Spyware mechant , help
Fermé
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
-
28 août 2008 à 21:20
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 août 2008 à 01:46
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 29 août 2008 à 01:46
A voir également:
- Spyware mechant , help
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Windows defender avertissement de sécurité trojan spyware - Forum Windows 10
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Super anti spyware - Télécharger - Antivirus & Antimalwares
- Windows defender trojan spyware ✓ - Forum Virus / Sécurité
18 réponses
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 22:19
28 août 2008 à 22:19
bizarre ce message d erreur :s
Télécharge sur le bureau malwarebytes à cette adresse :
https://www.androidworld.fr/
Voici un tuto pour bien l installer et bien l utiliser :
https://www.androidworld.fr/
Après l analyse, redémarrer le pc et poste le rapport !!
Télécharge sur le bureau malwarebytes à cette adresse :
https://www.androidworld.fr/
Voici un tuto pour bien l installer et bien l utiliser :
https://www.androidworld.fr/
Après l analyse, redémarrer le pc et poste le rapport !!
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 21:26
28 août 2008 à 21:26
Salut !!
Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp
Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :
https://www.androidworld.fr/
Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp
Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :
https://www.androidworld.fr/
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 21:36
28 août 2008 à 21:36
voici le rapport geo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:00:50, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
c:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Spyware Terminator\sp_rsser.exe
I:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\VDOTool\TBPanel.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\WINDOWS\System32\svchost.exe
D:\Program Files\Xfire\xfire.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\B3AOU\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - c:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "c:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TBPanel] I:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab xp\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration SCRABBLE® Interactive 2007 EDITION.LNK = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: ajouter à kaspersky anti-bannière - D:\Program Files\Kaspersky Lab xp\ie_banner_deny.htm
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab xp\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\adialhk.dll
O20 - Winlogon Notify: WinCtrl32 - I:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: a-squared Anti-Malware Service (a2antimalware) - Emsi Software GmbH - c:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Gestion d'applications AppMgmtEventSystem (AppMgmtEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Gestion d'applications AppMgmtEventSystem AppMgmtEventSystemAlerter (AppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Audio Windows AudioSrvHTTPFilter (AudioSrvHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab xp\avp.exe
O23 - Service: Kaspersky Internet Security 7.0 AVPCryptSvcRasAuto (AVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Service d'indexation CiSvcAVPCryptSvcRasAuto (CiSvcAVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Services de cryptographie CryptSvcRasAuto (CryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverdmserverProtectedStorage (dmserverdmserverprotectedstorage) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverProtectedStorage (dmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverWLSetupSvc (dmserverWLSetupSvc) - Unknown owner - .exe (file missing)
O23 - Service: Client DNS DnscacheLexBceS (DnscacheLexBceS) - Unknown owner - .exe (file missing)
O23 - Service: Client DNS DnscacheLexBceS DnscacheLexBceSHidServDcomLaunch (DnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Service de rapport d'erreurs ERSvcdmserverProtectedStorage (ERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityAlerter (FastUserSwitchingCompatibilityAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcHTTPFilter (gusvcHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service gusvcNetman (gusvcNetman) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service gusvcNetman gusvcNetmanmnmsrvc (gusvcNetmanmnmsrvc) - Unknown owner - .exe (file missing)
O23 - Service: Aide et support helpsvcSysmonLog (helpsvcSysmonLog) - Unknown owner - .exe (file missing)
O23 - Service: Accès du périphérique d'interface utilisateur HidServDcomLaunch (HidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallDriver Table Manager IDriverTRasAutoMDMSchedule (IDriverTRasAutoMDMSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Serveur lanmanserverWLSetupSvclanmanworkstation (lanmanserverWLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
O23 - Service: Station de travail lanmanworkstationDnscacheLexBceSHidServDcomLaunch (lanmanworkstationDnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Station de travail lanmanworkstationVSS (lanmanworkstationvss) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LexBce Server LexBceSHTTPFilter (LexBceSHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT (LexBceSWmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT LexBceSWmdmPmSNIDriverTRasAutoMDM (LexBceSWmdmPmSNIDriverTRasAutoMDM) - Unknown owner - .exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule (LmHostsSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule LmHostsScheduleUPS (LmHostsScheduleUPS) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMdmadmin (MDMdmadmin) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS (MDMLexBceS) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSDnscacheLexBceS (mdmlexbcesdnscachelexbces) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSW32Time (mdmlexbcesw32time) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMupnphostClipSrvNetlogon (MDMupnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
O23 - Service: Affichage des messages MessengerRemoteRegistry (MessengerRemoteRegistry) - Unknown owner - .exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG (NetDDEdsdmWebClientALG) - Unknown owner - .exe (file missing)
O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG NetDDEdsdmWebClientALGlanmanserver (NetDDEdsdmWebClientALGlanmanserver) - Unknown owner - .exe (file missing)
O23 - Service: Ouverture de session réseau NetlogonBITS (NetlogonBITS) - Unknown owner - .exe (file missing)
O23 - Service: Ouverture de session réseau NetlogonSchedule (NetlogonSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog (NtLmSspEventlog) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr (NtLmSspEventlogTlntSvr) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr NtLmSspEventlogTlntSvrNetDDEdsdm (ntlmsspeventlogtlntsvrnetddedsdm) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspNVSvc (NtLmSspNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine oseVSS (oseVSS) - Unknown owner - .exe (file missing)
O23 - Service: Services IPSEC PolicyAgentWLSetupSvc (PolicyAgentWLSetupSvc) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM (RasAutoMDM) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMCryptSvcRasAuto (RasAutoMDMCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMSchedule (RasAutoMDMSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutomnmsrvc (RasAutomnmsrvc) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrTermServiceNtLmSsp (rdsessmgrtermservicentlmssp) - Unknown owner - .exe (file missing)
O23 - Service: Routage et accès distant RemoteAccessCiSvc (RemoteAccessCiSvc) - Unknown owner - .exe (file missing)
O23 - Service: QoS RSVP RSVPose (RSVPose) - Unknown owner - .exe (file missing)
O23 - Service: Planificateur de tâches ScheduleIDriverT (ScheduleIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage (stisvcERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time (stisvcERSvcdmserverProtectedStorageW32Time) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time stisvcERSvcdmserverProtectedStorageW32TimeBrowser (stisvcERSvcdmserverProtectedStorageW32TimeBrowser) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMDM (stisvcMDM) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC (stisvcMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC stisvcMSDTCMSDTC (stisvcMSDTCMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvBITS (SwPrvBITS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvVSS (SwPrvVSS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvVSS SwPrvVSSAppMgmt (SwPrvVSSAppMgmt) - Unknown owner - .exe (file missing)
O23 - Service: Services Terminal Server TermServiceNtLmSsp (TermServiceNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Services Terminal Server TermServiceWebClientUPS (TermServiceWebClientUPS) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostAppMgmtEventSystemAlerter (upnphostAppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv (upnphostClipSrv) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv upnphostClipSrvNetlogon (upnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
O23 - Service: User Privilege Service usprservHidServ (usprservHidServ) - Unknown owner - .exe (file missing)
O23 - Service: WebClient WebClientALG (WebClientALG) - Unknown owner - .exe (file missing)
O23 - Service: WebClient WebClientUPS (WebClientUPS) - Unknown owner - .exe (file missing)
O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation (WLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation WLSetupSvclanmanworkstationupnphostClipSrv (wlsetupsvclanmanworkstationupnphostclipsrv) - Unknown owner - .exe (file missing)
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNIDriverT (WmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: Carte de performance WMI WmiApSrvNVSvc (WmiApSrvNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Carte de performance WMI WmiApSrvRSVPose (WmiApSrvRSVPose) - Unknown owner - .exe (file missing)
O23 - Service: Configuration automatique sans fil WZCSVCmnmsrvc (WZCSVCmnmsrvc) - Unknown owner - .exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:00:50, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
c:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Spyware Terminator\sp_rsser.exe
I:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\VDOTool\TBPanel.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\WINDOWS\System32\svchost.exe
D:\Program Files\Xfire\xfire.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\B3AOU\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - c:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "c:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TBPanel] I:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab xp\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration SCRABBLE® Interactive 2007 EDITION.LNK = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: ajouter à kaspersky anti-bannière - D:\Program Files\Kaspersky Lab xp\ie_banner_deny.htm
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab xp\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\adialhk.dll
O20 - Winlogon Notify: WinCtrl32 - I:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: a-squared Anti-Malware Service (a2antimalware) - Emsi Software GmbH - c:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Gestion d'applications AppMgmtEventSystem (AppMgmtEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Gestion d'applications AppMgmtEventSystem AppMgmtEventSystemAlerter (AppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Audio Windows AudioSrvHTTPFilter (AudioSrvHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab xp\avp.exe
O23 - Service: Kaspersky Internet Security 7.0 AVPCryptSvcRasAuto (AVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Service d'indexation CiSvcAVPCryptSvcRasAuto (CiSvcAVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Services de cryptographie CryptSvcRasAuto (CryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverdmserverProtectedStorage (dmserverdmserverprotectedstorage) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverProtectedStorage (dmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverWLSetupSvc (dmserverWLSetupSvc) - Unknown owner - .exe (file missing)
O23 - Service: Client DNS DnscacheLexBceS (DnscacheLexBceS) - Unknown owner - .exe (file missing)
O23 - Service: Client DNS DnscacheLexBceS DnscacheLexBceSHidServDcomLaunch (DnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Service de rapport d'erreurs ERSvcdmserverProtectedStorage (ERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityAlerter (FastUserSwitchingCompatibilityAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcHTTPFilter (gusvcHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service gusvcNetman (gusvcNetman) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service gusvcNetman gusvcNetmanmnmsrvc (gusvcNetmanmnmsrvc) - Unknown owner - .exe (file missing)
O23 - Service: Aide et support helpsvcSysmonLog (helpsvcSysmonLog) - Unknown owner - .exe (file missing)
O23 - Service: Accès du périphérique d'interface utilisateur HidServDcomLaunch (HidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallDriver Table Manager IDriverTRasAutoMDMSchedule (IDriverTRasAutoMDMSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Serveur lanmanserverWLSetupSvclanmanworkstation (lanmanserverWLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
O23 - Service: Station de travail lanmanworkstationDnscacheLexBceSHidServDcomLaunch (lanmanworkstationDnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Station de travail lanmanworkstationVSS (lanmanworkstationvss) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LexBce Server LexBceSHTTPFilter (LexBceSHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT (LexBceSWmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT LexBceSWmdmPmSNIDriverTRasAutoMDM (LexBceSWmdmPmSNIDriverTRasAutoMDM) - Unknown owner - .exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule (LmHostsSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule LmHostsScheduleUPS (LmHostsScheduleUPS) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMdmadmin (MDMdmadmin) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS (MDMLexBceS) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSDnscacheLexBceS (mdmlexbcesdnscachelexbces) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSW32Time (mdmlexbcesw32time) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMupnphostClipSrvNetlogon (MDMupnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
O23 - Service: Affichage des messages MessengerRemoteRegistry (MessengerRemoteRegistry) - Unknown owner - .exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG (NetDDEdsdmWebClientALG) - Unknown owner - .exe (file missing)
O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG NetDDEdsdmWebClientALGlanmanserver (NetDDEdsdmWebClientALGlanmanserver) - Unknown owner - .exe (file missing)
O23 - Service: Ouverture de session réseau NetlogonBITS (NetlogonBITS) - Unknown owner - .exe (file missing)
O23 - Service: Ouverture de session réseau NetlogonSchedule (NetlogonSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog (NtLmSspEventlog) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr (NtLmSspEventlogTlntSvr) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr NtLmSspEventlogTlntSvrNetDDEdsdm (ntlmsspeventlogtlntsvrnetddedsdm) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspNVSvc (NtLmSspNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine oseVSS (oseVSS) - Unknown owner - .exe (file missing)
O23 - Service: Services IPSEC PolicyAgentWLSetupSvc (PolicyAgentWLSetupSvc) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM (RasAutoMDM) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMCryptSvcRasAuto (RasAutoMDMCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMSchedule (RasAutoMDMSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutomnmsrvc (RasAutomnmsrvc) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrTermServiceNtLmSsp (rdsessmgrtermservicentlmssp) - Unknown owner - .exe (file missing)
O23 - Service: Routage et accès distant RemoteAccessCiSvc (RemoteAccessCiSvc) - Unknown owner - .exe (file missing)
O23 - Service: QoS RSVP RSVPose (RSVPose) - Unknown owner - .exe (file missing)
O23 - Service: Planificateur de tâches ScheduleIDriverT (ScheduleIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage (stisvcERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time (stisvcERSvcdmserverProtectedStorageW32Time) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time stisvcERSvcdmserverProtectedStorageW32TimeBrowser (stisvcERSvcdmserverProtectedStorageW32TimeBrowser) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMDM (stisvcMDM) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC (stisvcMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC stisvcMSDTCMSDTC (stisvcMSDTCMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvBITS (SwPrvBITS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvVSS (SwPrvVSS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvVSS SwPrvVSSAppMgmt (SwPrvVSSAppMgmt) - Unknown owner - .exe (file missing)
O23 - Service: Services Terminal Server TermServiceNtLmSsp (TermServiceNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Services Terminal Server TermServiceWebClientUPS (TermServiceWebClientUPS) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostAppMgmtEventSystemAlerter (upnphostAppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv (upnphostClipSrv) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv upnphostClipSrvNetlogon (upnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
O23 - Service: User Privilege Service usprservHidServ (usprservHidServ) - Unknown owner - .exe (file missing)
O23 - Service: WebClient WebClientALG (WebClientALG) - Unknown owner - .exe (file missing)
O23 - Service: WebClient WebClientUPS (WebClientUPS) - Unknown owner - .exe (file missing)
O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation (WLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation WLSetupSvclanmanworkstationupnphostClipSrv (wlsetupsvclanmanworkstationupnphostclipsrv) - Unknown owner - .exe (file missing)
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNIDriverT (WmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: Carte de performance WMI WmiApSrvNVSvc (WmiApSrvNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Carte de performance WMI WmiApSrvRSVPose (WmiApSrvRSVPose) - Unknown owner - .exe (file missing)
O23 - Service: Configuration automatique sans fil WZCSVCmnmsrvc (WZCSVCmnmsrvc) - Unknown owner - .exe (file missing)
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 21:39
28 août 2008 à 21:39
tu as des toolbars infectées...fais ceci stp :
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau à cette adresse :
(c est le numéro 6 en bas de la page) : https://www.androidworld.fr/
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau à cette adresse :
(c est le numéro 6 en bas de la page) : https://www.androidworld.fr/
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 21:50
28 août 2008 à 21:50
ok ,
au fait depuis l'infection je ne peux plus me connecter a msn ni d'afficher la page hotmail.fr
voici le rapport TB
-----------\\ ToolBar S&D 1.1.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
USER : B3AOU ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)
"I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [1] ( 25/12/2006| 6:16 )
-----------\\ Recherche de Fichiers / Dossiers ...
I:\Program Files\Crawler
I:\Program Files\Crawler\Download
I:\Program Files\Crawler\Toolbar
I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="I:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
au fait depuis l'infection je ne peux plus me connecter a msn ni d'afficher la page hotmail.fr
voici le rapport TB
-----------\\ ToolBar S&D 1.1.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
USER : B3AOU ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)
"I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [1] ( 25/12/2006| 6:16 )
-----------\\ Recherche de Fichiers / Dossiers ...
I:\Program Files\Crawler
I:\Program Files\Crawler\Download
I:\Program Files\Crawler\Toolbar
I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="I:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 21:54
28 août 2008 à 21:54
ok c est bien de le dire...fais ce qui suit stp :
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
ensuite :
télécharge combofix (par sUBs) à cette adresse :
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport stp
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
ensuite :
télécharge combofix (par sUBs) à cette adresse :
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport stp
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 22:03
28 août 2008 à 22:03
alors la ce virus a tout fait:
il a desactiver le parefeu windows et je ne peu plus l'activer
je ne peu pa changer l'arriere plan qui contient la maudite fenetre
et si la mise en veille a lieu , le PC se plante directement
voici le nouveau rapport
-----------\\ ToolBar S&D 1.1.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
USER : B3AOU ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)
"I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [2] ( 25/12/2006| 6:26 )
-----------\\ SUPPRESSION
Supprime! - I:\Program Files\Crawler\Download
Supprime! - I:\Program Files\Crawler\Toolbar
Supprime! - I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - I:\Program Files\Crawler
-----------\\ Recherche de Fichiers / Dossiers ...
il a desactiver le parefeu windows et je ne peu plus l'activer
je ne peu pa changer l'arriere plan qui contient la maudite fenetre
et si la mise en veille a lieu , le PC se plante directement
voici le nouveau rapport
-----------\\ ToolBar S&D 1.1.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
USER : B3AOU ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)
"I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [2] ( 25/12/2006| 6:26 )
-----------\\ SUPPRESSION
Supprime! - I:\Program Files\Crawler\Download
Supprime! - I:\Program Files\Crawler\Toolbar
Supprime! - I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - I:\Program Files\Crawler
-----------\\ Recherche de Fichiers / Dossiers ...
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 22:09
28 août 2008 à 22:09
ok maintenant fais combofix stp
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 22:15
28 août 2008 à 22:15
ca affiche un message d'erreur "data error" "check your settings"
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 22:33
28 août 2008 à 22:33
voila
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1092
Windows 5.1.2600 Service Pack 2
07:00:28 25/12/2006
mbam-log-12-25-2006 (07-00-28).txt
Type de recherche: Examen rapide
Eléments examinés: 50453
Temps écoulé: 5 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
I:\WINDOWS\system32\blphc53wj0eg63.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\adsndst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
I:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\phc53wj0eg63.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1092
Windows 5.1.2600 Service Pack 2
07:00:28 25/12/2006
mbam-log-12-25-2006 (07-00-28).txt
Type de recherche: Examen rapide
Eléments examinés: 50453
Temps écoulé: 5 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
I:\WINDOWS\system32\blphc53wj0eg63.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\adsndst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
I:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\phc53wj0eg63.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 22:37
28 août 2008 à 22:37
ok...réessais combofix stp
et ensuite fais ceci :
Option 1 - Recherche :
télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :
https://www.androidworld.fr/
Ensuite double clique sur smitfraudfix puis exécuter
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
et ensuite fais ceci :
Option 1 - Recherche :
télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :
https://www.androidworld.fr/
Ensuite double clique sur smitfraudfix puis exécuter
Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.
copier/coller le rapport dans la réponse.
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 23:09
28 août 2008 à 23:09
ok , je vais faire ca mais avant il faut que je te dise , tout est redevenu normal maintenant sauf msn qui ne veu pa se connecter , j'utilise combofix commeme?
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 23:14
28 août 2008 à 23:14
oui fais combofix et ensuite smitfraudfix stp
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
28 août 2008 à 23:47
28 août 2008 à 23:47
rien toujours "date error" "check your settings"
je ne voi pas le rapport avec la date , est ce que je dois changer la date systeme?
je ne voi pas le rapport avec la date , est ce que je dois changer la date systeme?
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 août 2008 à 23:52
28 août 2008 à 23:52
non ne touche pas à la date systeme...fais smitfraudfix et ensuite on lancera un programme pour msn
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
29 août 2008 à 00:07
29 août 2008 à 00:07
ah dsl j'ai deja changer la date system et tu c quoi , ca a marché voici le rapport de combofix
ComboFix 08-08-28.04 - B3AOU 2008-08-28 8:18:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.586 [GMT 2:00]
Endroit: I:\Documents and Settings\B3AOU\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com\clearspring.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0290\v\swf\qplayer.swf\qplayer.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0293\v\swf\qplayer.swf\qplayer.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
I:\WINDOWS\system32\AutoRun.inf
I:\WINDOWS\system32\dao350.dll
i:\windows\system32\Drivers\Winfm20.sys
I:\WINDOWS\system32\kakle.dll
I:\WINDOWS\system32\mdm.exe
I:\WINDOWS\system32\MSINET.oca
I:\WINDOWS\system32\WinCtrl32.dl_
I:\WINDOWS\system32\WinCtrl32.dll
I:\WINDOWS\system32\winitn.dll
I:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINFM20
-------\Service_Winfm20
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-28 12:39 . 2008-08-28 12:39 203,776 --a--c--- I:\WINDOWS\system32\drivers\234.exe
2008-08-28 11:14 . 2006-12-25 08:25 0 --a--c--- I:\WINDOWS\system32\drivers\857a4e0f.sys
2008-08-27 22:29 . 2008-08-27 22:29 203,776 --a--c--- I:\WINDOWS\system32\drivers\[u]0[/u].exe
2008-08-27 19:12 . 2008-08-27 19:12 203,776 --a--c--- I:\WINDOWS\system32\drivers\421.exe
2008-08-27 17:47 . 2008-08-27 17:47 203,776 --a--c--- I:\WINDOWS\system32\drivers\765.exe
2008-08-27 17:30 . 2008-08-27 17:30 203,776 --a--c--- I:\WINDOWS\system32\drivers\31.exe
2008-08-27 11:13 . 2008-08-27 11:13 203,776 --a--c--- I:\WINDOWS\system32\drivers\875.exe
2008-08-26 20:57 . 2008-08-26 20:57 203,776 --a--c--- I:\WINDOWS\system32\drivers\484.exe
2008-08-23 18:00 . 2008-08-23 18:00 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\VistaCodecs
2008-08-16 12:14 . 2006-12-25 06:05 0 --a--c--- I:\WINDOWS\system32\1033n.sys
2008-08-09 18:19 . 2008-08-09 18:19 244 --ah-c--- I:\sqmnoopt12.sqm
2008-08-09 18:19 . 2008-08-09 18:19 232 --ah-c--- I:\sqmdata12.sqm
2008-08-09 17:51 . 2008-08-09 17:51 268 --ah-c--- I:\sqmdata11.sqm
2008-08-09 17:51 . 2008-08-09 17:51 244 --ah-c--- I:\sqmnoopt11.sqm
2008-08-09 13:29 . 2008-08-09 13:29 268 --ah-c--- I:\sqmdata10.sqm
2008-08-09 13:29 . 2008-08-09 13:29 244 --ah-c--- I:\sqmnoopt10.sqm
2008-08-09 08:41 . 2008-08-09 08:41 268 --ah-c--- I:\sqmdata09.sqm
2008-08-09 08:41 . 2008-08-09 08:41 244 --ah-c--- I:\sqmnoopt09.sqm
2008-08-09 08:30 . 2008-08-09 08:30 1,007,616 --a--c--- I:\WINDOWS\system32\VSFilter.dll
2008-08-09 00:17 . 2008-08-09 00:17 268 --ah-c--- I:\sqmdata08.sqm
2008-08-09 00:17 . 2008-08-09 00:17 244 --ah-c--- I:\sqmnoopt08.sqm
2008-08-08 20:33 . 2008-08-08 20:33 268 --ah-c--- I:\sqmdata07.sqm
2008-08-08 20:33 . 2008-08-08 20:33 244 --ah-c--- I:\sqmnoopt07.sqm
2008-08-08 17:12 . 2008-08-08 17:12 268 --ah-c--- I:\sqmdata06.sqm
2008-08-08 17:12 . 2008-08-08 17:12 244 --ah-c--- I:\sqmnoopt06.sqm
2008-08-08 14:36 . 2008-08-08 14:36 268 --ah-c--- I:\sqmdata05.sqm
2008-08-08 14:36 . 2008-08-08 14:36 244 --ah-c--- I:\sqmnoopt05.sqm
2008-08-08 12:35 . 2008-08-08 12:35 <REP> d----c--- I:\Program Files\QuickTime
2008-08-08 02:15 . 2008-08-08 02:15 268 --ah-c--- I:\sqmdata04.sqm
2008-08-08 02:15 . 2008-08-08 02:15 244 --ah-c--- I:\sqmnoopt04.sqm
2008-08-07 23:42 . 2008-08-07 23:42 268 --ah-c--- I:\sqmdata03.sqm
2008-08-07 23:42 . 2008-08-07 23:42 244 --ah-c--- I:\sqmnoopt03.sqm
2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a--c--- I:\WINDOWS\system32\xfcodec.dll
2008-08-04 09:51 . 2006-12-25 06:17 31,545,427 --ahsc--- I:\WINDOWS\system32\adsndsto.sys
2008-08-04 09:37 . 2006-12-25 08:10 284 --a-sc--- I:\WINDOWS\system32\3692391039.dat
2008-08-04 00:14 . 2008-08-04 00:14 130,712 --a--c--- I:\Documents and Settings\B3AOU\S87ekhV.exe
2008-08-03 11:29 . 2008-08-03 11:32 <REP> d----c--- I:\WINDOWS\system32\Adobe
2008-08-03 11:02 . 2006-04-18 23:56 441,856 --a--c--- I:\WINDOWS\system32\mailingbuilder.dll
2008-08-03 11:02 . 2004-08-04 06:00 128,000 --a--c--- I:\WINDOWS\system32\DHTMLED.OCX
2008-07-30 18:37 . 2008-07-30 18:37 <REP> d--hsc--- I:\WINDOWS\ftpcache
2008-07-28 01:12 . 2008-07-28 01:12 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\Adobe Systems
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 06:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\uTorrent
2008-08-28 06:27 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\AdobeUM
2008-08-28 06:26 24,084,512 -csha-w I:\WINDOWS\system32\drivers\fidbox.dat
2008-08-28 06:24 83,132 -csha-w I:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-28 06:24 808,992 -csha-w I:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-28 06:24 329,852 -csha-w I:\WINDOWS\system32\drivers\fidbox.idx
2008-08-17 14:01 38,472 -c--a-w I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 14:01 17,144 -c--a-w I:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 22:54 --------- dc--a-w I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 16:25 --------- dc-h--w I:\Program Files\InstallShield Installation Information
2008-07-30 08:01 --------- dc----w I:\Program Files\Ubisoft
2008-07-30 08:01 --------- dc----w I:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-28 11:00 --------- dc----w I:\Program Files\HP
2008-07-28 11:00 --------- dc----w I:\Documents and Settings\All Users\Application Data\HP
2008-07-27 23:18 --------- dc----w I:\Program Files\Fichiers communs\Adobe
2008-07-27 22:41 344,064 -c--a-w I:\WINDOWS\system32\dkll.dll
2008-07-27 22:41 196,608 -c--a-w I:\WINDOWS\system32\maag.dll
2008-07-27 22:41 1,986,560 -c--a-w I:\WINDOWS\system32\akll.dll
2008-07-27 22:41 1,212,416 -c--a-w I:\WINDOWS\system32\ckll.dll
2008-07-25 10:14 --------- dc----w I:\Program Files\Java
2008-07-25 10:02 --------- dc----w I:\Program Files\Fichiers communs\Java
2008-07-23 10:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\Ashampoo
2008-07-23 10:27 --------- dc----w I:\Program Files\Ashampoo
2008-07-19 20:28 --------- dc----w I:\Program Files\ReflexiveArcade
2008-07-18 11:05 444,952 -c--a-w I:\WINDOWS\system32\wrap_oal.dll
2008-07-18 11:05 109,080 -c--a-w I:\WINDOWS\system32\OpenAL32.dll
2008-07-18 10:28 107,888 -c--a-w I:\WINDOWS\system32\CmdLineExt.dll
2008-07-12 23:41 --------- dc----w I:\Program Files\Common Files
2008-07-12 22:23 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\InstallShield
2008-07-11 15:43 --------- dc----w I:\Program Files\uTorrent
2008-07-11 08:24 --------- dc----w I:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-07-09 21:14 --------- dc----w I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 14:23 --------- dcsh--w I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-09 13:19 --------- dc----w I:\Program Files\Windows Live
2008-07-08 17:26 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\HP
2008-07-08 17:26 --------- dc----w I:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-08 17:22 --------- dc----w I:\Program Files\Fichiers communs\HP
2008-07-08 17:16 --------- dc----w I:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-06 16:54 --------- dc----w I:\Program Files\Fichiers communs\Blizzard Entertainment
2008-07-06 10:56 --------- dc----w I:\Program Files\Google
2008-07-02 22:45 --------- dc----w I:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-02 21:50 --------- dc----w I:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-01 08:11 --------- dc----w I:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-28 18:52 --------- dc----w I:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 18:36 7,680 -c--a-w I:\WINDOWS\system32\ff_vfw.dll
2006-12-25 04:17 31,545,427 -csha-w I:\WINDOWS\system32\adsndsto.sys
.
------- Sigcheck -------
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 14:17 68856]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"uTorrent"="I:\Program Files\uTorrent\uTorrent.exe" [2008-08-14 12:02 267056]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TBPanel"="I:\Program Files\VDOTool\TBPanel.exe" [2008-01-29 11:19 2157096]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2008-01-08 19:53 8523776]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 19:53 81920]
"Sony Ericsson PC Suite"="I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2008-08-08 12:35 413696]
"a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-07-31 15:46 2131600]
"AVP"="D:\Program Files\Kaspersky Lab xp\avp.exe" [2007-06-26 16:53 218376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-02 17:02 16377344 I:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-01-08 19:53 1626112 I:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Program Files\\Prey\\prey.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S1 857a4e0f;857a4e0f;I:\WINDOWS\system32\drivers\857a4e0f.sys [2006-12-25 08:25]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);I:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;I:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;I:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);I:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;I:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10192-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10193-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10194-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e07823-f5ef-11dc-b1bd-001921b35837}]
\Shell\AutoRun\command - O:\u2.cmd
\Shell\explore\Command - O:\u2.cmd
\Shell\open\Command - O:\u2.cmd
*Newly Created Service* - SHAREDACCESSDNSCACHELEXBCES
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
HKLM-Run-EoSudoku - (no file)
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Window Title =
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: crawler search - tbr:iemenu
O8 -: Download ALL with IDA
O8 -: Download with IDA
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 08:27:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystemAlerter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvHTTPFilter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVPCryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcAVPCryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverdmserverprotectedstorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverProtectedStorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverWLSetupSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceSHidServDcomLaunch]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvcdmserverProtectedStorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerterClipSrv]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcHTTPFilter]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetman]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetmanmnmsrvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcSysmonLog]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServDcomLaunch]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverTRasAutoMDMSchedule]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserverWLSetupSvclanmanworkstation]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunch]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunchNtLmSspEventlogTlntSvr]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationvss]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSHTTPFilter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverT]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverTRasAutoMDM]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsSchedule]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsScheduleUPS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMdmadmin]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMLexBceS]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesdnscachelexbces]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesw32time]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMupnphostClipSrvNetlogon]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerRemoteRegistry]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALG]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALGlanmanserver]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonBITS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonSchedule]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlog]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlogTlntSvr]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspeventlogtlntsvrnetddedsdm]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspNVSvc]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspnvsvcavp]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oseVSS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentWLSetupSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDM]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMCryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMSchedule]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutomnmsrvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdsessmgrtermservicentlmssp]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessCiSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPose]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScheduleIDriverT]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessDnscacheLexBceS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32Time]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32TimeBrowser]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMDM]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTC]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTCMSDTC]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvBITS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSSAppMgmt]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceNtLmSsp]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceWebClientUPS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostAppMgmtEventSystemAlerter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrv]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrvNetlogon]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprservHidServ]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientALG]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientUPS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvclanmanworkstation]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlsetupsvclanmanworkstationupnphostclipsrv]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNIDriverT]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvNVSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvRSVPose]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCmnmsrvc]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
.
------------------------ Other Running Processes ------------------------
.
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-28 8:33:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 06:32:57
Pre-Run: 61,849,600 octets libres
Post-Run: 115,523,584 octets libres
422 --- E O F --- 2008-07-05 20:30:52
ComboFix 08-08-28.04 - B3AOU 2008-08-28 8:18:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.586 [GMT 2:00]
Endroit: I:\Documents and Settings\B3AOU\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com\clearspring.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0290\v\swf\qplayer.swf\qplayer.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0293\v\swf\qplayer.swf\qplayer.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
I:\WINDOWS\system32\AutoRun.inf
I:\WINDOWS\system32\dao350.dll
i:\windows\system32\Drivers\Winfm20.sys
I:\WINDOWS\system32\kakle.dll
I:\WINDOWS\system32\mdm.exe
I:\WINDOWS\system32\MSINET.oca
I:\WINDOWS\system32\WinCtrl32.dl_
I:\WINDOWS\system32\WinCtrl32.dll
I:\WINDOWS\system32\winitn.dll
I:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINFM20
-------\Service_Winfm20
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-28 12:39 . 2008-08-28 12:39 203,776 --a--c--- I:\WINDOWS\system32\drivers\234.exe
2008-08-28 11:14 . 2006-12-25 08:25 0 --a--c--- I:\WINDOWS\system32\drivers\857a4e0f.sys
2008-08-27 22:29 . 2008-08-27 22:29 203,776 --a--c--- I:\WINDOWS\system32\drivers\[u]0[/u].exe
2008-08-27 19:12 . 2008-08-27 19:12 203,776 --a--c--- I:\WINDOWS\system32\drivers\421.exe
2008-08-27 17:47 . 2008-08-27 17:47 203,776 --a--c--- I:\WINDOWS\system32\drivers\765.exe
2008-08-27 17:30 . 2008-08-27 17:30 203,776 --a--c--- I:\WINDOWS\system32\drivers\31.exe
2008-08-27 11:13 . 2008-08-27 11:13 203,776 --a--c--- I:\WINDOWS\system32\drivers\875.exe
2008-08-26 20:57 . 2008-08-26 20:57 203,776 --a--c--- I:\WINDOWS\system32\drivers\484.exe
2008-08-23 18:00 . 2008-08-23 18:00 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\VistaCodecs
2008-08-16 12:14 . 2006-12-25 06:05 0 --a--c--- I:\WINDOWS\system32\1033n.sys
2008-08-09 18:19 . 2008-08-09 18:19 244 --ah-c--- I:\sqmnoopt12.sqm
2008-08-09 18:19 . 2008-08-09 18:19 232 --ah-c--- I:\sqmdata12.sqm
2008-08-09 17:51 . 2008-08-09 17:51 268 --ah-c--- I:\sqmdata11.sqm
2008-08-09 17:51 . 2008-08-09 17:51 244 --ah-c--- I:\sqmnoopt11.sqm
2008-08-09 13:29 . 2008-08-09 13:29 268 --ah-c--- I:\sqmdata10.sqm
2008-08-09 13:29 . 2008-08-09 13:29 244 --ah-c--- I:\sqmnoopt10.sqm
2008-08-09 08:41 . 2008-08-09 08:41 268 --ah-c--- I:\sqmdata09.sqm
2008-08-09 08:41 . 2008-08-09 08:41 244 --ah-c--- I:\sqmnoopt09.sqm
2008-08-09 08:30 . 2008-08-09 08:30 1,007,616 --a--c--- I:\WINDOWS\system32\VSFilter.dll
2008-08-09 00:17 . 2008-08-09 00:17 268 --ah-c--- I:\sqmdata08.sqm
2008-08-09 00:17 . 2008-08-09 00:17 244 --ah-c--- I:\sqmnoopt08.sqm
2008-08-08 20:33 . 2008-08-08 20:33 268 --ah-c--- I:\sqmdata07.sqm
2008-08-08 20:33 . 2008-08-08 20:33 244 --ah-c--- I:\sqmnoopt07.sqm
2008-08-08 17:12 . 2008-08-08 17:12 268 --ah-c--- I:\sqmdata06.sqm
2008-08-08 17:12 . 2008-08-08 17:12 244 --ah-c--- I:\sqmnoopt06.sqm
2008-08-08 14:36 . 2008-08-08 14:36 268 --ah-c--- I:\sqmdata05.sqm
2008-08-08 14:36 . 2008-08-08 14:36 244 --ah-c--- I:\sqmnoopt05.sqm
2008-08-08 12:35 . 2008-08-08 12:35 <REP> d----c--- I:\Program Files\QuickTime
2008-08-08 02:15 . 2008-08-08 02:15 268 --ah-c--- I:\sqmdata04.sqm
2008-08-08 02:15 . 2008-08-08 02:15 244 --ah-c--- I:\sqmnoopt04.sqm
2008-08-07 23:42 . 2008-08-07 23:42 268 --ah-c--- I:\sqmdata03.sqm
2008-08-07 23:42 . 2008-08-07 23:42 244 --ah-c--- I:\sqmnoopt03.sqm
2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a--c--- I:\WINDOWS\system32\xfcodec.dll
2008-08-04 09:51 . 2006-12-25 06:17 31,545,427 --ahsc--- I:\WINDOWS\system32\adsndsto.sys
2008-08-04 09:37 . 2006-12-25 08:10 284 --a-sc--- I:\WINDOWS\system32\3692391039.dat
2008-08-04 00:14 . 2008-08-04 00:14 130,712 --a--c--- I:\Documents and Settings\B3AOU\S87ekhV.exe
2008-08-03 11:29 . 2008-08-03 11:32 <REP> d----c--- I:\WINDOWS\system32\Adobe
2008-08-03 11:02 . 2006-04-18 23:56 441,856 --a--c--- I:\WINDOWS\system32\mailingbuilder.dll
2008-08-03 11:02 . 2004-08-04 06:00 128,000 --a--c--- I:\WINDOWS\system32\DHTMLED.OCX
2008-07-30 18:37 . 2008-07-30 18:37 <REP> d--hsc--- I:\WINDOWS\ftpcache
2008-07-28 01:12 . 2008-07-28 01:12 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\Adobe Systems
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 06:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\uTorrent
2008-08-28 06:27 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\AdobeUM
2008-08-28 06:26 24,084,512 -csha-w I:\WINDOWS\system32\drivers\fidbox.dat
2008-08-28 06:24 83,132 -csha-w I:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-28 06:24 808,992 -csha-w I:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-28 06:24 329,852 -csha-w I:\WINDOWS\system32\drivers\fidbox.idx
2008-08-17 14:01 38,472 -c--a-w I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 14:01 17,144 -c--a-w I:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 22:54 --------- dc--a-w I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 16:25 --------- dc-h--w I:\Program Files\InstallShield Installation Information
2008-07-30 08:01 --------- dc----w I:\Program Files\Ubisoft
2008-07-30 08:01 --------- dc----w I:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-28 11:00 --------- dc----w I:\Program Files\HP
2008-07-28 11:00 --------- dc----w I:\Documents and Settings\All Users\Application Data\HP
2008-07-27 23:18 --------- dc----w I:\Program Files\Fichiers communs\Adobe
2008-07-27 22:41 344,064 -c--a-w I:\WINDOWS\system32\dkll.dll
2008-07-27 22:41 196,608 -c--a-w I:\WINDOWS\system32\maag.dll
2008-07-27 22:41 1,986,560 -c--a-w I:\WINDOWS\system32\akll.dll
2008-07-27 22:41 1,212,416 -c--a-w I:\WINDOWS\system32\ckll.dll
2008-07-25 10:14 --------- dc----w I:\Program Files\Java
2008-07-25 10:02 --------- dc----w I:\Program Files\Fichiers communs\Java
2008-07-23 10:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\Ashampoo
2008-07-23 10:27 --------- dc----w I:\Program Files\Ashampoo
2008-07-19 20:28 --------- dc----w I:\Program Files\ReflexiveArcade
2008-07-18 11:05 444,952 -c--a-w I:\WINDOWS\system32\wrap_oal.dll
2008-07-18 11:05 109,080 -c--a-w I:\WINDOWS\system32\OpenAL32.dll
2008-07-18 10:28 107,888 -c--a-w I:\WINDOWS\system32\CmdLineExt.dll
2008-07-12 23:41 --------- dc----w I:\Program Files\Common Files
2008-07-12 22:23 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\InstallShield
2008-07-11 15:43 --------- dc----w I:\Program Files\uTorrent
2008-07-11 08:24 --------- dc----w I:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-07-09 21:14 --------- dc----w I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 14:23 --------- dcsh--w I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-09 13:19 --------- dc----w I:\Program Files\Windows Live
2008-07-08 17:26 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\HP
2008-07-08 17:26 --------- dc----w I:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-08 17:22 --------- dc----w I:\Program Files\Fichiers communs\HP
2008-07-08 17:16 --------- dc----w I:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-06 16:54 --------- dc----w I:\Program Files\Fichiers communs\Blizzard Entertainment
2008-07-06 10:56 --------- dc----w I:\Program Files\Google
2008-07-02 22:45 --------- dc----w I:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-02 21:50 --------- dc----w I:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-01 08:11 --------- dc----w I:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-28 18:52 --------- dc----w I:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 18:36 7,680 -c--a-w I:\WINDOWS\system32\ff_vfw.dll
2006-12-25 04:17 31,545,427 -csha-w I:\WINDOWS\system32\adsndsto.sys
.
------- Sigcheck -------
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 14:17 68856]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"uTorrent"="I:\Program Files\uTorrent\uTorrent.exe" [2008-08-14 12:02 267056]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TBPanel"="I:\Program Files\VDOTool\TBPanel.exe" [2008-01-29 11:19 2157096]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2008-01-08 19:53 8523776]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 19:53 81920]
"Sony Ericsson PC Suite"="I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2008-08-08 12:35 413696]
"a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-07-31 15:46 2131600]
"AVP"="D:\Program Files\Kaspersky Lab xp\avp.exe" [2007-06-26 16:53 218376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-02 17:02 16377344 I:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-01-08 19:53 1626112 I:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Program Files\\Prey\\prey.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S1 857a4e0f;857a4e0f;I:\WINDOWS\system32\drivers\857a4e0f.sys [2006-12-25 08:25]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);I:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;I:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;I:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);I:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;I:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10192-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10193-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10194-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e07823-f5ef-11dc-b1bd-001921b35837}]
\Shell\AutoRun\command - O:\u2.cmd
\Shell\explore\Command - O:\u2.cmd
\Shell\open\Command - O:\u2.cmd
*Newly Created Service* - SHAREDACCESSDNSCACHELEXBCES
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
HKLM-Run-EoSudoku - (no file)
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Window Title =
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: crawler search - tbr:iemenu
O8 -: Download ALL with IDA
O8 -: Download with IDA
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 08:27:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystem]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystemAlerter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvHTTPFilter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVPCryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcAVPCryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverdmserverprotectedstorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverProtectedStorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverWLSetupSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceSHidServDcomLaunch]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvcdmserverProtectedStorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerterClipSrv]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcHTTPFilter]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetman]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetmanmnmsrvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcSysmonLog]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServDcomLaunch]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverTRasAutoMDMSchedule]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserverWLSetupSvclanmanworkstation]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunch]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunchNtLmSspEventlogTlntSvr]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationvss]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSHTTPFilter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverT]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverTRasAutoMDM]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsSchedule]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsScheduleUPS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMdmadmin]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMLexBceS]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesdnscachelexbces]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesw32time]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMupnphostClipSrvNetlogon]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerRemoteRegistry]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALG]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALGlanmanserver]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonBITS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonSchedule]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlog]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlogTlntSvr]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspeventlogtlntsvrnetddedsdm]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspNVSvc]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspnvsvcavp]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oseVSS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentWLSetupSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDM]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMCryptSvcRasAuto]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMSchedule]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutomnmsrvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdsessmgrtermservicentlmssp]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessCiSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPose]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScheduleIDriverT]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessDnscacheLexBceS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorage]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32Time]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32TimeBrowser]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMDM]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTC]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTCMSDTC]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvBITS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSSAppMgmt]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceNtLmSsp]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceWebClientUPS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostAppMgmtEventSystemAlerter]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrv]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrvNetlogon]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprservHidServ]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientALG]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientUPS]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvclanmanworkstation]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlsetupsvclanmanworkstationupnphostclipsrv]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNIDriverT]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvNVSvc]
"ImagePath"=" srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvRSVPose]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCmnmsrvc]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
.
------------------------ Other Running Processes ------------------------
.
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-28 8:33:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 06:32:57
Pre-Run: 61,849,600 octets libres
Post-Run: 115,523,584 octets libres
422 --- E O F --- 2008-07-05 20:30:52
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
29 août 2008 à 00:14
29 août 2008 à 00:14
ok lol...fais quand meme smitfraudfix pour vérifier stp
zassalamel
Messages postés
77
Date d'inscription
samedi 7 juin 2008
Statut
Membre
Dernière intervention
10 avril 2019
4
29 août 2008 à 01:41
29 août 2008 à 01:41
voila pour le dernier rapport et merci, msn marche aussi ^^
SmitFraudFix v2.342
Rapport fait à 10:06:03,12, 28/08/2008
Executé à partir de I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
c:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix\Policies.exe
I:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» I:\
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU
»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\B3AOU\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\\PROGRA~1\\KASPER~1\\adialhk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="I:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.342
Rapport fait à 10:06:03,12, 28/08/2008
Executé à partir de I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
c:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix\Policies.exe
I:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» I:\
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU
»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\B3AOU\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\\PROGRA~1\\KASPER~1\\adialhk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="I:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
29 août 2008 à 01:46
29 août 2008 à 01:46
ok...tu avais fais une analyse rapide avec malwarebytes....maintenant fais une complete stp
et ensuite refais un nouveau rapport hijackthis
et ensuite refais un nouveau rapport hijackthis