A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
23 réponses
ComboFix 08-10-30.12 - StEpHaN 2008-10-31 10:37:31.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.152 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\StEpHaN\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\plus32.ocx
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 11:53 . 2008-10-29 11:53 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-29 11:53 . 2008-10-29 11:53 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Simply Super Software
2008-10-29 11:53 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-10-29 11:53 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-29 10:04 . 2008-10-29 10:04 <REP> d-------- C:\VundoFix Backups
2008-10-28 13:32 . 2008-10-28 13:32 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-28 13:32 . 2008-10-28 13:32 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-28 13:32 . 2008-10-28 13:32 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-28 13:22 . 2008-10-28 13:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-28 12:38 . 2008-10-28 12:38 <REP> d-------- C:\WINDOWS\EHome
2008-10-28 12:27 . 2008-10-28 12:27 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Avira
2008-10-28 11:43 . 2008-05-07 14:20 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-10-28 11:43 . 2008-05-07 10:51 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-10-28 11:27 . 2008-10-28 11:27 <REP> d-------- C:\Program Files\Avira
2008-10-27 20:07 . 2008-10-27 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 20:07 . 2008-10-27 20:07 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Malwarebytes
2008-10-27 20:07 . 2008-10-27 20:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 20:07 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 20:07 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 17:48 . 2008-10-27 17:48 <REP> d--hs---- C:\FOUND.049
2008-10-27 17:26 . 2008-10-27 17:26 78,625 --a------ C:\WINDOWS\system32\taqwewqeml.exe
2008-10-27 11:48 . 2008-10-27 11:48 172,544 --a------ C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
2008-10-27 10:33 . 2008-10-27 10:33 <REP> d--hs---- C:\FOUND.048
2008-10-27 09:53 . 2008-10-27 09:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 19:11 . 2008-10-25 19:11 0 --a------ C:\WINDOWS\iPlayer.INI
2008-10-25 19:08 . 2008-10-25 19:08 <REP> d-------- C:\Program Files\InterActual
2008-10-24 21:00 . 2008-10-28 14:31 2,711 --a------ C:\WINDOWS\imsins.BAK
2008-10-23 21:25 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 22:11 . 2008-10-22 22:11 <REP> d-------- C:\WINDOWS\system32\HWC HD
2008-10-22 22:11 . 2008-10-22 22:11 <REP> d-------- C:\Program Files\Hercules
2008-10-22 22:11 . 2006-08-01 12:31 3,600,384 --a------ C:\WINDOWS\ffmpeg.exe
2008-10-22 22:10 . 2008-10-22 22:10 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\InstallShield
2008-10-22 21:26 . 2008-10-22 21:26 <REP> d--hs---- C:\FOUND.047
2008-10-22 08:35 . 2008-10-22 08:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-22 08:35 . 2008-10-22 08:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-17 11:34 . 2008-10-17 11:34 <REP> d--hs---- C:\FOUND.046
2008-10-17 07:34 . 2008-10-17 07:34 <REP> d--hs---- C:\FOUND.045
2008-10-16 07:16 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 07:15 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 07:15 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:15 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:15 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 07:15 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 12:27 . 2008-10-15 12:27 <REP> d-------- C:\Program Files\eMule
2008-10-15 12:27 . 2008-10-15 12:27 3,231,826 --a------ C:\Program Files\eMule0.49b-Installer1.exe
2008-10-15 12:20 . 2008-10-15 12:20 <REP> d-------- C:\Program Files\IMMonitor
2008-10-15 12:14 . 2008-10-15 12:19 1,314,893 --a------ C:\Program Files\setup_msnmonitor.exe
2008-10-13 18:13 . 2008-10-13 18:13 <REP> d-------- C:\Program Files\AwinSoft
2008-10-13 17:53 . 2008-10-13 17:53 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Wireshark
2008-10-13 17:36 . 2008-10-13 17:36 <REP> d-------- C:\Program Files\WinPcap
2008-10-13 16:15 . 2008-10-13 16:15 <REP> d--hs---- C:\FOUND.009
2008-10-11 21:02 . 2008-10-11 21:02 <REP> d--hs---- C:\FOUND.008
2008-10-11 20:56 . 2008-10-11 20:56 <REP> d--hs---- C:\FOUND.007
2008-10-09 18:50 . 2008-10-09 18:50 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.006
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.005
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.004
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.003
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.002
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.001
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Spyware Terminator
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-09 14:36 . 2008-10-09 14:36 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-10-09 14:34 . 2008-10-09 14:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-09 14:16 . 2008-10-09 14:17 <REP> d-------- C:\Program Files\McAfee
2008-10-09 13:58 . 2008-10-09 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-09 13:27 . 2008-10-09 13:27 <REP> d--hs---- C:\FOUND.000
2008-09-19 12:37 . 2008-09-19 12:37 <REP> d-------- C:\Program Files\WordBiz
2008-09-18 18:59 . 2008-09-18 18:59 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\System
2008-09-07 19:09 . 2008-09-07 19:09 <REP> d-------- C:\Program Files\LimeWire
2008-09-05 16:06 . 2008-09-05 16:06 <REP> d-------- C:\Program Files\VideoLAN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 12:57 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 10:47 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-31 17:41 --------- d-----w C:\Documents and Settings\StEpHaN\Application Data\dvdcss
2008-08-31 17:25 --------- d-----w C:\Documents and Settings\StEpHaN\Application Data\vlc
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2004-09-25 08:53 3,592,848 ----a-w C:\Program Files\aim95.exe
2008-04-04 20:36 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-04 20:35 88 --sh--r C:\WINDOWS\system32\86FDF97ABA.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F}]
2008-10-27 11:48 172544 --a------ C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-07 98304]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-09-07 2957824]
"mytjqpyvzhzlw"="C:\WINDOWS\system32\kecnkmoatvcrxmla.dll" [2008-10-27 172544]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 296544]
"SiSPower"="SiSPower.dll" [2005-02-25 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 331776]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\System32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Hercules\\Classic Silver\\Station2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\LIVECALL.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-07 138752]
R2 AntiVirFirewallService;Avira Premium Security Suite Pare-feu;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Service d'assistance Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 200576]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\StEpHaN\Application Data\Mozilla\Firefox\Profiles\fhop5097.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.club-internet.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 10:44:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\AVIRA\AVIRA PREMIUM SECURITY SUITE\SCHED.EXE
C:\PROGRAM FILES\AVIRA\AVIRA PREMIUM SECURITY SUITE\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-31 10:49:37 - La machine a redémarré [StEpHaN]
ComboFix-quarantined-files.txt 2008-10-31 09:49:26
Avant-CF: 471,089,152 octets libres
Après-CF: 992,854,016 octets libres
255 --- E O F --- 2008-10-29 20:00:50
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.152 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\StEpHaN\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\plus32.ocx
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 11:53 . 2008-10-29 11:53 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-29 11:53 . 2008-10-29 11:53 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Simply Super Software
2008-10-29 11:53 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-10-29 11:53 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-29 10:04 . 2008-10-29 10:04 <REP> d-------- C:\VundoFix Backups
2008-10-28 13:32 . 2008-10-28 13:32 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-28 13:32 . 2008-10-28 13:32 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-28 13:32 . 2008-10-28 13:32 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-28 13:22 . 2008-10-28 13:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-28 12:38 . 2008-10-28 12:38 <REP> d-------- C:\WINDOWS\EHome
2008-10-28 12:27 . 2008-10-28 12:27 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Avira
2008-10-28 11:43 . 2008-05-07 14:20 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-10-28 11:43 . 2008-05-07 10:51 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-10-28 11:27 . 2008-10-28 11:27 <REP> d-------- C:\Program Files\Avira
2008-10-27 20:07 . 2008-10-27 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 20:07 . 2008-10-27 20:07 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Malwarebytes
2008-10-27 20:07 . 2008-10-27 20:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 20:07 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 20:07 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 17:48 . 2008-10-27 17:48 <REP> d--hs---- C:\FOUND.049
2008-10-27 17:26 . 2008-10-27 17:26 78,625 --a------ C:\WINDOWS\system32\taqwewqeml.exe
2008-10-27 11:48 . 2008-10-27 11:48 172,544 --a------ C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
2008-10-27 10:33 . 2008-10-27 10:33 <REP> d--hs---- C:\FOUND.048
2008-10-27 09:53 . 2008-10-27 09:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 19:11 . 2008-10-25 19:11 0 --a------ C:\WINDOWS\iPlayer.INI
2008-10-25 19:08 . 2008-10-25 19:08 <REP> d-------- C:\Program Files\InterActual
2008-10-24 21:00 . 2008-10-28 14:31 2,711 --a------ C:\WINDOWS\imsins.BAK
2008-10-23 21:25 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 22:11 . 2008-10-22 22:11 <REP> d-------- C:\WINDOWS\system32\HWC HD
2008-10-22 22:11 . 2008-10-22 22:11 <REP> d-------- C:\Program Files\Hercules
2008-10-22 22:11 . 2006-08-01 12:31 3,600,384 --a------ C:\WINDOWS\ffmpeg.exe
2008-10-22 22:10 . 2008-10-22 22:10 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\InstallShield
2008-10-22 21:26 . 2008-10-22 21:26 <REP> d--hs---- C:\FOUND.047
2008-10-22 08:35 . 2008-10-22 08:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-22 08:35 . 2008-10-22 08:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-17 11:34 . 2008-10-17 11:34 <REP> d--hs---- C:\FOUND.046
2008-10-17 07:34 . 2008-10-17 07:34 <REP> d--hs---- C:\FOUND.045
2008-10-16 07:16 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 07:15 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 07:15 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:15 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:15 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 07:15 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 12:27 . 2008-10-15 12:27 <REP> d-------- C:\Program Files\eMule
2008-10-15 12:27 . 2008-10-15 12:27 3,231,826 --a------ C:\Program Files\eMule0.49b-Installer1.exe
2008-10-15 12:20 . 2008-10-15 12:20 <REP> d-------- C:\Program Files\IMMonitor
2008-10-15 12:14 . 2008-10-15 12:19 1,314,893 --a------ C:\Program Files\setup_msnmonitor.exe
2008-10-13 18:13 . 2008-10-13 18:13 <REP> d-------- C:\Program Files\AwinSoft
2008-10-13 17:53 . 2008-10-13 17:53 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Wireshark
2008-10-13 17:36 . 2008-10-13 17:36 <REP> d-------- C:\Program Files\WinPcap
2008-10-13 16:15 . 2008-10-13 16:15 <REP> d--hs---- C:\FOUND.009
2008-10-11 21:02 . 2008-10-11 21:02 <REP> d--hs---- C:\FOUND.008
2008-10-11 20:56 . 2008-10-11 20:56 <REP> d--hs---- C:\FOUND.007
2008-10-09 18:50 . 2008-10-09 18:50 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.006
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.005
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.004
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.003
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.002
2008-10-09 18:15 . 2008-10-09 18:15 <REP> d--hs---- C:\FOUND.001
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\Spyware Terminator
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-09 14:36 . 2008-10-09 14:36 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-10-09 14:34 . 2008-10-09 14:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-09 14:16 . 2008-10-09 14:17 <REP> d-------- C:\Program Files\McAfee
2008-10-09 13:58 . 2008-10-09 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-09 13:27 . 2008-10-09 13:27 <REP> d--hs---- C:\FOUND.000
2008-09-19 12:37 . 2008-09-19 12:37 <REP> d-------- C:\Program Files\WordBiz
2008-09-18 18:59 . 2008-09-18 18:59 <REP> d-------- C:\Documents and Settings\StEpHaN\Application Data\System
2008-09-07 19:09 . 2008-09-07 19:09 <REP> d-------- C:\Program Files\LimeWire
2008-09-05 16:06 . 2008-09-05 16:06 <REP> d-------- C:\Program Files\VideoLAN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 12:57 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 10:47 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-31 17:41 --------- d-----w C:\Documents and Settings\StEpHaN\Application Data\dvdcss
2008-08-31 17:25 --------- d-----w C:\Documents and Settings\StEpHaN\Application Data\vlc
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2004-09-25 08:53 3,592,848 ----a-w C:\Program Files\aim95.exe
2008-04-04 20:36 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-04 20:35 88 --sh--r C:\WINDOWS\system32\86FDF97ABA.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F}]
2008-10-27 11:48 172544 --a------ C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-07 98304]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-09-07 2957824]
"mytjqpyvzhzlw"="C:\WINDOWS\system32\kecnkmoatvcrxmla.dll" [2008-10-27 172544]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 296544]
"SiSPower"="SiSPower.dll" [2005-02-25 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 331776]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\System32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Hercules\\Classic Silver\\Station2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\LIVECALL.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-07 138752]
R2 AntiVirFirewallService;Avira Premium Security Suite Pare-feu;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Service d'assistance Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 200576]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\StEpHaN\Application Data\Mozilla\Firefox\Profiles\fhop5097.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.club-internet.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 10:44:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\AVIRA\AVIRA PREMIUM SECURITY SUITE\SCHED.EXE
C:\PROGRAM FILES\AVIRA\AVIRA PREMIUM SECURITY SUITE\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-31 10:49:37 - La machine a redémarré [StEpHaN]
ComboFix-quarantined-files.txt 2008-10-31 09:49:26
Avant-CF: 471,089,152 octets libres
Après-CF: 992,854,016 octets libres
255 --- E O F --- 2008-10-29 20:00:50
Extra. Peux-tu reposter un rapport hijack stp, je pense qu'on va pouvoir passer aux finitions...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:40, on 01/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IMBoss\IMBoss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F} - C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [mytjqpyvzhzlw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.33/g_bin/eng/domino_2_0_0_33.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_31.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira Premium Security Suite Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Scan saved at 20:51:40, on 01/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IMBoss\IMBoss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mxlivemedia browser enhancer - {7D3769FD-DF4E-2AF9-C9F5-A28D29347D9F} - C:\WINDOWS\system32\kecnkmoatvcrxmla.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [mytjqpyvzhzlw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.33/g_bin/eng/domino_2_0_0_33.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_31.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira Premium Security Suite Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Tu pourrais repasser au message 20 en suivant la procédure exacte stp? Car une infection aurait du disparaitre...
Aussi, dans hijackthis, tu peux fixer les lignes suivantes: (et AUCUNE AUTRE !!)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
et TOUS les "016" (éléments active X)
tuto pour fixer: http://pageperso.aol.fr/balltrap34/demohijack.htm
Aussi, dans hijackthis, tu peux fixer les lignes suivantes: (et AUCUNE AUTRE !!)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
et TOUS les "016" (éléments active X)
tuto pour fixer: http://pageperso.aol.fr/balltrap34/demohijack.htm
