Problème avec trojan
nickolaiuta
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, j'ai procédé comme indiqué précédemment, puis-je savoir comment procéder ? merci d'avance...
ComboFix 08-09-10.04 - Nickolaiuta 2008-09-11 21:55:22.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1191 [GMT 2:00]
Endroit: C:\Users\Nickolaiuta.Portable\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf
----- BITS: Possible sites infectés -----
http://ftp.hp.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 17:03 . 2008-09-11 17:03 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\vlc
2008-09-11 17:00 . 2008-09-11 17:00 <REP> d-------- C:\Users\All Users\bqfgvknq
2008-09-11 17:00 . 2008-09-11 17:00 <REP> d-------- C:\ProgramData\bqfgvknq
2008-09-11 16:59 . 2008-09-11 16:59 <REP> d-------- C:\Users\All Users\winsmartact
2008-09-11 16:59 . 2008-09-11 16:59 <REP> d-------- C:\ProgramData\winsmartact
2008-09-11 15:41 . 2008-09-11 15:41 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\Lexmark Productivity Studio
2008-09-11 12:21 . 2008-09-11 12:21 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-11 12:18 . 2008-09-11 12:18 <REP> dr-h----- C:\MSOCache
2008-09-11 09:21 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\System32\mdimon.dll
2008-09-11 09:21 . 2008-09-11 12:25 382 --a------ C:\WINDOWS\ODBC.INI
2008-09-11 06:24 . 2008-09-11 06:24 <REP> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-09-11 06:19 . 2008-09-11 06:19 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\FaxCtr
2008-09-10 23:53 . 2008-09-11 21:49 <REP> d-------- C:\Users\All Users\Lx_cats
2008-09-10 23:53 . 2008-09-11 21:49 <REP> d-------- C:\ProgramData\Lx_cats
2008-09-10 23:45 . 2008-09-10 23:45 <REP> d-------- C:\logs
2008-09-10 23:43 . 2008-02-19 06:14 360,448 --a------ C:\WINDOWS\System32\lxdxcoin.dll
2008-09-10 23:43 . 2008-02-06 12:24 64,737 --a------ C:\WINDOWS\System32\lxdxprpr.chm
2008-09-10 23:42 . 2008-02-28 02:15 40,960 --a------ C:\WINDOWS\System32\lxdxvs.dll
2008-09-10 23:41 . 2008-02-28 02:11 782,336 --a------ C:\WINDOWS\System32\lxdxdrs.dll
2008-09-10 23:41 . 2008-02-28 02:11 81,920 --a------ C:\WINDOWS\System32\lxdxcaps.dll
2008-09-10 23:41 . 2008-02-28 02:02 69,632 --a------ C:\WINDOWS\System32\lxdxcnv4.dll
2008-09-10 23:40 . 2008-09-10 23:40 <REP> d-------- C:\Users\All Users\FaxCtr
2008-09-10 23:40 . 2008-09-10 23:40 <REP> d-------- C:\ProgramData\FaxCtr
2008-09-10 23:40 . 2008-03-20 07:18 339,968 --a------ C:\WINDOWS\System32\IMGMAN32.DLL
2008-09-10 23:40 . 2008-03-20 07:18 98,345 --a------ C:\WINDOWS\System32\IMHOST32.DLL
2008-09-10 23:40 . 2008-03-20 07:18 98,304 --a------ C:\WINDOWS\System32\IM31XPNG.DEL
2008-09-10 23:40 . 2008-03-20 07:18 69,632 --a------ C:\WINDOWS\System32\IM31XTIF.DEL
2008-09-10 23:40 . 2008-03-20 07:19 53,248 --a------ C:\WINDOWS\System32\lxf3oem.dll
2008-09-10 23:40 . 2008-03-20 07:18 49,152 --a------ C:\WINDOWS\System32\IM31IMG.DIL
2008-09-10 23:40 . 2008-01-10 17:17 45,056 --a------ C:\WINDOWS\System32\LXF3PMON.DLL
2008-09-10 23:40 . 2008-03-20 07:18 32,768 --a------ C:\WINDOWS\System32\LXF3FXPU.DLL
2008-09-10 23:40 . 2008-03-20 07:19 12,288 --a------ C:\WINDOWS\System32\LXF3PMRC.DLL
2008-09-10 23:39 . 2008-09-10 23:41 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-09-10 23:39 . 2008-09-10 23:39 <REP> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-09-10 23:37 . 2008-09-10 23:39 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-09-10 23:36 . 2008-09-10 23:41 <REP> d-------- C:\Program Files\Lexmark 3600-4600 Series
2008-09-10 23:29 . 2008-09-11 18:19 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-10 23:28 . 2008-09-04 12:35 1,897,472 --ah----- C:\TopRank.exe
2008-09-10 23:28 . 2008-09-04 14:40 51 --a------ C:\run.bat
2008-09-10 23:24 . 2008-09-11 07:50 <REP> d-------- C:\-==DONNEES==-
2008-09-10 22:58 . 2008-09-10 22:58 16 --a------ C:\WINDOWS\System32\coh.cache
2008-09-10 22:46 . 2008-09-10 22:46 268,800 --a------ C:\WINDOWS\System32\es.dll
2008-09-10 22:45 . 2008-09-10 22:45 826,368 --a------ C:\WINDOWS\System32\wininet.dll
2008-09-10 22:11 . 2008-09-10 22:11 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-10 21:28 . 2008-09-10 21:28 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-09-10 21:28 . 2008-09-10 21:28 272,896 --a------ C:\WINDOWS\System32\polstore.dll
2008-09-10 21:28 . 2008-09-10 21:28 61,440 --a------ C:\WINDOWS\System32\winipsec.dll
2008-09-10 21:28 . 2008-09-10 21:28 28,672 --a------ C:\WINDOWS\System32\FwRemoteSvr.dll
2008-09-10 21:26 . 2008-09-10 21:26 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-09-10 21:26 . 2008-09-10 21:26 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-09-10 21:25 . 2008-09-10 21:25 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-09-10 21:25 . 2008-09-10 21:25 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-09-10 21:25 . 2008-09-10 21:25 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-09-10 21:23 . 2008-09-10 21:23 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
2008-09-10 21:22 . 2008-09-10 21:22 9,892,864 --a------ C:\WINDOWS\System32\NlsLexicons000a.dll
2008-09-10 21:19 . 2008-09-10 21:19 220,160 --a------ C:\WINDOWS\System32\drivers\bthport.sys
2008-09-10 21:19 . 2008-09-10 21:19 181,760 --a------ C:\WINDOWS\System32\fsquirt.exe
2008-09-10 21:19 . 2008-09-10 21:19 29,184 --a------ C:\WINDOWS\System32\drivers\BTHUSB.SYS
2008-09-10 21:19 . 2008-09-10 21:19 19,456 --a------ C:\WINDOWS\System32\drivers\bthenum.sys
2008-09-10 21:17 . 2008-09-10 21:17 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys
2008-09-10 21:16 . 2008-09-10 21:16 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-09-10 21:16 . 2008-09-10 21:16 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-09-10 21:16 . 2008-09-10 21:16 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-09-10 21:16 . 2008-09-10 21:16 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-09-10 21:15 . 2008-09-10 21:15 113,664 --a------ C:\WINDOWS\System32\drivers\rmcast.sys
2008-09-10 21:15 . 2008-09-10 21:15 14,848 --a------ C:\WINDOWS\System32\wshrm.dll
2008-09-10 21:13 . 2008-09-10 21:13 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-10 21:13 . 2008-09-10 21:13 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-09-10 21:13 . 2008-09-10 21:13 428,032 --a------ C:\WINDOWS\System32\EncDec.dll
2008-09-10 21:13 . 2008-09-10 21:13 292,352 --a------ C:\WINDOWS\System32\psisdecd.dll
2008-09-10 21:13 . 2008-09-10 21:13 218,624 --a------ C:\WINDOWS\System32\psisrndr.ax
2008-09-10 21:13 . 2008-09-10 21:13 80,896 --a------ C:\WINDOWS\System32\MSNP.ax
2008-09-10 21:13 . 2008-09-10 21:13 68,608 --a------ C:\WINDOWS\System32\Mpeg2Data.ax
2008-09-10 21:13 . 2008-09-10 21:13 57,856 --a------ C:\WINDOWS\System32\MSDvbNP.ax
2008-09-10 21:12 . 2008-09-10 21:12 <REP> d-------- C:\Program Files\VideoLAN
2008-09-10 21:10 . 2008-09-10 21:23 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-10 21:09 . 2008-09-10 21:13 <REP> d-------- C:\Users\All Users\WLInstaller
2008-09-10 21:09 . 2008-09-10 21:13 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-10 21:09 . 2008-09-10 21:09 <REP> d-------- C:\Program Files\Windows Live
2008-09-10 21:06 . 2008-09-10 21:06 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\SampleView
2008-09-10 21:02 . 2008-09-10 21:02 <REP> d-------- C:\Program Files\Free.fr
2008-09-10 20:55 . 2008-09-11 19:35 97,928 --a------ C:\WINDOWS\System32\drivers\avgldx86.sys
2008-09-10 20:55 . 2008-09-11 19:35 10,520 --a------ C:\WINDOWS\System32\avgrsstx.dll
2008-09-10 20:54 . 2008-09-11 19:33 <REP> d-------- C:\WINDOWS\System32\drivers\Avg
2008-09-10 20:54 . 2008-09-10 20:54 <REP> d-------- C:\Users\All Users\avg8
2008-09-10 20:54 . 2008-09-10 20:54 <REP> d-------- C:\ProgramData\avg8
2008-09-10 20:54 . 2008-09-10 20:54 <REP> d-------- C:\Program Files\AVG
2008-09-10 20:48 . 2008-09-10 20:48 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-09-10 20:48 . 2008-09-10 20:48 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-09-10 20:48 . 2008-09-10 20:48 549,720 --a------ C:\WINDOWS\System32\wuapi.dll
2008-09-10 20:48 . 2008-09-10 20:48 163,000 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-09-10 20:48 . 2008-09-10 20:48 80,896 --a------ C:\WINDOWS\System32\wudriver.dll
2008-09-10 20:48 . 2008-09-10 20:48 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-09-10 20:48 . 2008-09-10 20:48 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-09-10 20:48 . 2008-09-10 20:48 33,624 --a------ C:\WINDOWS\System32\wups.dll
2008-09-10 20:48 . 2008-09-10 20:48 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-09-10 20:19 . 2008-09-10 20:19 <REP> dr------- C:\Users\Nickolaiuta.Portable\Searches
2008-09-10 20:19 . 2008-09-10 20:19 <REP> dr------- C:\Users\Nickolaiuta.Portable\Contacts
2008-09-10 20:19 . 2008-09-10 20:19 <REP> d-------- C:\Users\Nickolaiuta.Portable\Bluetooth Software
2008-09-10 20:19 . 2008-09-10 20:19 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\ATI
2008-09-10 20:19 . 2008-09-10 20:19 <REP> d--hs---- C:\$RECYCLE.BIN
2008-09-10 20:19 . 2008-09-10 20:19 44 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-09-10 20:11 . 2008-09-10 20:11 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\Hewlett-Packard
2008-09-10 20:09 . 2008-09-10 20:09 <REP> d-------- C:\WINDOWS\System32\es-MX
2008-09-10 20:09 . 2008-09-10 20:09 <REP> d-------- C:\WINDOWS\System32\es-AR
2008-09-10 20:09 . 2008-09-10 20:09 <REP> d-------- C:\Program Files\WIDCOMM
2008-09-10 20:09 . 2007-05-11 12:42 229,376 --a------ C:\WINDOWS\System32\BtwRSupport.dll
2008-09-10 20:09 . 2007-05-11 12:42 81,200 --a------ C:\WINDOWS\System32\drivers\btwavdt.sys
2008-09-10 20:09 . 2007-05-11 12:42 79,664 --a------ C:\WINDOWS\System32\drivers\btwaudio.sys
2008-09-10 20:09 . 2007-05-11 12:42 16,432 --a------ C:\WINDOWS\System32\drivers\btwrchid.sys
2008-09-10 20:06 . 2006-11-02 06:09 1,419,232 --a------ C:\WINDOWS\System32\drivers\wdfcoinstaller01005.dll
2008-09-10 20:06 . 2007-06-18 16:12 16,768 --a------ C:\WINDOWS\System32\drivers\HpqKbFiltr.sys
2008-09-10 20:05 . 2008-09-10 20:05 <REP> d-------- C:\Program Files\Broadcom
2008-09-10 20:04 . 2008-09-10 20:04 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\Hewlett Packard
2008-09-10 20:03 . 2008-09-10 20:03 <REP> d-------- C:\Program Files\Macrovision Corp
2008-09-10 20:02 . 2002-11-22 02:57 204,800 --a------ C:\WINDOWS\System32\IVIresizeW7.dll
2008-09-10 20:02 . 2002-11-22 02:57 200,704 --a------ C:\WINDOWS\System32\IVIresizeA6.dll
2008-09-10 20:02 . 2002-11-22 02:57 192,512 --a------ C:\WINDOWS\System32\IVIresizeP6.dll
2008-09-10 20:02 . 2002-11-22 02:57 192,512 --a------ C:\WINDOWS\System32\IVIresizeM6.dll
2008-09-10 20:02 . 2002-11-22 02:57 188,416 --a------ C:\WINDOWS\System32\IVIresizePX.dll
2008-09-10 20:02 . 2002-11-22 02:57 20,480 --a------ C:\WINDOWS\System32\IVIresize.dll
2008-09-10 20:00 . 2008-09-10 20:00 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\InstallShield
2008-09-10 20:00 . 2008-09-10 20:00 <REP> d-------- C:\Users\NICKOL~1~POR\AppData
2008-09-10 20:00 . 2008-09-10 20:00 <REP> d-------- C:\Users\NICKOL~1~POR
2008-09-10 20:00 . 2008-09-10 20:02 <REP> d-------- C:\Program Files\InterVideo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 18:46 --------- d-----w C:\Program Files\Hp
2008-09-11 10:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 04:24 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-10 21:03 --------- d-----w C:\ProgramData\Symantec
2008-09-10 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-10 20:45 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-09-10 20:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-09-10 20:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-10 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-09-10 19:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-10 19:31 --------- d-----w C:\Program Files\Windows Mail
2008-09-10 19:24 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-09-10 19:24 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-09-10 19:24 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-09-10 19:24 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-09-10 19:24 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-09-10 19:24 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-09-10 19:24 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-10 19:24 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-10 19:24 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-09-10 19:24 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-09-10 19:24 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-09-10 19:24 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-09-10 19:24 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-09-10 19:22 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
2008-09-10 19:18 944,184 ----a-w C:\Windows\System32\winload.exe
2008-09-10 19:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-09-10 19:14 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-09-10 19:14 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-09-10 19:14 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-09-10 19:14 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-09-10 19:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-09-10 19:14 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-09-10 19:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-09-10 19:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-09-10 19:14 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-09-10 19:14 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-09-10 18:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-09-10 18:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-10 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 18:00 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-09-10 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"winsmartact"="C:\ProgramData\winsmartact\xkzynyfq.exe" [2008-09-11 94208]
"A30yQGNsp4"="C:\ProgramData\bqfgvknq\xwdybkle.exe" [2008-09-11 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-11 1235736]
"TopRank"="C:\TopRank.exe" [2008-09-04 1897472]
"lxdxmon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="C:\Windows\SMINST\launcher.exe" [2007-06-06 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-09-10 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 10:04 49152 C:\WINDOWS\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{05B87A2D-27DC-4960-962C-362AB9FFCA1E}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3B10ADE8-570F-4AB1-A11A-4FC797337BB8}"= UDP:C:\WINDOWS\System32\lxdxcoms.exe:Lexmark Communications System
"{0F052111-0128-4FD2-9562-2D64086A46DC}"= TCP:C:\WINDOWS\System32\lxdxcoms.exe:Lexmark Communications System
"{09F6A5FA-223A-4840-AAFD-8614BB491AF2}"= UDP:C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{3533B420-4C83-4034-A0B9-58FF72F363B6}"= TCP:C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{0D7FD5F4-A66E-42A3-BE26-752A1D9737F4}"= UDP:C:\Program Files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{C5FC3829-D608-411A-A14E-0B0723A7D5DA}"= TCP:C:\Program Files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{C48252BF-73A3-4DEB-A046-B40F45124FE4}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9E198A9B-3FB1-4B1F-A04C-B9B5A770FAED}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{007483B3-0F6D-45C6-9B4C-4B8B5D6FDFF8}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{479A5083-DCF7-475C-9C37-BA1A136F3DB6}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{21D07B58-05AC-4D07-967C-CF70F1AD43A5}"= UDP:C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{6A1FFF82-F3A0-4395-8763-0373A8AECF2B}"= TCP:C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{7C31EC63-E4C2-43AF-B163-6923B2100EC3}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{067CBC23-A041-4CCD-8B41-0BBF5CF1F527}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{97A26FE7-1B19-48A2-BEB6-729C8A9B927E}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{12903C19-933B-4BD9-99CD-51B72DC09C41}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{0179E1CD-E928-40FB-8C51-1EA9A4386467}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{C45FC5EA-E2D3-4AFB-91CC-B420FD759437}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-11 97928]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-11 231704]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe [2008-02-28 594600]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-22 2920448]
R3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2006-11-02 16896]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-28 98984]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 79664]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 16432]
S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 FLCDLOCK;Verrouillage des périphériques / Audition HP ProtectTools;C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Software Update - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=laptop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=laptop
O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 21:57:38
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 21:58:34
ComboFix-quarantined-files.txt 2008-09-11 19:58:27
Pre-Run: 105,614,942,208 octets libres
Post-Run: 105,678,733,312 octets libres
301 --- E O F --- 2008-09-11 04:57:27
ComboFix 08-09-10.04 - Nickolaiuta 2008-09-11 21:55:22.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1191 [GMT 2:00]
Endroit: C:\Users\Nickolaiuta.Portable\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf
----- BITS: Possible sites infectés -----
http://ftp.hp.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 17:03 . 2008-09-11 17:03 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\vlc
2008-09-11 17:00 . 2008-09-11 17:00 <REP> d-------- C:\Users\All Users\bqfgvknq
2008-09-11 17:00 . 2008-09-11 17:00 <REP> d-------- C:\ProgramData\bqfgvknq
2008-09-11 16:59 . 2008-09-11 16:59 <REP> d-------- C:\Users\All Users\winsmartact
2008-09-11 16:59 . 2008-09-11 16:59 <REP> d-------- C:\ProgramData\winsmartact
2008-09-11 15:41 . 2008-09-11 15:41 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\Lexmark Productivity Studio
2008-09-11 12:21 . 2008-09-11 12:21 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-11 12:18 . 2008-09-11 12:18 <REP> dr-h----- C:\MSOCache
2008-09-11 09:21 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\System32\mdimon.dll
2008-09-11 09:21 . 2008-09-11 12:25 382 --a------ C:\WINDOWS\ODBC.INI
2008-09-11 06:24 . 2008-09-11 06:24 <REP> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-09-11 06:19 . 2008-09-11 06:19 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\FaxCtr
2008-09-10 23:53 . 2008-09-11 21:49 <REP> d-------- C:\Users\All Users\Lx_cats
2008-09-10 23:53 . 2008-09-11 21:49 <REP> d-------- C:\ProgramData\Lx_cats
2008-09-10 23:45 . 2008-09-10 23:45 <REP> d-------- C:\logs
2008-09-10 23:43 . 2008-02-19 06:14 360,448 --a------ C:\WINDOWS\System32\lxdxcoin.dll
2008-09-10 23:43 . 2008-02-06 12:24 64,737 --a------ C:\WINDOWS\System32\lxdxprpr.chm
2008-09-10 23:42 . 2008-02-28 02:15 40,960 --a------ C:\WINDOWS\System32\lxdxvs.dll
2008-09-10 23:41 . 2008-02-28 02:11 782,336 --a------ C:\WINDOWS\System32\lxdxdrs.dll
2008-09-10 23:41 . 2008-02-28 02:11 81,920 --a------ C:\WINDOWS\System32\lxdxcaps.dll
2008-09-10 23:41 . 2008-02-28 02:02 69,632 --a------ C:\WINDOWS\System32\lxdxcnv4.dll
2008-09-10 23:40 . 2008-09-10 23:40 <REP> d-------- C:\Users\All Users\FaxCtr
2008-09-10 23:40 . 2008-09-10 23:40 <REP> d-------- C:\ProgramData\FaxCtr
2008-09-10 23:40 . 2008-03-20 07:18 339,968 --a------ C:\WINDOWS\System32\IMGMAN32.DLL
2008-09-10 23:40 . 2008-03-20 07:18 98,345 --a------ C:\WINDOWS\System32\IMHOST32.DLL
2008-09-10 23:40 . 2008-03-20 07:18 98,304 --a------ C:\WINDOWS\System32\IM31XPNG.DEL
2008-09-10 23:40 . 2008-03-20 07:18 69,632 --a------ C:\WINDOWS\System32\IM31XTIF.DEL
2008-09-10 23:40 . 2008-03-20 07:19 53,248 --a------ C:\WINDOWS\System32\lxf3oem.dll
2008-09-10 23:40 . 2008-03-20 07:18 49,152 --a------ C:\WINDOWS\System32\IM31IMG.DIL
2008-09-10 23:40 . 2008-01-10 17:17 45,056 --a------ C:\WINDOWS\System32\LXF3PMON.DLL
2008-09-10 23:40 . 2008-03-20 07:18 32,768 --a------ C:\WINDOWS\System32\LXF3FXPU.DLL
2008-09-10 23:40 . 2008-03-20 07:19 12,288 --a------ C:\WINDOWS\System32\LXF3PMRC.DLL
2008-09-10 23:39 . 2008-09-10 23:41 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-09-10 23:39 . 2008-09-10 23:39 <REP> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-09-10 23:37 . 2008-09-10 23:39 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-09-10 23:36 . 2008-09-10 23:41 <REP> d-------- C:\Program Files\Lexmark 3600-4600 Series
2008-09-10 23:29 . 2008-09-11 18:19 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-10 23:28 . 2008-09-04 12:35 1,897,472 --ah----- C:\TopRank.exe
2008-09-10 23:28 . 2008-09-04 14:40 51 --a------ C:\run.bat
2008-09-10 23:24 . 2008-09-11 07:50 <REP> d-------- C:\-==DONNEES==-
2008-09-10 22:58 . 2008-09-10 22:58 16 --a------ C:\WINDOWS\System32\coh.cache
2008-09-10 22:46 . 2008-09-10 22:46 268,800 --a------ C:\WINDOWS\System32\es.dll
2008-09-10 22:45 . 2008-09-10 22:45 826,368 --a------ C:\WINDOWS\System32\wininet.dll
2008-09-10 22:11 . 2008-09-10 22:11 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-10 21:28 . 2008-09-10 21:28 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-09-10 21:28 . 2008-09-10 21:28 272,896 --a------ C:\WINDOWS\System32\polstore.dll
2008-09-10 21:28 . 2008-09-10 21:28 61,440 --a------ C:\WINDOWS\System32\winipsec.dll
2008-09-10 21:28 . 2008-09-10 21:28 28,672 --a------ C:\WINDOWS\System32\FwRemoteSvr.dll
2008-09-10 21:26 . 2008-09-10 21:26 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-09-10 21:26 . 2008-09-10 21:26 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-09-10 21:25 . 2008-09-10 21:25 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-09-10 21:25 . 2008-09-10 21:25 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-09-10 21:25 . 2008-09-10 21:25 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-09-10 21:23 . 2008-09-10 21:23 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
2008-09-10 21:22 . 2008-09-10 21:22 9,892,864 --a------ C:\WINDOWS\System32\NlsLexicons000a.dll
2008-09-10 21:19 . 2008-09-10 21:19 220,160 --a------ C:\WINDOWS\System32\drivers\bthport.sys
2008-09-10 21:19 . 2008-09-10 21:19 181,760 --a------ C:\WINDOWS\System32\fsquirt.exe
2008-09-10 21:19 . 2008-09-10 21:19 29,184 --a------ C:\WINDOWS\System32\drivers\BTHUSB.SYS
2008-09-10 21:19 . 2008-09-10 21:19 19,456 --a------ C:\WINDOWS\System32\drivers\bthenum.sys
2008-09-10 21:17 . 2008-09-10 21:17 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys
2008-09-10 21:16 . 2008-09-10 21:16 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-09-10 21:16 . 2008-09-10 21:16 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-09-10 21:16 . 2008-09-10 21:16 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-09-10 21:16 . 2008-09-10 21:16 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-09-10 21:15 . 2008-09-10 21:15 113,664 --a------ C:\WINDOWS\System32\drivers\rmcast.sys
2008-09-10 21:15 . 2008-09-10 21:15 14,848 --a------ C:\WINDOWS\System32\wshrm.dll
2008-09-10 21:13 . 2008-09-10 21:13 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-10 21:13 . 2008-09-10 21:13 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-09-10 21:13 . 2008-09-10 21:13 428,032 --a------ C:\WINDOWS\System32\EncDec.dll
2008-09-10 21:13 . 2008-09-10 21:13 292,352 --a------ C:\WINDOWS\System32\psisdecd.dll
2008-09-10 21:13 . 2008-09-10 21:13 218,624 --a------ C:\WINDOWS\System32\psisrndr.ax
2008-09-10 21:13 . 2008-09-10 21:13 80,896 --a------ C:\WINDOWS\System32\MSNP.ax
2008-09-10 21:13 . 2008-09-10 21:13 68,608 --a------ C:\WINDOWS\System32\Mpeg2Data.ax
2008-09-10 21:13 . 2008-09-10 21:13 57,856 --a------ C:\WINDOWS\System32\MSDvbNP.ax
2008-09-10 21:12 . 2008-09-10 21:12 <REP> d-------- C:\Program Files\VideoLAN
2008-09-10 21:10 . 2008-09-10 21:23 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-10 21:09 . 2008-09-10 21:13 <REP> d-------- C:\Users\All Users\WLInstaller
2008-09-10 21:09 . 2008-09-10 21:13 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-10 21:09 . 2008-09-10 21:09 <REP> d-------- C:\Program Files\Windows Live
2008-09-10 21:06 . 2008-09-10 21:06 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\SampleView
2008-09-10 21:02 . 2008-09-10 21:02 <REP> d-------- C:\Program Files\Free.fr
2008-09-10 20:55 . 2008-09-11 19:35 97,928 --a------ C:\WINDOWS\System32\drivers\avgldx86.sys
2008-09-10 20:55 . 2008-09-11 19:35 10,520 --a------ C:\WINDOWS\System32\avgrsstx.dll
2008-09-10 20:54 . 2008-09-11 19:33 <REP> d-------- C:\WINDOWS\System32\drivers\Avg
2008-09-10 20:54 . 2008-09-10 20:54 <REP> d-------- C:\Users\All Users\avg8
2008-09-10 20:54 . 2008-09-10 20:54 <REP> d-------- C:\ProgramData\avg8
2008-09-10 20:54 . 2008-09-10 20:54 <REP> d-------- C:\Program Files\AVG
2008-09-10 20:48 . 2008-09-10 20:48 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-09-10 20:48 . 2008-09-10 20:48 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-09-10 20:48 . 2008-09-10 20:48 549,720 --a------ C:\WINDOWS\System32\wuapi.dll
2008-09-10 20:48 . 2008-09-10 20:48 163,000 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-09-10 20:48 . 2008-09-10 20:48 80,896 --a------ C:\WINDOWS\System32\wudriver.dll
2008-09-10 20:48 . 2008-09-10 20:48 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-09-10 20:48 . 2008-09-10 20:48 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-09-10 20:48 . 2008-09-10 20:48 33,624 --a------ C:\WINDOWS\System32\wups.dll
2008-09-10 20:48 . 2008-09-10 20:48 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-09-10 20:19 . 2008-09-10 20:19 <REP> dr------- C:\Users\Nickolaiuta.Portable\Searches
2008-09-10 20:19 . 2008-09-10 20:19 <REP> dr------- C:\Users\Nickolaiuta.Portable\Contacts
2008-09-10 20:19 . 2008-09-10 20:19 <REP> d-------- C:\Users\Nickolaiuta.Portable\Bluetooth Software
2008-09-10 20:19 . 2008-09-10 20:19 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\ATI
2008-09-10 20:19 . 2008-09-10 20:19 <REP> d--hs---- C:\$RECYCLE.BIN
2008-09-10 20:19 . 2008-09-10 20:19 44 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-09-10 20:11 . 2008-09-10 20:11 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\Hewlett-Packard
2008-09-10 20:09 . 2008-09-10 20:09 <REP> d-------- C:\WINDOWS\System32\es-MX
2008-09-10 20:09 . 2008-09-10 20:09 <REP> d-------- C:\WINDOWS\System32\es-AR
2008-09-10 20:09 . 2008-09-10 20:09 <REP> d-------- C:\Program Files\WIDCOMM
2008-09-10 20:09 . 2007-05-11 12:42 229,376 --a------ C:\WINDOWS\System32\BtwRSupport.dll
2008-09-10 20:09 . 2007-05-11 12:42 81,200 --a------ C:\WINDOWS\System32\drivers\btwavdt.sys
2008-09-10 20:09 . 2007-05-11 12:42 79,664 --a------ C:\WINDOWS\System32\drivers\btwaudio.sys
2008-09-10 20:09 . 2007-05-11 12:42 16,432 --a------ C:\WINDOWS\System32\drivers\btwrchid.sys
2008-09-10 20:06 . 2006-11-02 06:09 1,419,232 --a------ C:\WINDOWS\System32\drivers\wdfcoinstaller01005.dll
2008-09-10 20:06 . 2007-06-18 16:12 16,768 --a------ C:\WINDOWS\System32\drivers\HpqKbFiltr.sys
2008-09-10 20:05 . 2008-09-10 20:05 <REP> d-------- C:\Program Files\Broadcom
2008-09-10 20:04 . 2008-09-10 20:04 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\Hewlett Packard
2008-09-10 20:03 . 2008-09-10 20:03 <REP> d-------- C:\Program Files\Macrovision Corp
2008-09-10 20:02 . 2002-11-22 02:57 204,800 --a------ C:\WINDOWS\System32\IVIresizeW7.dll
2008-09-10 20:02 . 2002-11-22 02:57 200,704 --a------ C:\WINDOWS\System32\IVIresizeA6.dll
2008-09-10 20:02 . 2002-11-22 02:57 192,512 --a------ C:\WINDOWS\System32\IVIresizeP6.dll
2008-09-10 20:02 . 2002-11-22 02:57 192,512 --a------ C:\WINDOWS\System32\IVIresizeM6.dll
2008-09-10 20:02 . 2002-11-22 02:57 188,416 --a------ C:\WINDOWS\System32\IVIresizePX.dll
2008-09-10 20:02 . 2002-11-22 02:57 20,480 --a------ C:\WINDOWS\System32\IVIresize.dll
2008-09-10 20:00 . 2008-09-10 20:00 <REP> d-------- C:\Users\Nickolaiuta.Portable\AppData\Roaming\InstallShield
2008-09-10 20:00 . 2008-09-10 20:00 <REP> d-------- C:\Users\NICKOL~1~POR\AppData
2008-09-10 20:00 . 2008-09-10 20:00 <REP> d-------- C:\Users\NICKOL~1~POR
2008-09-10 20:00 . 2008-09-10 20:02 <REP> d-------- C:\Program Files\InterVideo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 18:46 --------- d-----w C:\Program Files\Hp
2008-09-11 10:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 04:24 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-10 21:03 --------- d-----w C:\ProgramData\Symantec
2008-09-10 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-10 20:45 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-09-10 20:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-09-10 20:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-10 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-09-10 19:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-10 19:31 --------- d-----w C:\Program Files\Windows Mail
2008-09-10 19:24 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-09-10 19:24 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-09-10 19:24 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-09-10 19:24 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-09-10 19:24 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-09-10 19:24 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-09-10 19:24 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-10 19:24 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-10 19:24 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-09-10 19:24 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-09-10 19:24 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-09-10 19:24 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-09-10 19:24 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-09-10 19:22 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
2008-09-10 19:18 944,184 ----a-w C:\Windows\System32\winload.exe
2008-09-10 19:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-09-10 19:14 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-09-10 19:14 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-09-10 19:14 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-09-10 19:14 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-09-10 19:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-09-10 19:14 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-09-10 19:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-09-10 19:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-09-10 19:14 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-09-10 19:14 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-09-10 18:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-09-10 18:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-10 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 18:00 --------- d-----w C:\Program Files\Common Files\InstallShield
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-09-10 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"winsmartact"="C:\ProgramData\winsmartact\xkzynyfq.exe" [2008-09-11 94208]
"A30yQGNsp4"="C:\ProgramData\bqfgvknq\xwdybkle.exe" [2008-09-11 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-11 1235736]
"TopRank"="C:\TopRank.exe" [2008-09-04 1897472]
"lxdxmon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="C:\Windows\SMINST\launcher.exe" [2007-06-06 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-09-10 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 10:04 49152 C:\WINDOWS\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{05B87A2D-27DC-4960-962C-362AB9FFCA1E}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3B10ADE8-570F-4AB1-A11A-4FC797337BB8}"= UDP:C:\WINDOWS\System32\lxdxcoms.exe:Lexmark Communications System
"{0F052111-0128-4FD2-9562-2D64086A46DC}"= TCP:C:\WINDOWS\System32\lxdxcoms.exe:Lexmark Communications System
"{09F6A5FA-223A-4840-AAFD-8614BB491AF2}"= UDP:C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{3533B420-4C83-4034-A0B9-58FF72F363B6}"= TCP:C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{0D7FD5F4-A66E-42A3-BE26-752A1D9737F4}"= UDP:C:\Program Files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{C5FC3829-D608-411A-A14E-0B0723A7D5DA}"= TCP:C:\Program Files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{C48252BF-73A3-4DEB-A046-B40F45124FE4}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9E198A9B-3FB1-4B1F-A04C-B9B5A770FAED}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{007483B3-0F6D-45C6-9B4C-4B8B5D6FDFF8}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{479A5083-DCF7-475C-9C37-BA1A136F3DB6}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{21D07B58-05AC-4D07-967C-CF70F1AD43A5}"= UDP:C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{6A1FFF82-F3A0-4395-8763-0373A8AECF2B}"= TCP:C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{7C31EC63-E4C2-43AF-B163-6923B2100EC3}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{067CBC23-A041-4CCD-8B41-0BBF5CF1F527}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{97A26FE7-1B19-48A2-BEB6-729C8A9B927E}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{12903C19-933B-4BD9-99CD-51B72DC09C41}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{0179E1CD-E928-40FB-8C51-1EA9A4386467}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{C45FC5EA-E2D3-4AFB-91CC-B420FD759437}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-11 97928]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-11 231704]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe [2008-02-28 594600]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-22 2920448]
R3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2006-11-02 16896]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-28 98984]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 79664]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 16432]
S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 FLCDLOCK;Verrouillage des périphériques / Audition HP ProtectTools;C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Software Update - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=laptop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=smb&pf=laptop
O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 21:57:38
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 21:58:34
ComboFix-quarantined-files.txt 2008-09-11 19:58:27
Pre-Run: 105,614,942,208 octets libres
Post-Run: 105,678,733,312 octets libres
301 --- E O F --- 2008-09-11 04:57:27
A voir également:
- Problème avec trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
5 réponses
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09:22, on 12/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TopRank] C:\TopRank.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Scan saved at 01:09:22, on 12/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TopRank] C:\TopRank.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Et bien... "total respect" g!rly !
Un trés trés grand merci de ta part, plus de message Trojan !
Félicitations !
Merci et @ bientôt
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1141
Windows 6.0.6000
12/09/2008 08:45:27
mbam-log-2008-09-12 (08-45-27).txt
Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|)
Eléments examinés: 160223
Temps écoulé: 2 hour(s), 19 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Un trés trés grand merci de ta part, plus de message Trojan !
Félicitations !
Merci et @ bientôt
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1141
Windows 6.0.6000
12/09/2008 08:45:27
mbam-log-2008-09-12 (08-45-27).txt
Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|)
Eléments examinés: 160223
Temps écoulé: 2 hour(s), 19 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
salut,
Copie le texte ci-dessous :
Folder::
C:\Users\All Users\bqfgvknq
C:\ProgramData\bqfgvknq
C:\Users\All Users\winsmartact
C:\ProgramData\winsmartact
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsmartact"=-
"A30yQGNsp4"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Copie le texte ci-dessous :
Folder::
C:\Users\All Users\bqfgvknq
C:\ProgramData\bqfgvknq
C:\Users\All Users\winsmartact
C:\ProgramData\winsmartact
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsmartact"=-
"A30yQGNsp4"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Aurevoir salut, merci, de rien, tu t´es cru au zoo ?
Et le combofix ?
passe ceci :
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
Et le combofix ?
passe ceci :
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut Nicolaiuta,
A l´aide de hijack this coche et fix :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0. cab
Comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
puis
regarde ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...
Ton antivirus c´est avg, il a un par feu ?
@+
A l´aide de hijack this coche et fix :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0. cab
Comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
puis
regarde ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...
Ton antivirus c´est avg, il a un par feu ?
@+
