Explorer.exe à 100%
Résolu
Aldebaran33
Messages postés
28
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
Depuis quelques temps, j'ai mon processus qui marche à 100% en continue. Le gestionnaire de tâches m'indique que c'est explorer.exe qui prend toute la place. Je suis aller voir dans plusieurs forums si je ne pouvais pas trouver la solution, la seule qui était donner c'était de mettre un moins devant une clé de registre, chose bien entendu que j'ai fait mais sans succès pour résoudre mon problème.
J'ai donc fait un log et je me suis aperçu que j'avais un fichier dans le répertoire System 32 qui s'appelle "onxyikd.dll", fichier totalement inconnu pour Hijack. J'ai donc essayé de le supprimer en vain puisque il me met erreur d'écriture à chaque fois. J'ai téléchargé des logiciels spécifiques pour effacer les fichiers récalcitrants, comme killbox, même résultat.
Je demande donc votre aide pour me virer ce fichier qui n'est autre qu'un virus pas très connu car Avast ne le voit pas.
D'avance merci.
Depuis quelques temps, j'ai mon processus qui marche à 100% en continue. Le gestionnaire de tâches m'indique que c'est explorer.exe qui prend toute la place. Je suis aller voir dans plusieurs forums si je ne pouvais pas trouver la solution, la seule qui était donner c'était de mettre un moins devant une clé de registre, chose bien entendu que j'ai fait mais sans succès pour résoudre mon problème.
J'ai donc fait un log et je me suis aperçu que j'avais un fichier dans le répertoire System 32 qui s'appelle "onxyikd.dll", fichier totalement inconnu pour Hijack. J'ai donc essayé de le supprimer en vain puisque il me met erreur d'écriture à chaque fois. J'ai téléchargé des logiciels spécifiques pour effacer les fichiers récalcitrants, comme killbox, même résultat.
Je demande donc votre aide pour me virer ce fichier qui n'est autre qu'un virus pas très connu car Avast ne le voit pas.
D'avance merci.
A voir également:
- Explorer.exe à 100%
- Explorer.exe - Télécharger - Divers Utilitaires
- 100 m3 en m2 ✓ - Forum Loisirs / Divertissements
- 100 mb en mo - Forum Matériel & Système
- 100 mo en go - Forum Mobile
- Code 100 details manifest incompatible - Forum TV & Vidéo
9 réponses
Salut,
Infection Vundo/Virtumonde à mon avis.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Infection Vundo/Virtumonde à mon avis.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Voila le rapport
rocessus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\snf50.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\ksvcl.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\kcopt.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\qmopt.dll (Malware.Trace) -> No action taken.
rocessus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\snf50.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\ksvcl.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\kcopt.dll (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\qmopt.dll (Malware.Trace) -> No action taken.
J'ai donc tout supprimer, le % du processeur est redevenu normal.
Le fameux fichier est toujours là, ça n'as pas l'air de gêner la bonne marche de l'ordinateur.
Je te remercie Destrio de m'avoir donner la solution à mon problème.
Le fameux fichier est toujours là, ça n'as pas l'air de gêner la bonne marche de l'ordinateur.
Je te remercie Destrio de m'avoir donner la solution à mon problème.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efdozddg - C:\WINDOWS\SYSTEM32\onxyikd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efdozddg - C:\WINDOWS\SYSTEM32\onxyikd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Salut
Voilà le rapport qui est resté coincé au grenier.
ComboFix 08-09-27.05 - o 2008-09-28 18:25:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.241 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\o\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\o\Cookies\o@www.laforet[1].txt
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\onxyikd.dll . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LANMANDRV
-------\Legacy_VEQELXOH
-------\Service_veqelxoh
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\o\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 16:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 12:09 . 2008-09-28 12:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Program Files\Windows Live
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-24 23:15 . 2008-09-25 18:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-24 22:22 . 2008-09-24 22:24 <REP> d-------- C:\Program Files\RegCleaner
2008-09-22 13:42 . 2008-09-22 13:42 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-22 10:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001\WINDOWS
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage r‚seau
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage d'impression
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\ModŠles
2008-09-22 10:25 . 2008-09-22 10:46 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Mes documents
2008-09-22 10:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Menu D‚marrer
2008-09-22 10:25 . 2008-09-22 11:18 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Favoris
2008-09-22 10:25 . 2008-09-22 11:54 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Bureau
2008-09-22 10:25 . 2008-09-22 12:02 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001
2008-09-21 11:28 . 2008-09-21 11:28 <REP> d-------- C:\Documents and Settings\o\Application Data\SumatraPDF
2008-09-21 11:27 . 2008-09-21 11:27 <REP> d-------- C:\Program Files\SumatraPDF
2008-09-20 22:42 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000\WINDOWS
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage r‚seau
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage d'impression
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\ModŠles
2008-09-20 22:42 . 2008-09-20 22:43 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Mes documents
2008-09-20 22:42 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Menu D‚marrer
2008-09-20 22:42 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Favoris
2008-09-20 22:42 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Bureau
2008-09-20 22:42 . 2008-09-20 22:42 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000
2008-09-20 22:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001\WINDOWS
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage r‚seau
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage d'impression
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\ModŠles
2008-09-20 22:25 . 2008-09-20 22:25 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Mes documents
2008-09-20 22:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Menu D‚marrer
2008-09-20 22:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Favoris
2008-09-20 22:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Bureau
2008-09-20 22:25 . 2008-09-20 22:25 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001
2008-09-20 22:21 . 2008-09-20 22:20 85 --a------ C:\Documents and Settings\o\reparation.bat
2008-09-20 19:30 . 2008-09-21 21:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-20 15:54 . 2008-09-20 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Documents and Settings\o\Application Data\IDMComp
2008-09-19 12:47 . 2008-09-19 12:47 <REP> d-------- C:\Program Files\UltraEdit
2008-09-14 12:04 . 2006-10-27 19:18 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-13 11:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien\WINDOWS
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage r‚seau
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage d'impression
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\ModŠles
2008-09-13 11:25 . 2008-09-13 11:25 <REP> dr------- C:\Documents and Settings\Damien\Mes documents
2008-09-13 11:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien\Menu D‚marrer
2008-09-13 11:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien\Favoris
2008-09-13 11:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien\Bureau
2008-09-13 11:25 . 2008-09-22 11:54 <REP> d-------- C:\Documents and Settings\Damien
2008-09-12 22:12 . 2008-09-12 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 18:29 . 2008-09-27 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-06 18:29 . 2008-09-06 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:52 --------- d-----w C:\Program Files\Crazy Browser
2008-09-21 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 19:05 --------- d-----w C:\Program Files\Logitech
2008-09-21 19:03 --------- d-----w C:\Program Files\Creative
2008-09-21 18:57 --------- d-----w C:\Program Files\ACD Systems
2008-09-21 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-03 19:52 --------- d-----w C:\Documents and Settings\o\Application Data\OpenOffice.org2
2008-08-25 20:06 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-25 19:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-24 17:31 --------- d-----w C:\Program Files\Alwil Software
2008-08-21 22:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 17:08 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-08-09 06:49 --------- d-----w C:\Program Files\NOS
2008-08-09 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-08-07 21:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-07 20:23 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-05 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-03 19:50 --------- d-----w C:\Program Files\ScanSoft
2008-08-03 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-15 17:47 58 ----a-w C:\Documents and Settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w C:\Documents and Settings\o\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 18:31 104960 --a------ c:\windows\system32\onxyikd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winac25.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winad46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg70.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineh47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk58.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkn36.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo35.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winps81.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqt13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa81.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Packard Bell EverSafe Tray Control.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Packard Bell EverSafe Tray Control.lnk
backup=C:\WINDOWS\pss\Packard Bell EverSafe Tray Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2006-06-28 08:46 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-06-29 13:18 77824 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 15:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 04:06 7311360 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-12-10 04:06 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-12 00:04 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 19:14 36975 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-26 15:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2002-03-13 00:18 32768 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
--a------ 2003-08-13 10:33 299008 C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
--a------ 2005-02-11 09:38 167936 C:\WINDOWS\system32\stmctrl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-10 04:06 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
R0 ztzmgbnf;ztzmgbnf;C:\WINDOWS\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S0 Wineg57;Wineg57;C:\WINDOWS\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;C:\WINDOWS\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;C:\WINDOWS\system32\Drivers\Winnq60.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ID - (no file)
HKU-Default-RunOnce-WUAppSetup - C:\Program Files\Fichiers communs\logishrd\WUApp32.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-CleanEasyImg - c:\apps\easydvd\cleanall.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KernelDrv - C:\WINDOWS\System32\KernelDrv.exe
MSConfigStartUp-NovaNet-WEB Tray Control - C:\Program Files\Packard Bell EverSafe\TrayControl.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
FF -: plugin - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:32:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\DrvTrNTl.dll
.
----------------------- Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-09-28 18:38:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 16:38:11
Avant-CF: 99ÿ434ÿ237ÿ952 octets libres
Après-CF: 102,760,325,120 octets libres
356 --- E O F --- 2008-09-14 21:19:08
Bonne continuation ;-)
Voilà le rapport qui est resté coincé au grenier.
ComboFix 08-09-27.05 - o 2008-09-28 18:25:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.241 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\o\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\o\Cookies\o@www.laforet[1].txt
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\onxyikd.dll . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LANMANDRV
-------\Legacy_VEQELXOH
-------\Service_veqelxoh
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\o\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-28 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 16:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 16:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 12:09 . 2008-09-28 12:09 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Program Files\Windows Live
2008-09-28 12:08 . 2008-09-28 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-24 23:15 . 2008-09-25 18:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-24 22:22 . 2008-09-24 22:24 <REP> d-------- C:\Program Files\RegCleaner
2008-09-22 13:42 . 2008-09-22 13:42 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-22 10:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001\WINDOWS
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage r‚seau
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\Voisinage d'impression
2008-09-22 10:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.001\ModŠles
2008-09-22 10:25 . 2008-09-22 10:46 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Mes documents
2008-09-22 10:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Menu D‚marrer
2008-09-22 10:25 . 2008-09-22 11:18 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Favoris
2008-09-22 10:25 . 2008-09-22 11:54 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.001\Bureau
2008-09-22 10:25 . 2008-09-22 12:02 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.001
2008-09-21 11:28 . 2008-09-21 11:28 <REP> d-------- C:\Documents and Settings\o\Application Data\SumatraPDF
2008-09-21 11:27 . 2008-09-21 11:27 <REP> d-------- C:\Program Files\SumatraPDF
2008-09-20 22:42 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000\WINDOWS
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage r‚seau
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\Voisinage d'impression
2008-09-20 22:42 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001.000\ModŠles
2008-09-20 22:42 . 2008-09-20 22:43 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Mes documents
2008-09-20 22:42 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Menu D‚marrer
2008-09-20 22:42 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Favoris
2008-09-20 22:42 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001.000\Bureau
2008-09-20 22:42 . 2008-09-20 22:42 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001.000
2008-09-20 22:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001\WINDOWS
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage r‚seau
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\Voisinage d'impression
2008-09-20 22:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien.SN301833070001\ModŠles
2008-09-20 22:25 . 2008-09-20 22:25 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Mes documents
2008-09-20 22:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Menu D‚marrer
2008-09-20 22:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Favoris
2008-09-20 22:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien.SN301833070001\Bureau
2008-09-20 22:25 . 2008-09-20 22:25 <REP> d-------- C:\Documents and Settings\Damien.SN301833070001
2008-09-20 22:21 . 2008-09-20 22:20 85 --a------ C:\Documents and Settings\o\reparation.bat
2008-09-20 19:30 . 2008-09-21 21:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-20 15:54 . 2008-09-20 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Documents and Settings\o\Application Data\IDMComp
2008-09-19 12:47 . 2008-09-19 12:47 <REP> d-------- C:\Program Files\UltraEdit
2008-09-14 12:04 . 2006-10-27 19:18 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-13 11:25 . 2004-05-11 11:00 <REP> d-------- C:\Documents and Settings\Damien\WINDOWS
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage r‚seau
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\Voisinage d'impression
2008-09-13 11:25 . 2002-09-30 12:55 <REP> d--h----- C:\Documents and Settings\Damien\ModŠles
2008-09-13 11:25 . 2008-09-13 11:25 <REP> dr------- C:\Documents and Settings\Damien\Mes documents
2008-09-13 11:25 . 2002-09-30 12:55 <REP> dr------- C:\Documents and Settings\Damien\Menu D‚marrer
2008-09-13 11:25 . 2004-05-11 11:12 <REP> dr------- C:\Documents and Settings\Damien\Favoris
2008-09-13 11:25 . 2004-05-11 11:10 <REP> dr------- C:\Documents and Settings\Damien\Bureau
2008-09-13 11:25 . 2008-09-22 11:54 <REP> d-------- C:\Documents and Settings\Damien
2008-09-12 22:12 . 2008-09-12 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 18:29 . 2008-09-27 20:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-06 18:29 . 2008-09-06 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:52 --------- d-----w C:\Program Files\Crazy Browser
2008-09-21 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 19:05 --------- d-----w C:\Program Files\Logitech
2008-09-21 19:03 --------- d-----w C:\Program Files\Creative
2008-09-21 18:57 --------- d-----w C:\Program Files\ACD Systems
2008-09-21 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-03 19:52 --------- d-----w C:\Documents and Settings\o\Application Data\OpenOffice.org2
2008-08-25 20:06 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-25 19:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-24 17:31 --------- d-----w C:\Program Files\Alwil Software
2008-08-21 22:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-19 17:08 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-08-09 06:49 --------- d-----w C:\Program Files\NOS
2008-08-09 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-08-07 21:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-07 20:23 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-05 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-03 19:50 --------- d-----w C:\Program Files\ScanSoft
2008-08-03 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-15 17:47 58 ----a-w C:\Documents and Settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w C:\Documents and Settings\o\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 18:31 104960 --a------ c:\windows\system32\onxyikd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winac25.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winad46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windg70.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineh47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk58.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkn36.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlo35.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winps81.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqt13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa46.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwa81.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Packard Bell EverSafe Tray Control.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Packard Bell EverSafe Tray Control.lnk
backup=C:\WINDOWS\pss\Packard Bell EverSafe Tray Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2006-06-28 08:46 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-06-29 13:18 77824 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 15:03 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-10 04:06 7311360 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-12-10 04:06 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-12 00:04 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 19:14 36975 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-26 15:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2002-03-13 00:18 32768 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
--a------ 2003-08-13 10:33 299008 C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
--a------ 2005-02-11 09:38 167936 C:\WINDOWS\system32\stmctrl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-10 04:06 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
R0 ztzmgbnf;ztzmgbnf;C:\WINDOWS\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S0 Wineg57;Wineg57;C:\WINDOWS\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;C:\WINDOWS\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;C:\WINDOWS\system32\Drivers\Winnq60.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ID - (no file)
HKU-Default-RunOnce-WUAppSetup - C:\Program Files\Fichiers communs\logishrd\WUApp32.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-CleanEasyImg - c:\apps\easydvd\cleanall.exe
MSConfigStartUp-Google Update - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KernelDrv - C:\WINDOWS\System32\KernelDrv.exe
MSConfigStartUp-NovaNet-WEB Tray Control - C:\Program Files\Packard Bell EverSafe\TrayControl.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\o\Application Data\Mozilla\Firefox\Profiles\v9eyxivg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/fr/index.php?rvs=hompag&d=79919193
FF -: plugin - C:\Documents and Settings\o\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:32:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\DrvTrNTl.dll
.
----------------------- Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-09-28 18:38:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 16:38:11
Avant-CF: 99ÿ434ÿ237ÿ952 octets libres
Après-CF: 102,760,325,120 octets libres
356 --- E O F --- 2008-09-14 21:19:08
Bonne continuation ;-)
