Explorer.exe à 100%
Résolu/Fermé
Aldebaran33
Messages postés
27
Date d'inscription
dimanche 28 septembre 2008
Statut
Membre
Dernière intervention
15 septembre 2012
-
28 sept. 2008 à 16:33
Destrio5 Messages postés 85926 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 28 sept. 2008 à 23:25
Destrio5 Messages postés 85926 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 28 sept. 2008 à 23:25
A voir également:
- Explorer.exe à 100%
- Explorer.exe - Télécharger - Divers Utilitaires
- Formate pour taxer client 100€ - Forum Consommation et internet
- Processeur 100 en jeu ✓ - Forum Windows 10
- 100 mo internet combien de temps ✓ - Forum Mobile
- System 100 disque ✓ - Forum Windows 10
9 réponses
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
28 sept. 2008 à 16:36
28 sept. 2008 à 16:36
Salut,
Infection Vundo/Virtumonde à mon avis.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Infection Vundo/Virtumonde à mon avis.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Aldebaran33
Messages postés
27
Date d'inscription
dimanche 28 septembre 2008
Statut
Membre
Dernière intervention
15 septembre 2012
28 sept. 2008 à 17:38
28 sept. 2008 à 17:38
Voila le rapport
rocessus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\snf50.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\ksvcl.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\kcopt.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\qmopt.dll (Malware.Trace) -> No action taken.
rocessus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\snf50.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\ksvcl.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\kcopt.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\qmopt.dll (Malware.Trace) -> No action taken.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
28 sept. 2008 à 17:40
28 sept. 2008 à 17:40
Tu peux cliquer sur Supprimer la sélection.
Aldebaran33
Messages postés
27
Date d'inscription
dimanche 28 septembre 2008
Statut
Membre
Dernière intervention
15 septembre 2012
28 sept. 2008 à 17:56
28 sept. 2008 à 17:56
J'ai donc tout supprimer, le % du processeur est redevenu normal.
Le fameux fichier est toujours là, ça n'as pas l'air de gêner la bonne marche de l'ordinateur.
Je te remercie Destrio de m'avoir donner la solution à mon problème.
Le fameux fichier est toujours là, ça n'as pas l'air de gêner la bonne marche de l'ordinateur.
Je te remercie Destrio de m'avoir donner la solution à mon problème.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
28 sept. 2008 à 17:58
28 sept. 2008 à 17:58
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Aldebaran33
Messages postés
27
Date d'inscription
dimanche 28 septembre 2008
Statut
Membre
Dernière intervention
15 septembre 2012
28 sept. 2008 à 18:04
28 sept. 2008 à 18:04
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efdozddg - C:\WINDOWS\SYSTEM32\onxyikd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efdozddg - C:\WINDOWS\SYSTEM32\onxyikd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
28 sept. 2008 à 18:08
28 sept. 2008 à 18:08
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Sacabouffe
Messages postés
9418
Date d'inscription
dimanche 19 août 2007
Statut
Membre
Dernière intervention
29 mai 2009
1 858
28 sept. 2008 à 20:30
28 sept. 2008 à 20:30
Salut
Voilà le rapport qui est resté coincé au grenier.
ComboFix 08-09-27.05 - o 2008-09-28 18:25:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.241 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\o\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\o\Cookies\o@www.laforet[1].txt
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\onxyikd.dll . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LANMANDRV
-------\Legacy_VEQELXOH
-------\Service_veqelxoh
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\o\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 16:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 12:09 . 2008-09-28 12:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Program Files\Windows Live
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-24 23:15 . 2008-09-25 18:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-24 22:22 . 2008-09-24 22:24 <REP> d-------- C:\Program Files\RegCleaner
2008-09-22 13:42 . 2008-09-22 13:42 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-22 10:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001\WINDOWS
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage r‚seau
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage d'impression
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\ModŠles
2008-09-22 10:25 . 2008-09-22 10:46 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Mes documents
2008-09-22 10:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Menu D‚marrer
2008-09-22 10:25 . 2008-09-22 11:18 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Favoris
2008-09-22 10:25 . 2008-09-22 11:54 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Bureau
2008-09-22 10:25 . 2008-09-22 12:02 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001
2008-09-21 11:28 . 2008-09-21 11:28 <REP> d-------- C:\Documents and Settings\o\Application Data\SumatraPDF
2008-09-21 11:27 . 2008-09-21 11:27 <REP> d-------- C:\Program Files\SumatraPDF
2008-09-20 22:42 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000\WINDOWS
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage r‚seau
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage d'impression
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\ModŠles
2008-09-20 22:42 . 2008-09-20 22:43 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Mes documents
2008-09-20 22:42 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Menu D‚marrer
2008-09-20 22:42 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Favoris
2008-09-20 22:42 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Bureau
2008-09-20 22:42 . 2008-09-20 22:42 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000
2008-09-20 22:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001\WINDOWS
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage r‚seau
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage d'impression
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\ModŠles
2008-09-20 22:25 . 2008-09-20 22:25 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Mes documents
2008-09-20 22:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Menu D‚marrer
2008-09-20 22:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Favoris
2008-09-20 22:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Bureau
2008-09-20 22:25 . 2008-09-20 22:25 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001
2008-09-20 22:21 . 2008-09-20 22:20 85 --a------ C:\Documents and Settings\o\reparation.bat
2008-09-20 19:30 . 2008-09-21 21:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-20 15:54 . 2008-09-20 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Documents and Settings\o\Application Data\IDMComp
2008-09-19 12:47 . 2008-09-19 12:47 <REP> d-------- C:\Program Files\UltraEdit
2008-09-14 12:04 . 2006-10-27 19:18 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-13 11:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien\WINDOWS
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage r‚seau
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage d'impression
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\ModŠles
2008-09-13 11:25 . 2008-09-13 11:25 <REP> dr------- C:\Documents and Settings\Damien\Mes documents
2008-09-13 11:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien\Menu D‚marrer
2008-09-13 11:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien\Favoris
2008-09-13 11:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien\Bureau
2008-09-13 11:25 . 2008-09-22 11:54 <REP> d-------- C:\Documents and Settings\Damien
2008-09-12 22:12 . 2008-09-12 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 18:29 . 2008-09-27 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-06 18:29 . 2008-09-06 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:52 --------- d-----w C:\Program Files\Crazy Browser
2008-09-21 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 19:05 --------- d-----w C:\Program Files\Logitech
2008-09-21 19:03 --------- d-----w C:\Program Files\Creative
2008-09-21 18:57 --------- d-----w C:\Program Files\ACD Systems
2008-09-21 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-03 19:52 --------- d-----w C:\Documents and Settings\o\Application Data\OpenOffice.org2
2008-08-25 20:06 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-25 19:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-24 17:31 --------- d-----w C:\Program Files\Alwil Software
2008-08-21 22:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 17:08 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-08-09 06:49 --------- d-----w C:\Program Files\NOS
2008-08-09 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-08-07 21:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-07 20:23 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-05 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-03 19:50 --------- d-----w C:\Program Files\ScanSoft
2008-08-03 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-15 17:47 58 ----a-w C:\Documents and Settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w C:\Documents and Settings\o\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 18:31 104960 --a------ c:\windows\system32\onxyikd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winac25.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winad46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg70.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineh47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk58.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkn36.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo35.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winps81.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqt13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa81.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Packard Bell EverSafe Tray Control.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Packard Bell EverSafe Tray Control.lnk
backup=C:\WINDOWS\pss\Packard Bell EverSafe Tray Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2006-06-28 08:46 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-06-29 13:18 77824 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 15:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 04:06 7311360 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-12-10 04:06 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-12 00:04 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 19:14 36975 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-26 15:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2002-03-13 00:18 32768 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
--a------ 2003-08-13 10:33 299008 C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
--a------ 2005-02-11 09:38 167936 C:\WINDOWS\system32\stmctrl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-10 04:06 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
R0 ztzmgbnf;ztzmgbnf;C:\WINDOWS\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S0 Wineg57;Wineg57;C:\WINDOWS\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;C:\WINDOWS\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;C:\WINDOWS\system32\Drivers\Winnq60.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ID - (no file)
HKU-Default-RunOnce-WUAppSetup - C:\Program Files\Fichiers communs\logishrd\WUApp32.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-CleanEasyImg - c:\apps\easydvd\cleanall.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KernelDrv - C:\WINDOWS\System32\KernelDrv.exe
MSConfigStartUp-NovaNet-WEB Tray Control - C:\Program Files\Packard Bell EverSafe\TrayControl.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
FF -: plugin - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:32:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\DrvTrNTl.dll
.
----------------------- Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-09-28 18:38:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 16:38:11
Avant-CF: 99ÿ434ÿ237ÿ952 octets libres
Après-CF: 102,760,325,120 octets libres
356 --- E O F --- 2008-09-14 21:19:08
Bonne continuation ;-)
Voilà le rapport qui est resté coincé au grenier.
ComboFix 08-09-27.05 - o 2008-09-28 18:25:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.241 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\o\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\o\Cookies\o@www.laforet[1].txt
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\onxyikd.dll . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LANMANDRV
-------\Legacy_VEQELXOH
-------\Service_veqelxoh
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\o\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 16:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 12:09 . 2008-09-28 12:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Program Files\Windows Live
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-24 23:15 . 2008-09-25 18:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-24 22:22 . 2008-09-24 22:24 <REP> d-------- C:\Program Files\RegCleaner
2008-09-22 13:42 . 2008-09-22 13:42 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-22 10:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001\WINDOWS
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage r‚seau
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage d'impression
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\ModŠles
2008-09-22 10:25 . 2008-09-22 10:46 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Mes documents
2008-09-22 10:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Menu D‚marrer
2008-09-22 10:25 . 2008-09-22 11:18 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Favoris
2008-09-22 10:25 . 2008-09-22 11:54 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Bureau
2008-09-22 10:25 . 2008-09-22 12:02 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001
2008-09-21 11:28 . 2008-09-21 11:28 <REP> d-------- C:\Documents and Settings\o\Application Data\SumatraPDF
2008-09-21 11:27 . 2008-09-21 11:27 <REP> d-------- C:\Program Files\SumatraPDF
2008-09-20 22:42 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000\WINDOWS
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage r‚seau
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage d'impression
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\ModŠles
2008-09-20 22:42 . 2008-09-20 22:43 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Mes documents
2008-09-20 22:42 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Menu D‚marrer
2008-09-20 22:42 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Favoris
2008-09-20 22:42 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Bureau
2008-09-20 22:42 . 2008-09-20 22:42 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000
2008-09-20 22:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001\WINDOWS
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage r‚seau
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage d'impression
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\ModŠles
2008-09-20 22:25 . 2008-09-20 22:25 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Mes documents
2008-09-20 22:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Menu D‚marrer
2008-09-20 22:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Favoris
2008-09-20 22:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Bureau
2008-09-20 22:25 . 2008-09-20 22:25 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001
2008-09-20 22:21 . 2008-09-20 22:20 85 --a------ C:\Documents and Settings\o\reparation.bat
2008-09-20 19:30 . 2008-09-21 21:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-20 15:54 . 2008-09-20 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Documents and Settings\o\Application Data\IDMComp
2008-09-19 12:47 . 2008-09-19 12:47 <REP> d-------- C:\Program Files\UltraEdit
2008-09-14 12:04 . 2006-10-27 19:18 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-13 11:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien\WINDOWS
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage r‚seau
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage d'impression
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\ModŠles
2008-09-13 11:25 . 2008-09-13 11:25 <REP> dr------- C:\Documents and Settings\Damien\Mes documents
2008-09-13 11:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien\Menu D‚marrer
2008-09-13 11:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien\Favoris
2008-09-13 11:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien\Bureau
2008-09-13 11:25 . 2008-09-22 11:54 <REP> d-------- C:\Documents and Settings\Damien
2008-09-12 22:12 . 2008-09-12 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 18:29 . 2008-09-27 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-06 18:29 . 2008-09-06 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:52 --------- d-----w C:\Program Files\Crazy Browser
2008-09-21 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 19:05 --------- d-----w C:\Program Files\Logitech
2008-09-21 19:03 --------- d-----w C:\Program Files\Creative
2008-09-21 18:57 --------- d-----w C:\Program Files\ACD Systems
2008-09-21 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-03 19:52 --------- d-----w C:\Documents and Settings\o\Application Data\OpenOffice.org2
2008-08-25 20:06 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-25 19:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-24 17:31 --------- d-----w C:\Program Files\Alwil Software
2008-08-21 22:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 17:08 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-08-09 06:49 --------- d-----w C:\Program Files\NOS
2008-08-09 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-08-07 21:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-07 20:23 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-05 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-03 19:50 --------- d-----w C:\Program Files\ScanSoft
2008-08-03 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-15 17:47 58 ----a-w C:\Documents and Settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w C:\Documents and Settings\o\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 18:31 104960 --a------ c:\windows\system32\onxyikd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winac25.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winad46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg70.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineh47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk58.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkn36.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo35.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winps81.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqt13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa81.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Packard Bell EverSafe Tray Control.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Packard Bell EverSafe Tray Control.lnk
backup=C:\WINDOWS\pss\Packard Bell EverSafe Tray Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2006-06-28 08:46 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-06-29 13:18 77824 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 15:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 04:06 7311360 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-12-10 04:06 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-12 00:04 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 19:14 36975 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-26 15:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2002-03-13 00:18 32768 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
--a------ 2003-08-13 10:33 299008 C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
--a------ 2005-02-11 09:38 167936 C:\WINDOWS\system32\stmctrl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-10 04:06 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
R0 ztzmgbnf;ztzmgbnf;C:\WINDOWS\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S0 Wineg57;Wineg57;C:\WINDOWS\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;C:\WINDOWS\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;C:\WINDOWS\system32\Drivers\Winnq60.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ID - (no file)
HKU-Default-RunOnce-WUAppSetup - C:\Program Files\Fichiers communs\logishrd\WUApp32.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-CleanEasyImg - c:\apps\easydvd\cleanall.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KernelDrv - C:\WINDOWS\System32\KernelDrv.exe
MSConfigStartUp-NovaNet-WEB Tray Control - C:\Program Files\Packard Bell EverSafe\TrayControl.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
FF -: plugin - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:32:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\DrvTrNTl.dll
.
----------------------- Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-09-28 18:38:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 16:38:11
Avant-CF: 99ÿ434ÿ237ÿ952 octets libres
Après-CF: 102,760,325,120 octets libres
356 --- E O F --- 2008-09-14 21:19:08
Bonne continuation ;-)
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
28 sept. 2008 à 23:25
28 sept. 2008 à 23:25
Fais le scan avec ComboFix mais en mode sans échec :
https://blog.sosordi.net/
https://blog.sosordi.net/