Trojan:Win32/Vundo.gen!P
Résolu/Fermé
Darkstayer
-
21 oct. 2008 à 15:19
Darkstayer Messages postés 323 Date d'inscription mardi 21 octobre 2008 Statut Membre Dernière intervention 6 mars 2021 - 1 nov. 2008 à 12:18
Darkstayer Messages postés 323 Date d'inscription mardi 21 octobre 2008 Statut Membre Dernière intervention 6 mars 2021 - 1 nov. 2008 à 12:18
A voir également:
- Trojan:Win32/Vundo.gen!P
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Trojan win32 - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan agent ✓ - Forum Virus
25 réponses
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
21 oct. 2008 à 15:29
21 oct. 2008 à 15:29
commence par cela meme si les pubs disparaissent cela ne veut pas dire que l infection est enlevee.
Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
27 oct. 2008 à 12:11
27 oct. 2008 à 12:11
salut a vous deux :)
dark :
Si tu n´a encore rien installé...
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
Reglages :
en image :
http://speedweb1.free.fr/frames2.php?page=tuto5
mes explications :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
ps : effectue le scan en mode sans echec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
@+
dark :
Si tu n´a encore rien installé...
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
Reglages :
en image :
http://speedweb1.free.fr/frames2.php?page=tuto5
mes explications :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
ps : effectue le scan en mode sans echec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
29 oct. 2008 à 14:17
29 oct. 2008 à 14:17
Bonjour à toi g!rly:
En suivant aux pas tes instructions, en mode sans echec, j'obtiens le rapport suivant:
Avira AntiVir Personal
Report file date: jeudi 30 octobre 2008 12:09
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: BDAB4489AEFF4B6
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 14:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 13:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 13:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 07:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 14:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 13:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 15:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 09:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 09:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 13:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 30 octobre 2008 12:09
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Is the TR/Dldr.VB.dck Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\osxmlcie.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pguxjilu.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfrrfg.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yffyca.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
End of the scan: jeudi 30 octobre 2008 13:29
Used time: 1:20:08 Hour(s)
The scan has been done completely.
5123 Scanning directories
242773 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
242767 Files not concerned
7540 Archives were scanned
1 Warnings
5 Notes
En suivant aux pas tes instructions, en mode sans echec, j'obtiens le rapport suivant:
Avira AntiVir Personal
Report file date: jeudi 30 octobre 2008 12:09
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: BDAB4489AEFF4B6
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 14:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 13:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 13:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 07:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 14:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 13:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 15:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 09:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 09:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 13:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 30 octobre 2008 12:09
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Is the TR/Dldr.VB.dck Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\osxmlcie.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pguxjilu.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfrrfg.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yffyca.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
End of the scan: jeudi 30 octobre 2008 13:29
Used time: 1:20:08 Hour(s)
The scan has been done completely.
5123 Scanning directories
242773 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
242767 Files not concerned
7540 Archives were scanned
1 Warnings
5 Notes
Apparement c'est un virus qui se renouvelle automatiquement en changeant de nom a chaque fois (d'ou l'extension " .gen " ) le reperez est assez facile (grâce aux analyse) , il debute toujours par WIN32 et se termine par .gen ceci dit il vous suffit de vous rendre sous windows defender et de faire une analyse il retrouveras les fichiers infectées, puis apres une mise une mise en quarantaine (si disponible) il vous suffit de le supprimer.
Aprés cette action: - Relancer une nouvelle fois window defender (pour verifier s'il l'as supprimer totalement)
- et lancer une analyse complete de votre systeme via votre anti-virus en meme temp.
Normalement tout devrais etre OK
En esperant avoir pu vous aidez
Aprés cette action: - Relancer une nouvelle fois window defender (pour verifier s'il l'as supprimer totalement)
- et lancer une analyse complete de votre systeme via votre anti-virus en meme temp.
Normalement tout devrais etre OK
En esperant avoir pu vous aidez
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
29 oct. 2008 à 16:21
29 oct. 2008 à 16:21
je vous raconte un topic.
quelqu un qui a des doutes ouvre un topic: ellle a le pare feu comodo(antivirus avast).
elle telecharge quelquechose et c est le pare feu qui lui signale un certain type de trojan et elle evite l infection.
donc si elle avait eu le pare feu windows on aurait eu a passer un peu de temps sur son cas.
la morale est qu il faut un vrai pare feu.ne fais cela que lorsque girly te le dira car je crois qu elle a autre chose a te faire faire.il est meilleur d installer un pare feu sur un pc completement sain.
regarde sur ce lien( mis a jour assez souvent) celui qui t interesse, demande moi les tuto pour ceux en anglais.
http://www.matousec.com/index.html
quelqu un qui a des doutes ouvre un topic: ellle a le pare feu comodo(antivirus avast).
elle telecharge quelquechose et c est le pare feu qui lui signale un certain type de trojan et elle evite l infection.
donc si elle avait eu le pare feu windows on aurait eu a passer un peu de temps sur son cas.
la morale est qu il faut un vrai pare feu.ne fais cela que lorsque girly te le dira car je crois qu elle a autre chose a te faire faire.il est meilleur d installer un pare feu sur un pc completement sain.
regarde sur ce lien( mis a jour assez souvent) celui qui t interesse, demande moi les tuto pour ceux en anglais.
http://www.matousec.com/index.html
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
29 oct. 2008 à 17:51
29 oct. 2008 à 17:51
Ok! je pense que mon cas sera bientot réglé.Concernant le tutoriel des parefeux, l'anglais je comprends moyen. est ke tu as ce tutoriel en français?
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
29 oct. 2008 à 18:39
29 oct. 2008 à 18:39
salut dark et toto :)
dark
post un dernier rapport hijack this stp
puis voici pour comodo en francais :
tuto : https://www.malekal.com/tutorial-comodo-firewall/
@+
dark
post un dernier rapport hijack this stp
puis voici pour comodo en francais :
tuto : https://www.malekal.com/tutorial-comodo-firewall/
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
29 oct. 2008 à 19:04
29 oct. 2008 à 19:04
Voici mon dernier Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:14, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:14, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
29 oct. 2008 à 20:53
29 oct. 2008 à 20:53
Ok,
a l´aide de hijack this coche et fix :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
tu n´as pas installé comodo ?
important :
regarde ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...
puis passe ceci :
Ccleaner:
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et
jv16 power tools :
http://assiste.com.free.fr/p/logitheque/jv16.html
(derniere version gratuite...)
Je n´ai pas de tuto; alors voila mes explications :
Click sur
"registry tools"
Puis sur "tools" (en haut)
Dans l´arborescence
Sur "registry cleaner"
Dans la fenetre suivante click sur "continue" et dans la prochaine sur "start"
Une fois la recherche terminée tu vas te retrouver avec un tas de clées marquées d´un point rouge ou vert...
On va nettoyer que les vertes (safe)
Pour cela click sur "select" > "special select" > et click sur "items that should be safe to remove" il va alors selectionner les cleés vertes
Click alors sur "remove" en bas a gauche pour nettoyer...
-.-.-.-
pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox
http://www.mozilla-europe.org/fr/
plugins :ad block plus, no script ect...
https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
bonus :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : https://www.malekal.com/tutorial-spywareblaster/
voila
@+
a l´aide de hijack this coche et fix :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
tu n´as pas installé comodo ?
important :
regarde ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...
puis passe ceci :
Ccleaner:
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et
jv16 power tools :
http://assiste.com.free.fr/p/logitheque/jv16.html
(derniere version gratuite...)
Je n´ai pas de tuto; alors voila mes explications :
Click sur
"registry tools"
Puis sur "tools" (en haut)
Dans l´arborescence
Sur "registry cleaner"
Dans la fenetre suivante click sur "continue" et dans la prochaine sur "start"
Une fois la recherche terminée tu vas te retrouver avec un tas de clées marquées d´un point rouge ou vert...
On va nettoyer que les vertes (safe)
Pour cela click sur "select" > "special select" > et click sur "items that should be safe to remove" il va alors selectionner les cleés vertes
Click alors sur "remove" en bas a gauche pour nettoyer...
-.-.-.-
pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox
http://www.mozilla-europe.org/fr/
plugins :ad block plus, no script ect...
https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
bonus :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : https://www.malekal.com/tutorial-spywareblaster/
voila
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
30 oct. 2008 à 00:33
30 oct. 2008 à 00:33
Merci pour les tuto & le coup de mains!
Je ferai tout cela demain!
Jte dirai ensuite ou tt cela en est! @+
Je ferai tout cela demain!
Jte dirai ensuite ou tt cela en est! @+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 oct. 2008 à 15:24
30 oct. 2008 à 15:24
Ok...
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
31 oct. 2008 à 00:16
31 oct. 2008 à 00:16
Merci! spywarecleaner! cCleaner on est fait du beau Travail!!!
En tout cas, ça m'a permis de purger les super malwares! J'avoue que je ne me suis même pas douter que ces derniers pouvait provenir des clés de registres.
Si tu as d'autres instructions à donner, je serai prêt à les effectuer!
Merci pour ta Précieuse Aide!!
en tout cas, commentçamarche est un veritable puit d'astuces.
& en particulier, les membres qui apportent ce qu'il faut!!
J'espère que ce sujet pourra être classé "Résolu" ^^
Merci à toi
@@++,
En tout cas, ça m'a permis de purger les super malwares! J'avoue que je ne me suis même pas douter que ces derniers pouvait provenir des clés de registres.
Si tu as d'autres instructions à donner, je serai prêt à les effectuer!
Merci pour ta Précieuse Aide!!
en tout cas, commentçamarche est un veritable puit d'astuces.
& en particulier, les membres qui apportent ce qu'il faut!!
J'espère que ce sujet pourra être classé "Résolu" ^^
Merci à toi
@@++,
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 oct. 2008 à 11:04
31 oct. 2008 à 11:04
Salut Dark...,
Si tu n´as plus de souci on peut conclure ici...
Dis moi...
@+
Si tu n´as plus de souci on peut conclure ici...
Dis moi...
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
31 oct. 2008 à 20:08
31 oct. 2008 à 20:08
Avec le Scan Avira Antivir: J'ai les menaces suivantes:
TR/Dldr.VB.hzp.1 trojan
c:\Windows\i386\cALC.EX_
Warnings:19 menaces
Est ce normal dans ce cas!
J'ai a nouveau effectuer les mêmes procédures! ça m'efface à nouveau les clés de registre nuisibles & les malwares
si tu me dis que tout cela est normal, je peux alors considérer que l'affaire est conclut.
TR/Dldr.VB.hzp.1 trojan
c:\Windows\i386\cALC.EX_
Warnings:19 menaces
Est ce normal dans ce cas!
J'ai a nouveau effectuer les mêmes procédures! ça m'efface à nouveau les clés de registre nuisibles & les malwares
si tu me dis que tout cela est normal, je peux alors considérer que l'affaire est conclut.
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
>
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
31 oct. 2008 à 20:19
31 oct. 2008 à 20:19
Voici le Rapport Antivir
Avira AntiVir Personal
Report file date: samedi 1 novembre 2008 19:17
Scanning for 1001710 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BDAB4489AEFF4B6
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:23:16
ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 18:01:16
ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 18:01:16
ANTIVIR3.VDF : 7.1.0.26 14848 Bytes 31/10/2008 18:01:17
Engineversion : 8.2.0.10
AEVDF.DLL : 8.1.0.6 102772 Bytes 30/10/2008 13:24:37
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 30/10/2008 13:24:33
AESCN.DLL : 8.1.1.3 123252 Bytes 30/10/2008 13:24:27
AERDL.DLL : 8.1.1.2 438644 Bytes 30/10/2008 13:24:24
AEPACK.DLL : 8.1.2.4 369014 Bytes 30/10/2008 13:24:15
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 30/10/2008 13:24:05
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 30/10/2008 13:24:02
AEHELP.DLL : 8.1.1.2 115062 Bytes 30/10/2008 13:23:37
AEGEN.DLL : 8.1.0.42 319861 Bytes 30/10/2008 13:23:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 30/10/2008 13:23:31
AECORE.DLL : 8.1.2.9 172407 Bytes 30/10/2008 13:23:27
AEBB.DLL : 8.1.0.3 53618 Bytes 30/10/2008 13:23:21
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/10/2008 13:23:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 1 novembre 2008 19:17
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'ICO.EXE' - '1' Module(s) have been scanned
Scan process 'Styler.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'topdesk.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '64' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bbnwomou.exe.vir
[DETECTION] Is the TR/QLowZones.S Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\EV02\EV022328.exe.vir
[DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP108\A0021346.exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP108\A0021349.exe
[DETECTION] Is the TR/Monder.stx Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP112\A0022347.exe
[DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP12\A0001226.exe
[0] Archive type: CAB SFX (self extracting)
--> \WinNT5\x64\data1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP12\A0001227.exe
[0] Archive type: CAB SFX (self extracting)
--> \Using Your Mouse-SC.pdf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025922.exe
[DETECTION] Is the TR/QLowZones.S Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025923.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025924.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025925.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025926.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '493ca562.qua'!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP126\A0026133.exe
[DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP5\A0001161.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP6\A0001171.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP7\A0001176.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP7\A0001177.exe
[0] Archive type: CAB SFX (self extracting)
--> \At8VEN5m.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP8\A0001178.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP8\A0001179.exe
[0] Archive type: CAB SFX (self extracting)
--> \At8VEN5m.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP9\A0001187.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\i386\CALC.EX_
[0] Archive type: CAB (Microsoft)
--> calc.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\calc.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
End of the scan: samedi 1 novembre 2008 20:12
Used time: 55:02 Minute(s)
The scan has been done completely.
5325 Scanning directories
275509 Files were scanned
13 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
12 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
10 Files cannot be scanned
275486 Files not concerned
7684 Archives were scanned
19 Warnings
13 Notes
Avira AntiVir Personal
Report file date: samedi 1 novembre 2008 19:17
Scanning for 1001710 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BDAB4489AEFF4B6
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:23:16
ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 18:01:16
ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 18:01:16
ANTIVIR3.VDF : 7.1.0.26 14848 Bytes 31/10/2008 18:01:17
Engineversion : 8.2.0.10
AEVDF.DLL : 8.1.0.6 102772 Bytes 30/10/2008 13:24:37
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 30/10/2008 13:24:33
AESCN.DLL : 8.1.1.3 123252 Bytes 30/10/2008 13:24:27
AERDL.DLL : 8.1.1.2 438644 Bytes 30/10/2008 13:24:24
AEPACK.DLL : 8.1.2.4 369014 Bytes 30/10/2008 13:24:15
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 30/10/2008 13:24:05
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 30/10/2008 13:24:02
AEHELP.DLL : 8.1.1.2 115062 Bytes 30/10/2008 13:23:37
AEGEN.DLL : 8.1.0.42 319861 Bytes 30/10/2008 13:23:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 30/10/2008 13:23:31
AECORE.DLL : 8.1.2.9 172407 Bytes 30/10/2008 13:23:27
AEBB.DLL : 8.1.0.3 53618 Bytes 30/10/2008 13:23:21
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/10/2008 13:23:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 1 novembre 2008 19:17
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'ICO.EXE' - '1' Module(s) have been scanned
Scan process 'Styler.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'topdesk.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '64' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bbnwomou.exe.vir
[DETECTION] Is the TR/QLowZones.S Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\EV02\EV022328.exe.vir
[DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP108\A0021346.exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP108\A0021349.exe
[DETECTION] Is the TR/Monder.stx Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP112\A0022347.exe
[DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP12\A0001226.exe
[0] Archive type: CAB SFX (self extracting)
--> \WinNT5\x64\data1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP12\A0001227.exe
[0] Archive type: CAB SFX (self extracting)
--> \Using Your Mouse-SC.pdf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025922.exe
[DETECTION] Is the TR/QLowZones.S Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025923.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025924.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025925.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP122\A0025926.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '493ca562.qua'!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP126\A0026133.exe
[DETECTION] Is the TR/Dldr.VB.hzp.1 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP5\A0001161.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP6\A0001171.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP7\A0001176.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP7\A0001177.exe
[0] Archive type: CAB SFX (self extracting)
--> \At8VEN5m.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP8\A0001178.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP8\A0001179.exe
[0] Archive type: CAB SFX (self extracting)
--> \At8VEN5m.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{FAF0FC78-146C-45C9-8181-0DD65EBEFAB3}\RP9\A0001187.exe
[0] Archive type: CAB SFX (self extracting)
--> \Disk1\data1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\i386\CALC.EX_
[0] Archive type: CAB (Microsoft)
--> calc.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\calc.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
End of the scan: samedi 1 novembre 2008 20:12
Used time: 55:02 Minute(s)
The scan has been done completely.
5325 Scanning directories
275509 Files were scanned
13 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
12 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
10 Files cannot be scanned
275486 Files not concerned
7684 Archives were scanned
19 Warnings
13 Notes
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
1 nov. 2008 à 12:18
1 nov. 2008 à 12:18
Si dans le cas présent , il s'agit de refaire les mêmes manipulations.
Je peux considérer que le Problème est Résolu !!
Merci à toi G!rly!!!!
Je peux considérer que le Problème est Résolu !!
Merci à toi G!rly!!!!
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
21 oct. 2008 à 16:45
21 oct. 2008 à 16:45
montre moi le rapport dans l onglet rapport de malwarebyte pour voir ce qu il a supprime.il faut montrer les rapports sans eux on ne sait pas si c est vraiment supprime.
ensuite fais cela pour voir si il n y aurait pas autre chose.
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
ensuite fais cela pour voir si il n y aurait pas autre chose.
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 11:13
22 oct. 2008 à 11:13
Voici ce que donne le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04, on 2008-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FOXITR~1\FOXITR~1.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: {9ccdb9ed-2d2e-57f8-da14-c7f22d8e3f31} - {13f3e8d2-2f7c-41ad-8f75-e2d2de9bdcc9} - C:\WINDOWS\system32\tfrrfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khfGyaxv - khfGyaxv.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04, on 2008-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FOXITR~1\FOXITR~1.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: {9ccdb9ed-2d2e-57f8-da14-c7f22d8e3f31} - {13f3e8d2-2f7c-41ad-8f75-e2d2de9bdcc9} - C:\WINDOWS\system32\tfrrfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khfGyaxv - khfGyaxv.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 oct. 2008 à 11:16
22 oct. 2008 à 11:16
Salut,
je m´incruste...
darkstayer,
tu es encore infecté
passe ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
+ un nouveau rapport hijack this stp
@+
je m´incruste...
darkstayer,
tu es encore infecté
passe ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
+ un nouveau rapport hijack this stp
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 12:07
22 oct. 2008 à 12:07
Merci! je vais essayer t&a technique! je serai de retour cette aprem! je posterai le rapport hijack pr voir ou on en est!
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 oct. 2008 à 13:09
22 oct. 2008 à 13:09
salut,
il faut que tu post le rapport de combofix egalement
@+
il faut que tu post le rapport de combofix egalement
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 13:41
22 oct. 2008 à 13:41
Concernant le Rapport Hijackthis, j'ai obtenu ceci, est ce que le problème de l'infection est toujours présent??
Voici le Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:24, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: tfrrfg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Voici le Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:24, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: tfrrfg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 13:38
22 oct. 2008 à 13:38
ComboFix a été efficace, voici le (long ) rapport obtenu:
ComboFix 08-10-19.04 - Administrateur 2008-10-23 13:13:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\bbnwomou.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\osxmlcie.dll
C:\WINDOWS\system32\pguxjilu.dll
C:\WINDOWS\system32\tfrrfg.dll
C:\WINDOWS\system32\yffyca.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:03 . 2008-10-23 11:46 734,641,774 --a------ C:\ALIENS VS PREDATOR REQUIEM 2008 FRENCH.avi
2008-10-22 15:42 . 2008-10-22 20:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 15:42 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 14:12 . 2008-10-22 14:12 <REP> d-------- C:\VundoFix Backups
2008-10-22 14:10 . 2008-10-22 14:10 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 16:15 . 2008-10-21 21:48 735,684,608 --a------ C:\Le.Silence.des.Agneaux.[divx.francais.franais.french.dvd.rip.SBC](par.Origan.et.MaxoOo).teste.divxovore.com.avi
2008-10-21 15:12 . 2008-10-21 15:12 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-21 15:05 . 2008-10-22 16:16 <REP> d-------- C:\WINDOWS\system32\xp2
2008-10-21 15:05 . 2008-10-22 16:16 <REP> d-------- C:\WINDOWS\system32\vm
2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\mci
2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\EV02
2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\Temp\xp34
2008-10-21 15:05 . 2008-10-23 13:13 <REP> d-------- C:\Temp
2008-10-21 15:05 . 2008-10-21 15:05 64,859 --a------ C:\WINDOWS\system32\ftfnqacjghpar.exe
2008-10-21 15:05 . 2008-10-21 15:05 355 --a------ C:\205.bat
2008-10-21 14:46 . 2008-10-21 14:46 <REP> d-------- C:\Program Files\Easy Video Converter
2008-10-20 23:10 . 2008-10-20 23:10 143,176,980 --a------ C:\flaskOut.avi
2008-10-20 23:07 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\FlasKMPEG
2008-10-17 00:03 . 2008-10-17 00:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-10-17 00:03 . 2008-10-17 00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-17 00:02 . 2008-10-23 13:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-10-16 11:29 . 2008-08-14 15:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 11:29 . 2008-09-15 17:14 1,847,040 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 11:29 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 13:38 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\VirtualDubMOD
2008-10-15 00:18 . 2008-10-23 10:23 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-14 16:05 . 2008-10-14 16:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-13 19:17 . 2008-10-20 22:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-10-11 02:28 . 2008-10-11 02:28 <REP> d-------- C:\WINDOWS\Sun
2008-10-11 01:36 . 2008-10-11 01:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-10-11 01:33 . 2008-10-11 01:33 <REP> d-------- C:\Program Files\VideoLAN
2008-10-10 18:45 . 2008-10-10 18:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
2008-10-10 18:14 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-10 18:14 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-10 18:14 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-10 18:12 . 2008-10-10 18:13 <REP> d-------- C:\d3f79257e726d35b1b1637c6
2008-10-10 18:12 . 2007-12-18 04:04 2,450,944 --a------ C:\WINDOWS\system32\OLD1C.tmp
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iTunes
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iPod
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 15:49 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-10-05 15:49 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\WINDOWS\system32\xircom
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\Program Files\microsoft frontpage
2008-10-05 14:22 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-05 14:08 . 2008-10-05 14:08 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 14:05 . 2008-10-05 14:10 <REP> d-------- C:\WINDOWS\EHome
2008-10-05 14:05 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u00001_.tmp
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d-------- C:\Program Files\Free
2008-10-05 01:02 . 2008-10-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-10-05 00:16 . 2008-10-05 00:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-10-05 00:01 . 2008-10-22 19:58 <REP> d-------- C:\Program Files\eMule
2008-10-04 14:13 . 2008-10-04 14:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Java
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-04 13:45 . 2008-10-23 12:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FrostWire
2008-10-04 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 13:43 . 2008-10-21 15:14 <REP> d-------- C:\Program Files\FrostWire
2008-10-04 13:37 . 2008-10-20 12:42 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-10-03 22:14 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-03 22:12 . 2004-08-04 02:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-03 22:12 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-10-03 22:12 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-10-03 22:12 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-10-03 22:12 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-10-03 22:11 . 2008-10-10 18:14 1,118,814 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-03 22:11 . 2008-10-03 20:42 4,512 --a------ C:\WINDOWS\imsins.BAK
2008-10-03 22:11 . 2008-10-03 20:20 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-10-03 22:10 . 2008-10-03 20:17 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-10-03 22:10 . 2006-10-30 01:40 <REP> d-------- C:\Documents and Settings\Default User\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\Default User\Favoris
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-10-03 22:10 . 2008-10-22 14:35 <REP> d-------- C:\Documents and Settings\All Users\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\All Users\Favoris
2008-10-03 22:10 . 2008-10-05 15:41 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-10-03 22:10 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-03 22:09 . 2008-10-23 12:46 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-03 22:09 . 2008-10-23 10:23 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-10-03 22:09 . 2008-10-03 20:41 <REP> d-------- C:\Documents and Settings\Default User
2008-10-03 22:09 . 2006-11-18 13:48 <REP> d-------- C:\Documents and Settings\All Users
2008-10-03 22:09 . 2008-10-03 20:54 <REP> d-------- C:\Documents and Settings
2008-10-03 22:08 . 2008-10-03 20:42 1,748 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 23:03 --------- d-----w C:\Program Files\Ad-Aware
2008-10-04 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 12:12 --------- d-----w C:\Program Files\QT Lite
2008-10-03 19:54 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-10-03 19:53 --------- d-----w C:\Program Files\Intel
2008-10-03 19:53 --------- d-----w C:\Program Files\Fichiers communs\Intel
2008-10-03 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-10-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 19:52 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-03 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-03 19:47 --------- d-----w C:\Program Files\Synaptics
2008-10-03 19:47 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 19:47 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
2008-10-03 19:46 --------- d-----w C:\Program Files\MSBuild
2008-10-03 19:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-03 19:44 --------- d-----w C:\Program Files\SuperCopier2
2008-10-03 19:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-03 19:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2008-10-03 19:39 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
2008-10-03 19:36 --------- d-----w C:\Program Files\Broadcom
2008-10-03 19:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\NetWaiting
2008-10-03 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\CONEXANT
2008-10-03 19:34 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2008-10-03 19:34 --------- d-----w C:\Program Files\DIFX
2008-10-03 19:32 --------- d-----w C:\Program Files\HP Analog TV Tuner
2008-10-03 19:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-10-03 19:29 --------- d-----w C:\Program Files\ma-config.com
2008-10-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-10-03 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-10-03 19:25 --------- d-----w C:\Program Files\HP
2008-10-03 19:03 --------- d-----w C:\Program Files\Styler
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-10-03 19:00 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-10-03 18:40 --------- d-----w C:\Program Files\Real Alternative
2008-10-03 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-03 18:38 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Program Files\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-03 18:36 --------- d-----w C:\Program Files\Nero
2008-10-03 18:36 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-10-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 4.0
2008-10-03 18:23 --------- d-----r C:\Program Files\Windows Sidebar
2008-10-03 18:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-03 16:22 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:14 1,847,040 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:43 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
.
------- Sigcheck -------
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2007-12-18 201216]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-10-25 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 C:\WINDOWS\system32\ICO.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tfrrfg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-07 61952]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{13f3e8d2-2f7c-41ad-8f75-e2d2de9bdcc9} - C:\WINDOWS\system32\tfrrfg.dll
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
ShellExecuteHooks-{4D0C96E7-CA73-4E24-96F6-271BD3E024C8} - C:\WINDOWS\system32\khfGyaxv.dll
Notify-khfGyaxv - khfGyaxv.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xfko38un.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 13:18:50
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RGIE.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-10-23 13:19:49
ComboFix-quarantined-files.txt 2008-10-23 11:19:42
Avant-CF: 126,420,246,528 octets libres
Après-CF: 126,434,832,384 octets libres
310 --- E O F --- 2008-10-23 08:23:13
ComboFix 08-10-19.04 - Administrateur 2008-10-23 13:13:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\bbnwomou.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\osxmlcie.dll
C:\WINDOWS\system32\pguxjilu.dll
C:\WINDOWS\system32\tfrrfg.dll
C:\WINDOWS\system32\yffyca.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:03 . 2008-10-23 11:46 734,641,774 --a------ C:\ALIENS VS PREDATOR REQUIEM 2008 FRENCH.avi
2008-10-22 15:42 . 2008-10-22 20:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 15:42 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 14:12 . 2008-10-22 14:12 <REP> d-------- C:\VundoFix Backups
2008-10-22 14:10 . 2008-10-22 14:10 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 16:15 . 2008-10-21 21:48 735,684,608 --a------ C:\Le.Silence.des.Agneaux.[divx.francais.franais.french.dvd.rip.SBC](par.Origan.et.MaxoOo).teste.divxovore.com.avi
2008-10-21 15:12 . 2008-10-21 15:12 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-21 15:05 . 2008-10-22 16:16 <REP> d-------- C:\WINDOWS\system32\xp2
2008-10-21 15:05 . 2008-10-22 16:16 <REP> d-------- C:\WINDOWS\system32\vm
2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\mci
2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\EV02
2008-10-21 15:05 . 2008-10-21 15:05 <REP> d-------- C:\Temp\xp34
2008-10-21 15:05 . 2008-10-23 13:13 <REP> d-------- C:\Temp
2008-10-21 15:05 . 2008-10-21 15:05 64,859 --a------ C:\WINDOWS\system32\ftfnqacjghpar.exe
2008-10-21 15:05 . 2008-10-21 15:05 355 --a------ C:\205.bat
2008-10-21 14:46 . 2008-10-21 14:46 <REP> d-------- C:\Program Files\Easy Video Converter
2008-10-20 23:10 . 2008-10-20 23:10 143,176,980 --a------ C:\flaskOut.avi
2008-10-20 23:07 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\FlasKMPEG
2008-10-17 00:03 . 2008-10-17 00:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-10-17 00:03 . 2008-10-17 00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-17 00:02 . 2008-10-23 13:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-10-16 11:29 . 2008-08-14 15:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 11:29 . 2008-09-15 17:14 1,847,040 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 11:29 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 13:38 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\VirtualDubMOD
2008-10-15 00:18 . 2008-10-23 10:23 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-14 16:05 . 2008-10-14 16:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-13 19:17 . 2008-10-20 22:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-10-11 02:28 . 2008-10-11 02:28 <REP> d-------- C:\WINDOWS\Sun
2008-10-11 01:36 . 2008-10-11 01:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-10-11 01:33 . 2008-10-11 01:33 <REP> d-------- C:\Program Files\VideoLAN
2008-10-10 18:45 . 2008-10-10 18:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
2008-10-10 18:14 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-10 18:14 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-10 18:14 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-10 18:12 . 2008-10-10 18:13 <REP> d-------- C:\d3f79257e726d35b1b1637c6
2008-10-10 18:12 . 2007-12-18 04:04 2,450,944 --a------ C:\WINDOWS\system32\OLD1C.tmp
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iTunes
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iPod
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 15:49 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-10-05 15:49 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\WINDOWS\system32\xircom
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\Program Files\microsoft frontpage
2008-10-05 14:22 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-05 14:08 . 2008-10-05 14:08 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 14:05 . 2008-10-05 14:10 <REP> d-------- C:\WINDOWS\EHome
2008-10-05 14:05 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u00001_.tmp
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d-------- C:\Program Files\Free
2008-10-05 01:02 . 2008-10-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-10-05 00:16 . 2008-10-05 00:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-10-05 00:01 . 2008-10-22 19:58 <REP> d-------- C:\Program Files\eMule
2008-10-04 14:13 . 2008-10-04 14:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Java
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-04 13:45 . 2008-10-23 12:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FrostWire
2008-10-04 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 13:43 . 2008-10-21 15:14 <REP> d-------- C:\Program Files\FrostWire
2008-10-04 13:37 . 2008-10-20 12:42 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-10-03 22:14 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-03 22:12 . 2004-08-04 02:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-03 22:12 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-10-03 22:12 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-10-03 22:12 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-10-03 22:12 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-10-03 22:11 . 2008-10-10 18:14 1,118,814 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-03 22:11 . 2008-10-03 20:42 4,512 --a------ C:\WINDOWS\imsins.BAK
2008-10-03 22:11 . 2008-10-03 20:20 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-10-03 22:10 . 2008-10-03 20:17 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-10-03 22:10 . 2006-10-30 01:40 <REP> d-------- C:\Documents and Settings\Default User\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\Default User\Favoris
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-10-03 22:10 . 2008-10-22 14:35 <REP> d-------- C:\Documents and Settings\All Users\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\All Users\Favoris
2008-10-03 22:10 . 2008-10-05 15:41 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-10-03 22:10 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-03 22:09 . 2008-10-23 12:46 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-03 22:09 . 2008-10-23 10:23 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-10-03 22:09 . 2008-10-03 20:41 <REP> d-------- C:\Documents and Settings\Default User
2008-10-03 22:09 . 2006-11-18 13:48 <REP> d-------- C:\Documents and Settings\All Users
2008-10-03 22:09 . 2008-10-03 20:54 <REP> d-------- C:\Documents and Settings
2008-10-03 22:08 . 2008-10-03 20:42 1,748 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 23:03 --------- d-----w C:\Program Files\Ad-Aware
2008-10-04 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 12:12 --------- d-----w C:\Program Files\QT Lite
2008-10-03 19:54 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-10-03 19:53 --------- d-----w C:\Program Files\Intel
2008-10-03 19:53 --------- d-----w C:\Program Files\Fichiers communs\Intel
2008-10-03 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-10-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 19:52 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-03 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-03 19:47 --------- d-----w C:\Program Files\Synaptics
2008-10-03 19:47 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 19:47 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
2008-10-03 19:46 --------- d-----w C:\Program Files\MSBuild
2008-10-03 19:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-03 19:44 --------- d-----w C:\Program Files\SuperCopier2
2008-10-03 19:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-03 19:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2008-10-03 19:39 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
2008-10-03 19:36 --------- d-----w C:\Program Files\Broadcom
2008-10-03 19:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\NetWaiting
2008-10-03 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\CONEXANT
2008-10-03 19:34 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2008-10-03 19:34 --------- d-----w C:\Program Files\DIFX
2008-10-03 19:32 --------- d-----w C:\Program Files\HP Analog TV Tuner
2008-10-03 19:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-10-03 19:29 --------- d-----w C:\Program Files\ma-config.com
2008-10-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-10-03 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-10-03 19:25 --------- d-----w C:\Program Files\HP
2008-10-03 19:03 --------- d-----w C:\Program Files\Styler
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-10-03 19:00 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-10-03 18:40 --------- d-----w C:\Program Files\Real Alternative
2008-10-03 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-03 18:38 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Program Files\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-03 18:36 --------- d-----w C:\Program Files\Nero
2008-10-03 18:36 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-10-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 4.0
2008-10-03 18:23 --------- d-----r C:\Program Files\Windows Sidebar
2008-10-03 18:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-03 16:22 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:14 1,847,040 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:43 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
.
------- Sigcheck -------
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2007-12-18 201216]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-10-25 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 C:\WINDOWS\system32\ICO.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tfrrfg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-07 61952]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{13f3e8d2-2f7c-41ad-8f75-e2d2de9bdcc9} - C:\WINDOWS\system32\tfrrfg.dll
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
ShellExecuteHooks-{4D0C96E7-CA73-4E24-96F6-271BD3E024C8} - C:\WINDOWS\system32\khfGyaxv.dll
Notify-khfGyaxv - khfGyaxv.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\xfko38un.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 13:18:50
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RGIE.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-10-23 13:19:49
ComboFix-quarantined-files.txt 2008-10-23 11:19:42
Avant-CF: 126,420,246,528 octets libres
Après-CF: 126,434,832,384 octets libres
310 --- E O F --- 2008-10-23 08:23:13
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 13:46
22 oct. 2008 à 13:46
Je serai de retour à 18h00! Faites moi part de vos solutions! Merci à vous!!!
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 oct. 2008 à 15:07
22 oct. 2008 à 15:07
Voici la suite :
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\ftfnqacjghpar.exe
C:\205.bat
C:\WINDOWS\system32\OLD1C.tmp
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Folder::
C:\WINDOWS\system32\xp2
C:\WINDOWS\system32\vm
C:\WINDOWS\system32\mci
C:\WINDOWS\system32\EV02
C:\Temp\xp34
C:\d3f79257e726d35b1b1637c6
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\ftfnqacjghpar.exe
C:\205.bat
C:\WINDOWS\system32\OLD1C.tmp
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Folder::
C:\WINDOWS\system32\xp2
C:\WINDOWS\system32\vm
C:\WINDOWS\system32\mci
C:\WINDOWS\system32\EV02
C:\Temp\xp34
C:\d3f79257e726d35b1b1637c6
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 19:19
22 oct. 2008 à 19:19
J'ai exactement suivi ttes tes instructions mais ComboFix démarre directement sans meme me laisser un choix entre 1 & 2 après avoir fait glisser CFScript.txt dans comboFix.
Voici le rapport obtenu:
ComboFix 08-10-21.05 - Administrateur 2008-10-23 18:53:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.552 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
C:\205.bat
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\WINDOWS\system32\ftfnqacjghpar.exe
C:\WINDOWS\system32\OLD1C.tmp
C:\WINDOWS\system32\vbzip10.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\205.bat
C:\d3f79257e726d35b1b1637c6
C:\d3f79257e726d35b1b1637c6\update\update.exe
C:\d3f79257e726d35b1b1637c6\update\updspapi.dll
C:\d3f79257e726d35b1b1637c6\update\wpdinstallutil.dll
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
C:\Temp\xp34
C:\Temp\xp34\cPH.log
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\EV02\EV022328.exe
C:\WINDOWS\system32\ftfnqacjghpar.exe
C:\WINDOWS\system32\mci
C:\WINDOWS\system32\OLD1C.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vm
C:\WINDOWS\system32\xp2
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:03 . 2008-10-23 11:46 734,641,774 --a------ C:\ALIENS VS PREDATOR REQUIEM 2008 FRENCH.avi
2008-10-22 15:42 . 2008-10-22 20:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 15:42 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 14:12 . 2008-10-22 14:12 <REP> d-------- C:\VundoFix Backups
2008-10-22 14:10 . 2008-10-22 14:10 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 16:15 . 2008-10-21 21:48 735,684,608 --a------ C:\Le.Silence.des.Agneaux.[divx.francais.franais.french.dvd.rip.SBC](par.Origan.et.MaxoOo).teste.divxovore.com.avi
2008-10-21 15:05 . 2008-10-23 18:53 <REP> d-------- C:\Temp
2008-10-21 14:46 . 2008-10-21 14:46 <REP> d-------- C:\Program Files\Easy Video Converter
2008-10-20 23:10 . 2008-10-20 23:10 143,176,980 --a------ C:\flaskOut.avi
2008-10-20 23:07 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\FlasKMPEG
2008-10-17 00:03 . 2008-10-17 00:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-10-17 00:03 . 2008-10-17 00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-17 00:02 . 2008-10-23 13:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-10-16 11:29 . 2008-08-14 15:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 11:29 . 2008-09-15 17:14 1,847,040 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 11:29 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 13:38 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\VirtualDubMOD
2008-10-15 00:18 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-14 16:05 . 2008-10-14 16:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-13 19:17 . 2008-10-20 22:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-10-11 02:28 . 2008-10-11 02:28 <REP> d-------- C:\WINDOWS\Sun
2008-10-11 01:36 . 2008-10-11 01:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-10-11 01:33 . 2008-10-11 01:33 <REP> d-------- C:\Program Files\VideoLAN
2008-10-10 18:45 . 2008-10-10 18:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
2008-10-10 18:14 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-10 18:14 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-10 18:14 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iTunes
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iPod
2008-10-05 15:49 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-10-05 15:49 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\WINDOWS\system32\xircom
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\Program Files\microsoft frontpage
2008-10-05 14:22 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-05 14:08 . 2008-10-05 14:08 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 14:05 . 2008-10-05 14:10 <REP> d-------- C:\WINDOWS\EHome
2008-10-05 14:05 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u00001_.tmp
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d-------- C:\Program Files\Free
2008-10-05 01:02 . 2008-10-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-10-05 00:16 . 2008-10-05 00:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-10-05 00:01 . 2008-10-22 19:58 <REP> d-------- C:\Program Files\eMule
2008-10-04 14:13 . 2008-10-04 14:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Java
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-04 13:45 . 2008-10-23 12:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FrostWire
2008-10-04 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 13:43 . 2008-10-21 15:14 <REP> d-------- C:\Program Files\FrostWire
2008-10-04 13:37 . 2008-10-20 12:42 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-10-03 22:14 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-03 22:12 . 2004-08-04 02:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-03 22:12 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-10-03 22:12 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-10-03 22:12 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-10-03 22:12 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-10-03 22:11 . 2008-10-10 18:14 1,118,814 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-03 22:11 . 2008-10-03 20:42 4,512 --a------ C:\WINDOWS\imsins.BAK
2008-10-03 22:11 . 2008-10-03 20:20 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-10-03 22:10 . 2008-10-03 20:17 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-10-03 22:10 . 2006-10-30 01:40 <REP> d-------- C:\Documents and Settings\Default User\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\Default User\Favoris
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-10-03 22:10 . 2008-10-22 14:35 <REP> d-------- C:\Documents and Settings\All Users\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\All Users\Favoris
2008-10-03 22:10 . 2008-10-05 15:41 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-10-03 22:10 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-03 22:09 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-03 22:09 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-10-03 22:09 . 2008-10-23 13:19 <REP> d-------- C:\Documents and Settings\Default User
2008-10-03 22:09 . 2006-11-18 13:48 <REP> d-------- C:\Documents and Settings\All Users
2008-10-03 22:09 . 2008-10-03 20:54 <REP> d-------- C:\Documents and Settings
2008-10-03 22:08 . 2008-10-03 20:42 1,748 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 23:03 --------- d-----w C:\Program Files\Ad-Aware
2008-10-04 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 12:12 --------- d-----w C:\Program Files\QT Lite
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-10-03 19:53 --------- d-----w C:\Program Files\Intel
2008-10-03 19:53 --------- d-----w C:\Program Files\Fichiers communs\Intel
2008-10-03 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-10-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 19:52 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-03 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-03 19:47 --------- d-----w C:\Program Files\Synaptics
2008-10-03 19:47 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 19:47 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
2008-10-03 19:46 --------- d-----w C:\Program Files\MSBuild
2008-10-03 19:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-03 19:44 --------- d-----w C:\Program Files\SuperCopier2
2008-10-03 19:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-03 19:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2008-10-03 19:39 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
2008-10-03 19:36 --------- d-----w C:\Program Files\Broadcom
2008-10-03 19:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\NetWaiting
2008-10-03 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\CONEXANT
2008-10-03 19:34 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2008-10-03 19:34 --------- d-----w C:\Program Files\DIFX
2008-10-03 19:32 --------- d-----w C:\Program Files\HP Analog TV Tuner
2008-10-03 19:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-10-03 19:29 --------- d-----w C:\Program Files\ma-config.com
2008-10-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-10-03 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-10-03 19:25 --------- d-----w C:\Program Files\HP
2008-10-03 19:03 --------- d-----w C:\Program Files\Styler
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-10-03 19:00 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-10-03 18:40 --------- d-----w C:\Program Files\Real Alternative
2008-10-03 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-03 18:38 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Program Files\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-03 18:36 --------- d-----w C:\Program Files\Nero
2008-10-03 18:36 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-10-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 4.0
2008-10-03 18:23 --------- d-----r C:\Program Files\Windows Sidebar
2008-10-03 18:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-03 16:22 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:14 1,847,040 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:43 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
.
------- Sigcheck -------
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2007-12-18 201216]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-10-25 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 C:\WINDOWS\system32\ICO.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-07 61952]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 18:58:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-10-23 18:59:20
ComboFix-quarantined-files.txt 2008-10-23 16:59:17
ComboFix2.txt 2008-10-23 11:19:50
Avant-CF: 126 339 731 456 octets libres
Après-CF: 126,326,947,840 octets libres
304 --- E O F --- 2008-10-23 08:23:13
Voici le rapport obtenu:
ComboFix 08-10-21.05 - Administrateur 2008-10-23 18:53:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.552 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
C:\205.bat
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\WINDOWS\system32\ftfnqacjghpar.exe
C:\WINDOWS\system32\OLD1C.tmp
C:\WINDOWS\system32\vbzip10.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\205.bat
C:\d3f79257e726d35b1b1637c6
C:\d3f79257e726d35b1b1637c6\update\update.exe
C:\d3f79257e726d35b1b1637c6\update\updspapi.dll
C:\d3f79257e726d35b1b1637c6\update\wpdinstallutil.dll
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
C:\Temp\xp34
C:\Temp\xp34\cPH.log
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\EV02\EV022328.exe
C:\WINDOWS\system32\ftfnqacjghpar.exe
C:\WINDOWS\system32\mci
C:\WINDOWS\system32\OLD1C.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vm
C:\WINDOWS\system32\xp2
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:03 . 2008-10-23 11:46 734,641,774 --a------ C:\ALIENS VS PREDATOR REQUIEM 2008 FRENCH.avi
2008-10-22 15:42 . 2008-10-22 20:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-22 15:42 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 15:42 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 14:12 . 2008-10-22 14:12 <REP> d-------- C:\VundoFix Backups
2008-10-22 14:10 . 2008-10-22 14:10 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 16:15 . 2008-10-21 21:48 735,684,608 --a------ C:\Le.Silence.des.Agneaux.[divx.francais.franais.french.dvd.rip.SBC](par.Origan.et.MaxoOo).teste.divxovore.com.avi
2008-10-21 15:05 . 2008-10-23 18:53 <REP> d-------- C:\Temp
2008-10-21 14:46 . 2008-10-21 14:46 <REP> d-------- C:\Program Files\Easy Video Converter
2008-10-20 23:10 . 2008-10-20 23:10 143,176,980 --a------ C:\flaskOut.avi
2008-10-20 23:07 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\FlasKMPEG
2008-10-17 00:03 . 2008-10-17 00:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-10-17 00:03 . 2008-10-17 00:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-10-17 00:02 . 2008-10-17 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-17 00:02 . 2008-10-23 13:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-10-16 11:29 . 2008-08-14 15:44 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,059,776 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:29 . 2008-08-14 15:44 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 11:29 . 2008-09-15 17:14 1,847,040 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 11:29 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 13:38 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\VirtualDubMOD
2008-10-15 00:18 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-14 16:05 . 2008-10-14 16:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-13 19:17 . 2008-10-20 22:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-10-11 02:28 . 2008-10-11 02:28 <REP> d-------- C:\WINDOWS\Sun
2008-10-11 01:36 . 2008-10-11 01:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-10-11 01:33 . 2008-10-11 01:33 <REP> d-------- C:\Program Files\VideoLAN
2008-10-10 18:45 . 2008-10-10 18:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
2008-10-10 18:14 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-10 18:14 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-10 18:14 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iTunes
2008-10-05 15:49 . 2008-10-05 15:49 <REP> d-------- C:\Program Files\iPod
2008-10-05 15:49 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-10-05 15:49 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\WINDOWS\system32\xircom
2008-10-05 14:22 . 2008-10-05 14:22 <REP> d-------- C:\Program Files\microsoft frontpage
2008-10-05 14:22 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-05 14:08 . 2008-10-05 14:08 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 14:05 . 2008-10-05 14:10 <REP> d-------- C:\WINDOWS\EHome
2008-10-05 14:05 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u00001_.tmp
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 13:59 . 2008-10-05 13:59 <REP> d-------- C:\Program Files\Free
2008-10-05 01:02 . 2008-10-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-10-05 00:16 . 2008-10-05 00:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-10-05 00:01 . 2008-10-22 19:58 <REP> d-------- C:\Program Files\eMule
2008-10-04 14:13 . 2008-10-04 14:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-04 14:12 . 2008-10-04 14:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Java
2008-10-04 13:45 . 2008-10-04 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-04 13:45 . 2008-10-23 12:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FrostWire
2008-10-04 13:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 13:43 . 2008-10-21 15:14 <REP> d-------- C:\Program Files\FrostWire
2008-10-04 13:37 . 2008-10-20 12:42 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-10-03 22:14 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-03 22:12 . 2004-08-04 02:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-03 22:12 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-10-03 22:12 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-10-03 22:12 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-10-03 22:12 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-10-03 22:11 . 2008-10-10 18:14 1,118,814 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-03 22:11 . 2008-10-03 20:42 4,512 --a------ C:\WINDOWS\imsins.BAK
2008-10-03 22:11 . 2008-10-03 20:20 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-10-03 22:10 . 2008-10-03 20:17 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-10-03 22:10 . 2006-10-30 01:40 <REP> d-------- C:\Documents and Settings\Default User\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\Default User\Favoris
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-10-03 22:10 . 2008-10-03 22:10 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-10-03 22:10 . 2008-10-22 14:35 <REP> d-------- C:\Documents and Settings\All Users\Menu Démarrer
2008-10-03 22:10 . 2007-11-19 01:40 <REP> dr------- C:\Documents and Settings\All Users\Favoris
2008-10-03 22:10 . 2008-10-05 15:41 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-10-03 22:10 . 2008-10-22 15:42 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-03 22:09 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-03 22:09 . 2008-10-23 15:28 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-10-03 22:09 . 2008-10-23 13:19 <REP> d-------- C:\Documents and Settings\Default User
2008-10-03 22:09 . 2006-11-18 13:48 <REP> d-------- C:\Documents and Settings\All Users
2008-10-03 22:09 . 2008-10-03 20:54 <REP> d-------- C:\Documents and Settings
2008-10-03 22:08 . 2008-10-03 20:42 1,748 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 23:03 --------- d-----w C:\Program Files\Ad-Aware
2008-10-04 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 12:12 --------- d-----w C:\Program Files\QT Lite
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-10-03 19:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-03 19:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-10-03 19:53 --------- d-----w C:\Program Files\Intel
2008-10-03 19:53 --------- d-----w C:\Program Files\Fichiers communs\Intel
2008-10-03 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-10-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 19:52 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-03 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-03 19:47 --------- d-----w C:\Program Files\Synaptics
2008-10-03 19:47 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 19:47 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
2008-10-03 19:46 --------- d-----w C:\Program Files\MSBuild
2008-10-03 19:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-03 19:44 --------- d-----w C:\Program Files\SuperCopier2
2008-10-03 19:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-03 19:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2008-10-03 19:39 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
2008-10-03 19:36 --------- d-----w C:\Program Files\Broadcom
2008-10-03 19:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\NetWaiting
2008-10-03 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-03 19:35 --------- d-----w C:\Program Files\CONEXANT
2008-10-03 19:34 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2008-10-03 19:34 --------- d-----w C:\Program Files\DIFX
2008-10-03 19:32 --------- d-----w C:\Program Files\HP Analog TV Tuner
2008-10-03 19:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-10-03 19:29 --------- d-----w C:\Program Files\ma-config.com
2008-10-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-10-03 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-10-03 19:25 --------- d-----w C:\Program Files\HP
2008-10-03 19:03 --------- d-----w C:\Program Files\Styler
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-03 19:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-10-03 19:00 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-10-03 18:40 --------- d-----w C:\Program Files\Real Alternative
2008-10-03 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-03 18:38 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Program Files\ACD Systems
2008-10-03 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-03 18:36 --------- d-----w C:\Program Files\Nero
2008-10-03 18:36 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-10-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-03 18:35 --------- d-----w C:\Program Files\MSXML 4.0
2008-10-03 18:23 --------- d-----r C:\Program Files\Windows Sidebar
2008-10-03 18:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-03 16:22 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:14 1,847,040 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:43 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
.
------- Sigcheck -------
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2007-12-18 201216]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-10-25 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 C:\WINDOWS\system32\ICO.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-07 61952]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 18:58:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-10-23 18:59:20
ComboFix-quarantined-files.txt 2008-10-23 16:59:17
ComboFix2.txt 2008-10-23 11:19:50
Avant-CF: 126 339 731 456 octets libres
Après-CF: 126,326,947,840 octets libres
304 --- E O F --- 2008-10-23 08:23:13
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 19:22
22 oct. 2008 à 19:22
Pas mal de malwares ont été éradiqués, mais mon rapport Hijackthis me donne cela:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:07, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:07, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\topdesk.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 oct. 2008 à 19:30
22 oct. 2008 à 19:30
ok
maintenant fais un scan complet de ta machine a l´aide de malwarebytes et post son rapport stp
@+
maintenant fais un scan complet de ta machine a l´aide de malwarebytes et post son rapport stp
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 19:35
22 oct. 2008 à 19:35
Ok dac!!!
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 19:56
22 oct. 2008 à 19:56
Voici mon Rapport Malwarebyte, plutot convaincant, & les éléments en quarantaine je les supprime?, mon rapport donne:
alwarebytes' Anti-Malware 1.29
Version de la base de données: 1300
Windows 5.1.2600 Service Pack 2
23/10/2008 19:54:27
mbam-log-2008-10-23 (19-54-27).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 86777
Temps écoulé: 19 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
alwarebytes' Anti-Malware 1.29
Version de la base de données: 1300
Windows 5.1.2600 Service Pack 2
23/10/2008 19:54:27
mbam-log-2008-10-23 (19-54-27).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 86777
Temps écoulé: 19 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
22 oct. 2008 à 19:38
22 oct. 2008 à 19:38
ok
@+
@+
Darkstayer
Messages postés
323
Date d'inscription
mardi 21 octobre 2008
Statut
Membre
Dernière intervention
6 mars 2021
30
22 oct. 2008 à 20:00
22 oct. 2008 à 20:00
Merci pour ton Coup de pouce!!!! Bonne Soirée!!!
21 oct. 2008 à 15:47
21 oct. 2008 à 16:34