 110592]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3EC4228F-B65C-4AC2-ADAF-2CC0E46D6920}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6BEAC36-DAD5-4121-8B4A-4CAD4F0A0E45}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4EB66716-7C1A-41D6-A379-094ADA475E06}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1913B57D-2D14-44CF-B2F9-30030B65E601}"= UDP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{6714BFD2-9D82-4472-B23B-39BA76D0D519}"= TCP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{04506C71-E6B7-4641-8CC4-BD9B8CD19B05}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"{5999A339-CB1E-4E78-A900-2EE37771453D}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"TCP Query User{403FAA7A-F576-4319-B922-6D44F71730D1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F8BB49E9-391C-443C-9FCD-54AF62298780}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7D3CCC28-46B8-4EA6-807E-5D11CB178625}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FDE2B538-3229-4C73-94C6-FAC4BBCB3921}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{5C96DDB6-F452-4D6B-A4B1-8D34A78DA8BC}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= UDP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{31D8E545-2A58-49A5-845C-85A3B1908B4F}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= TCP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{0D6B604B-C9C6-4EE7-9FA5-B85759040380}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{90F716B4-CAC7-4970-A8B0-0EA7EE2B21FB}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{7B769D21-C5FF-48E9-A024-1EC0F20B2C9E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{24CDB0E9-22CD-434C-8180-04ABCE5A0FAE}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B34CA701-0516-4275-AB5E-C6F65F9C631F}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{49AF9205-204F-4A85-9DD2-1941E7B3E93C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{9E1B883C-84EB-44BF-8B15-EBF093AC5FB2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D7363201-406F-4CFC-BE7B-24AC12F328AF}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{93FA4D14-2BE4-4159-BB30-D0A57ABA4FA7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D4F15E58-6244-44BB-8AF0-4DB192721E1E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8A64A101-3A1C-4B50-B30A-DB62735B57FE}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{FA4857E3-35D2-4179-817F-3B75E194308D}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 10:47]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 10:47]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 10:47]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 12:47]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s916obex.sys [2007-11-02 12:47]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 19:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aedaedc0-c886-11dc-b1a0-001bb985d63a}]
\shell\AutoRun\command - J:\80avp08.com
\shell\explore\Command - J:\80avp08.com
\shell\open\Command - J:\80avp08.com
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{6E575C06-F09E-4B88-B641-40F971E0DFBF}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Mehdiben\AppData\Roaming\Mozilla\Firefox\Profiles\vaw8almc.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 02:45:36
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-24 2:46:48
ComboFix-quarantined-files.txt 2008-08-24 00:46:23
ComboFix2.txt 2008-08-24 00:42:28
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 180,192,608,256 octets libres
178 --- E O F --- 2008-08-23 18:39:33
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
J:\80avp08.com
Folder::
C:\ProgramData\smartact
C:\ProgramData\pmfkfenk
C:\ProgramData\moncomcmd
C:\ProgramData\shhlp
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smartact"=-
"bKOMZ8u2Gh"=-
"moncomcmd"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bKOMZ8u2Gh"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aedaedc0-c886-11dc-b1a0-001bb985d63a}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
J:\80avp08.com
Folder::
C:\ProgramData\smartact
C:\ProgramData\pmfkfenk
C:\ProgramData\moncomcmd
C:\ProgramData\shhlp
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smartact"=-
"bKOMZ8u2Gh"=-
"moncomcmd"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bKOMZ8u2Gh"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aedaedc0-c886-11dc-b1a0-001bb985d63a}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
Voila le rapport (j'ai recommancé l'opération, windows avait redémarer et j'ai cru que ça avait pas marché...)
ComboFix 08-08-23.01 - Mehdiben 2008-08-24 3:29:45.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2282 [GMT 2:00]
Endroit: C:\Users\Mehdiben\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mehdiben\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
J:\80avp08.com
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ProgramData\moncomcmd
C:\ProgramData\moncomcmd\hchazwxs.exe
C:\ProgramData\pmfkfenk
C:\ProgramData\pmfkfenk\pepifijg.exe.bak
C:\ProgramData\shhlp
C:\ProgramData\shhlp\hwxaxgbc.exe
C:\ProgramData\smartact
C:\ProgramData\smartact\fovwzsns.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:14 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 23:06 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 20:54 --------- d-----w C:\Program Files\Trend Micro
2008-08-23 12:51 --------- d-----w C:\ProgramData\appchkadm
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-15 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-07 17:14 --------- d-----w C:\Program Files\PokerStars
2008-07-30 18:38 --------- d-----w C:\Program Files\Lx_cats
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-10 01:09 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:12 --------- d-----w C:\Program Files\Avanquest update
2008-06-28 21:03 --------- d-----w C:\ProgramData\BVRP Software
2008-06-28 20:51 --------- d-----w C:\ProgramData\Sony Ericsson
2008-06-28 20:51 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-28 18:57 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Sony
2008-06-28 18:57 --------- d-----w C:\ProgramData\Sony
2008-06-28 18:54 --------- d-----w C:\Program Files\Sony
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-14 18:24 4,008 ----a-w C:\Users\Mehdiben\AppData\Roaming\wklnhst.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-08 20:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-24_ 2.41.41.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 00:33:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-24 00:33:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-24 00:32:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-24 01:36:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-24 00:32:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-24 01:36:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-24 00:32:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-24 01:36:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-24 00:38:12 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-24 01:32:49 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-24 00:38:12 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-08-24 01:32:49 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-08-24 00:38:12 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-24 01:32:49 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-24 00:38:12 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-08-24 01:32:50 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-08-24 00:34:11 7,612 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2943512135-755973071-121185203-1000_UserData.bin
+ 2008-08-24 01:27:54 7,764 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2943512135-755973071-121185203-1000_UserData.bin
- 2008-08-24 00:34:11 58,366 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-24 01:27:54 58,508 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-24 00:34:10 38,508 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-24 01:27:53 38,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:41 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 06:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 06:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 06:03 81920]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608]
"LXCCCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 05:13 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 08:57 205744]
"EzPrint"="C:\Program Files\Lexmark 3300 Series\ezprint.exe" [2007-05-11 08:58 103344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
C:\Users\Mehdiben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 19:57:54 110592]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3EC4228F-B65C-4AC2-ADAF-2CC0E46D6920}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6BEAC36-DAD5-4121-8B4A-4CAD4F0A0E45}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4EB66716-7C1A-41D6-A379-094ADA475E06}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1913B57D-2D14-44CF-B2F9-30030B65E601}"= UDP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{6714BFD2-9D82-4472-B23B-39BA76D0D519}"= TCP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{04506C71-E6B7-4641-8CC4-BD9B8CD19B05}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"{5999A339-CB1E-4E78-A900-2EE37771453D}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"TCP Query User{403FAA7A-F576-4319-B922-6D44F71730D1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F8BB49E9-391C-443C-9FCD-54AF62298780}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7D3CCC28-46B8-4EA6-807E-5D11CB178625}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FDE2B538-3229-4C73-94C6-FAC4BBCB3921}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{5C96DDB6-F452-4D6B-A4B1-8D34A78DA8BC}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= UDP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{31D8E545-2A58-49A5-845C-85A3B1908B4F}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= TCP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{0D6B604B-C9C6-4EE7-9FA5-B85759040380}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{90F716B4-CAC7-4970-A8B0-0EA7EE2B21FB}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{7B769D21-C5FF-48E9-A024-1EC0F20B2C9E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{24CDB0E9-22CD-434C-8180-04ABCE5A0FAE}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B34CA701-0516-4275-AB5E-C6F65F9C631F}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{49AF9205-204F-4A85-9DD2-1941E7B3E93C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{9E1B883C-84EB-44BF-8B15-EBF093AC5FB2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D7363201-406F-4CFC-BE7B-24AC12F328AF}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{93FA4D14-2BE4-4159-BB30-D0A57ABA4FA7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D4F15E58-6244-44BB-8AF0-4DB192721E1E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8A64A101-3A1C-4B50-B30A-DB62735B57FE}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{FA4857E3-35D2-4179-817F-3B75E194308D}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 10:47]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 10:47]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 10:47]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 12:47]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s916obex.sys [2007-11-02 12:47]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 19:37]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{6E575C06-F09E-4B88-B641-40F971E0DFBF}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 03:36:07
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\lxcccoms.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-24 3:40:12 - machine was rebooted [Mehdiben]
ComboFix-quarantined-files.txt 2008-08-24 01:40:07
ComboFix2.txt 2008-08-24 00:46:49
ComboFix3.txt 2008-08-24 00:42:28
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 182,411,137,024 octets libres
209 --- E O F --- 2008-08-23 18:39:33
ComboFix 08-08-23.01 - Mehdiben 2008-08-24 3:29:45.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2282 [GMT 2:00]
Endroit: C:\Users\Mehdiben\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mehdiben\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
J:\80avp08.com
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ProgramData\moncomcmd
C:\ProgramData\moncomcmd\hchazwxs.exe
C:\ProgramData\pmfkfenk
C:\ProgramData\pmfkfenk\pepifijg.exe.bak
C:\ProgramData\shhlp
C:\ProgramData\shhlp\hwxaxgbc.exe
C:\ProgramData\smartact
C:\ProgramData\smartact\fovwzsns.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 23:14 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-23 23:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 23:06 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 20:54 --------- d-----w C:\Program Files\Trend Micro
2008-08-23 12:51 --------- d-----w C:\ProgramData\appchkadm
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-15 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-07 17:14 --------- d-----w C:\Program Files\PokerStars
2008-07-30 18:38 --------- d-----w C:\Program Files\Lx_cats
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-10 01:09 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 21:12 --------- d-----w C:\Program Files\Avanquest update
2008-06-28 21:03 --------- d-----w C:\ProgramData\BVRP Software
2008-06-28 20:51 --------- d-----w C:\ProgramData\Sony Ericsson
2008-06-28 20:51 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-28 18:57 --------- d-----w C:\Users\Mehdiben\AppData\Roaming\Sony
2008-06-28 18:57 --------- d-----w C:\ProgramData\Sony
2008-06-28 18:54 --------- d-----w C:\Program Files\Sony
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-14 18:24 4,008 ----a-w C:\Users\Mehdiben\AppData\Roaming\wklnhst.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-08 20:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-08 20:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-24_ 2.41.41.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 00:33:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-24 00:33:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-24 01:35:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-24 00:32:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-24 01:36:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-24 00:32:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-24 01:36:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-24 00:32:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-24 01:36:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-24 00:38:12 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-24 01:32:49 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-24 00:38:12 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-08-24 01:32:49 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-08-24 00:38:12 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-24 01:32:49 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-24 00:38:12 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-08-24 01:32:50 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-08-24 00:34:11 7,612 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2943512135-755973071-121185203-1000_UserData.bin
+ 2008-08-24 01:27:54 7,764 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2943512135-755973071-121185203-1000_UserData.bin
- 2008-08-24 00:34:11 58,366 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-24 01:27:54 58,508 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-24 00:34:10 38,508 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-24 01:27:53 38,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:41 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 06:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 06:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 06:03 81920]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608]
"LXCCCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 05:13 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 08:57 205744]
"EzPrint"="C:\Program Files\Lexmark 3300 Series\ezprint.exe" [2007-05-11 08:58 103344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
C:\Users\Mehdiben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 19:57:54 110592]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3EC4228F-B65C-4AC2-ADAF-2CC0E46D6920}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6BEAC36-DAD5-4121-8B4A-4CAD4F0A0E45}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4EB66716-7C1A-41D6-A379-094ADA475E06}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1913B57D-2D14-44CF-B2F9-30030B65E601}"= UDP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{6714BFD2-9D82-4472-B23B-39BA76D0D519}"= TCP:C:\Windows\System32\lxcccoms.exe:Lexmark Communications System
"{04506C71-E6B7-4641-8CC4-BD9B8CD19B05}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"{5999A339-CB1E-4E78-A900-2EE37771453D}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window
"TCP Query User{403FAA7A-F576-4319-B922-6D44F71730D1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F8BB49E9-391C-443C-9FCD-54AF62298780}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7D3CCC28-46B8-4EA6-807E-5D11CB178625}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FDE2B538-3229-4C73-94C6-FAC4BBCB3921}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{5C96DDB6-F452-4D6B-A4B1-8D34A78DA8BC}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= UDP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{31D8E545-2A58-49A5-845C-85A3B1908B4F}C:\\users\\mehdiben\\desktop\\wow-frfr-installer-downloader.exe"= TCP:C:\users\mehdiben\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{0D6B604B-C9C6-4EE7-9FA5-B85759040380}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{90F716B4-CAC7-4970-A8B0-0EA7EE2B21FB}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{7B769D21-C5FF-48E9-A024-1EC0F20B2C9E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{24CDB0E9-22CD-434C-8180-04ABCE5A0FAE}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B34CA701-0516-4275-AB5E-C6F65F9C631F}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{49AF9205-204F-4A85-9DD2-1941E7B3E93C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{9E1B883C-84EB-44BF-8B15-EBF093AC5FB2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D7363201-406F-4CFC-BE7B-24AC12F328AF}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{93FA4D14-2BE4-4159-BB30-D0A57ABA4FA7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D4F15E58-6244-44BB-8AF0-4DB192721E1E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8A64A101-3A1C-4B50-B30A-DB62735B57FE}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{FA4857E3-35D2-4179-817F-3B75E194308D}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 10:47]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 10:47]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s916mdm.sys [2007-11-02 10:47]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 12:47]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s916obex.sys [2007-11-02 12:47]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 19:37]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{6E575C06-F09E-4B88-B641-40F971E0DFBF}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 03:36:07
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\lxcccoms.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-24 3:40:12 - machine was rebooted [Mehdiben]
ComboFix-quarantined-files.txt 2008-08-24 01:40:07
ComboFix2.txt 2008-08-24 00:46:49
ComboFix3.txt 2008-08-24 00:42:28
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 182,411,137,024 octets libres
209 --- E O F --- 2008-08-23 18:39:33
