Bonjour, J'ai du attraper un virus ou un malware car après un message de mon antivirus me signalant un virus (qu'il a automatiquement supprimé), je ne peux plus fermer de fenêtre windows ou Internet Explorer sans avoir à passer pas le gestionnaire des tâches. symptome : - je clique sur la croix de la fenêtre ==> rien ne se passe, tout se freeze. J'ai beau essayer d'ouvrir n'importe quoi d'autre après, je ne peux plus rien faire sur le PC. J'aurai besoin d'un petit coupe de main svp!! Merci d'avance

Pb avec fenetre windows (dossier/IE)

Réponse 1 / 6

tchaning Messages postés 4533 Date d'inscription mardi 15 juillet 2008 Statut Membre Dernière intervention 13 juin 2014 298
28 oct. 2008 à 16:55

depuis quand as tu ce problem ??? installation de logiciel ??? keygen ???
Procéde a une restauration antérieur .

demarrer ==> accessoire ==> outils system ==> restauration de system

Réponse 2 / 6

shotokai Messages postés 5 Date d'inscription mardi 28 octobre 2008 Statut Membre Dernière intervention 29 octobre 2008
28 oct. 2008 à 17:00

Depuis que j'ai téléchargé un pdf humoristique (une archive auto extractive) qui devait contenir un virus (il y a trois jours)

Si je restaure le système, ais-je un risque de perdre les données que j'ai modifié / ajouté depuis ce pb?

(merci pour ta réponse rapide)

Réponse 3 / 6

tchaning Messages postés 4533 Date d'inscription mardi 15 juillet 2008 Statut Membre Dernière intervention 13 juin 2014 298
28 oct. 2008 à 17:05

non tu ne perdra rien

Réponse 4 / 6

shotokai Messages postés 5 Date d'inscription mardi 28 octobre 2008 Statut Membre Dernière intervention 29 octobre 2008
28 oct. 2008 à 17:09

Hé Hé....!!! La restauration système ne possède pas de point de restauration (c'était pas activé....).

Réponse 5 / 6

tchaning Messages postés 4533 Date d'inscription mardi 15 juillet 2008 Statut Membre Dernière intervention 13 juin 2014 298
28 oct. 2008 à 17:13

supprime ton PDF , telecharge SDFIX , (Google )
installe le , redemarre ton pc en mode sans echec (F 8 ) au demarrage.
Apres ouverture de session , va sur c:\SDFIX

lance alors "Runthis"

valide Y, et laisse le travailler

il va redemarrer ton ordinateur , laisse le demarrer normalement , ensuite il va finaliser le scan.

Colle moi alors le rapport

shotokai Messages postés 5 Date d'inscription mardi 28 octobre 2008 Statut Membre Dernière intervention 29 octobre 2008
29 oct. 2008 à 09:33

J'ai fais deux tests :

hier soir :

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\hgGxVOiI.dll - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 00:30:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ec7230]
"0015b9cb69c7"=hex:71,47,ec,e8,34,67,c6,9d,50,82,19,06,16,dc,2e,3f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ec7230]
"0015b9cb69c7"=hex:71,47,ec,e8,34,67,c6,9d,50,82,19,06,16,dc,2e,3f

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000176
"TracesSuccessful"=dword:00000024

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 24 Sep 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Sep 2008 4,348 ...H. --- "C:\Data\adurez\Mes Documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 24 Sep 2008 20 A..H. --- "C:\Data\adurez\Mes Documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Wed 10 Sep 2008 312 A.SH. --- "C:\Data\adurez\Mes Documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 17 May 2006 29,184 A..H. --- "C:\DOC ARNAULT\1 - OPALE\8 - Transfert Alex_\Pression\2-Terrain\~WRL0002.tmp"
Wed 5 Mar 2008 1,699,840 A..H. --- "C:\DOC ARNAULT\1 - OPALE\1 - OPALE ELEC\3 - LOT 2\Rapports ELEC\1 - Rapport Complet (100%)\~WRL3666.tmp"
Tue 15 May 2007 162,816 A..H. --- "C:\DOC ARNAULT\1 - OPALE\8 - Transfert Alex_\RI\_Pack_\Svg r‚zo 16-10-07\1-Rapports MAJ (10 sept)\~WRL1936.tmp"

[b]Finished![/b]

Ce matin

[b]SDFix: Version 1.238 [/b]
Run by ADUREZ on 29/10/2008 at 09:20

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\adurez\Local Settings\Temp\utt61.tmp.exe - Deleted
C:\DOCUME~1\adurez\LOCALS~1\Temp\removalfile.bat - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 09:29:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ec7230]
"0015b9cb69c7"=hex:71,47,ec,e8,34,67,c6,9d,50,82,19,06,16,dc,2e,3f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ec7230]
"0015b9cb69c7"=hex:71,47,ec,e8,34,67,c6,9d,50,82,19,06,16,dc,2e,3f

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000173

scanning hidden files ...

C:\WINDOWS\system32\wbem\Performance\WmiApRpl_new.ini 948 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 24 Sep 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Sep 2008 4,348 ...H. --- "C:\Data\adurez\Mes Documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 24 Sep 2008 20 A..H. --- "C:\Data\adurez\Mes Documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Wed 10 Sep 2008 312 A.SH. --- "C:\Data\adurez\Mes Documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 17 May 2006 29,184 A..H. --- "C:\DOC ARNAULT\1 - OPALE\8 - Transfert Alex_\Pression\2-Terrain\~WRL0002.tmp"
Wed 5 Mar 2008 1,699,840 A..H. --- "C:\DOC ARNAULT\1 - OPALE\1 - OPALE ELEC\3 - LOT 2\Rapports ELEC\1 - Rapport Complet (100%)\~WRL3666.tmp"
Tue 15 May 2007 162,816 A..H. --- "C:\DOC ARNAULT\1 - OPALE\8 - Transfert Alex_\RI\_Pack_\Svg r‚zo 16-10-07\1-Rapports MAJ (10 sept)\~WRL1936.tmp"

[b]Finished![/b]

Qu'en penses tu?

Réponse 6 / 6

tchaning Messages postés 4533 Date d'inscription mardi 15 juillet 2008 Statut Membre Dernière intervention 13 juin 2014 298
29 oct. 2008 à 10:04

ta bien fai de faire les 2 test, il ta trouver et supprimer 3 trojants. ^^ c'est deja bien.
telecharge combox fix ,( sur google tu le trouvera aussi) et lance un scan aussi ^^ .
Envoi alor le rapport

shotokai Messages postés 5 Date d'inscription mardi 28 octobre 2008 Statut Membre Dernière intervention 29 octobre 2008
29 oct. 2008 à 10:25

ComboFix 08-10-29.04 - ADUREZ 2008-10-29 10:15:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1160 [GMT 1:00]
Lancé depuis: C:\Data\ADUREZ\Bureau\ComboFix.exe
* Resident AV is active

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\khfGwVLC.dll
C:\WINDOWS\system32\qoMeCTKd.dll
C:\WINDOWS\system32\tuvUOIyW.dll
C:\WINDOWS\system32\wvUlkIxu.dll
C:\WINDOWS\system32\WyIOUvut.ini
C:\WINDOWS\system32\WyIOUvut.ini2

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-28 17:27 . 2008-10-28 17:27 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-28 17:16 . 2008-10-29 09:30 <REP> d-------- C:\SDFix
2008-10-27 09:30 . 2007-04-08 11:46 411,494 --a------ C:\WINDOWS\system32\Printers.ico
2008-10-25 21:28 . 2008-10-29 10:16 <REP> d-------- C:\Quarantine
2008-10-25 19:24 . 2008-10-25 19:24 <REP> d-------- C:\Documents and Settings\adurez\Contacts
2008-10-25 18:58 . 2008-10-25 19:19 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-25 18:57 . 2008-10-25 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-24 17:54 . 2008-10-24 17:54 <REP> d-------- C:\Program Files\QuickPar
2008-10-22 09:16 . 2008-10-22 09:16 <REP> d-------- C:\Program Files\OpenOffice.org 2.0 sur mf070166
2008-10-21 08:39 . 2008-10-29 10:18 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\UnicenterRemoteControl
2008-10-21 08:38 . 2008-10-21 08:38 <REP> d--hs---- C:\SxpInst
2008-10-21 08:38 . 2005-10-24 13:44 69,632 --a------ C:\WINDOWS\system32\sxpgina.dll
2008-10-21 08:38 . 2003-10-28 18:17 32,768 --a------ C:\WINDOWS\dsteng32.exe
2008-10-21 08:37 . 2008-10-21 08:39 <REP> d-------- C:\Program Files\CA
2008-10-21 08:37 . 2006-06-06 09:46 137,216 --a------ C:\WINDOWS\UMCSTUB.EXE
2008-10-21 08:37 . 2008-10-21 08:37 2,112 --a------ C:\WINDOWS\UMCSTUB.DAT
2008-10-21 08:37 . 2008-10-21 08:37 1,825 --a------ C:\AMAgent.rsp
2008-10-21 08:37 . 2008-10-21 08:37 234 --a------ C:\WINDOWS\AM.MIF
2008-10-21 08:36 . 2008-09-10 11:46 <REP> d--h----- C:\Documents and Settings\s-euaunicenter\Voisinage réseau
2008-10-21 08:36 . 2008-09-10 11:46 <REP> d--h----- C:\Documents and Settings\s-euaunicenter\Voisinage d'impression
2008-10-21 08:36 . 2008-09-10 09:49 <REP> d--h----- C:\Documents and Settings\s-euaunicenter\Modèles
2008-10-21 08:36 . 2008-09-10 11:46 <REP> d-------- C:\Documents and Settings\s-euaunicenter\Mes documents
2008-10-21 08:36 . 2008-09-10 11:46 <REP> dr------- C:\Documents and Settings\s-euaunicenter\Menu Démarrer
2008-10-21 08:36 . 2008-09-10 11:46 <REP> d-------- C:\Documents and Settings\s-euaunicenter\Favoris
2008-10-21 08:36 . 2008-09-10 11:46 <REP> d-------- C:\Documents and Settings\s-euaunicenter\Bureau
2008-10-21 08:36 . 2008-10-21 08:39 <REP> d-------- C:\Documents and Settings\s-euaunicenter
2008-10-20 16:27 . 2004-08-03 22:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-10-20 16:27 . 2004-08-03 22:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-10-20 08:37 . 2008-10-20 08:37 <REP> d---s---- C:\Documents and Settings\adurez\UserData
2008-10-17 16:58 . 2008-10-24 17:53 <REP> d-------- C:\Documents and Settings\adurez\Application Data\GrabIt
2008-10-16 16:10 . 2008-10-22 16:47 <REP> d-------- C:\Documents and Settings\adurez\Application Data\OpenOffice.org2
2008-10-16 15:21 . 2008-10-16 15:21 <REP> d-------- C:\Program Files\ALPI
2008-10-16 15:21 . 1999-06-18 21:49 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2008-10-16 15:21 . 2008-05-08 00:29 122,880 --a------ C:\WINDOWS\system32\Crypserv.exe
2008-10-16 15:21 . 1996-05-03 17:21 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2008-10-16 15:21 . 2008-08-22 21:14 21,638 --a------ C:\WINDOWS\system32\Ckldrv.sys
2008-10-16 15:21 . 1996-05-03 15:36 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2008-10-16 15:21 . 1995-07-04 18:33 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2008-10-16 15:21 . 2008-10-16 15:30 2,240 --a------ C:\WINDOWS\system32\esnecil.nlp
2008-10-16 15:21 . 2008-10-17 08:13 2,240 --a------ C:\WINDOWS\system32\esnecil.ind
2008-10-16 15:21 . 2008-10-16 15:21 60 --a------ C:\WINDOWS\Crypkey.ini
2008-10-16 15:21 . 2008-10-16 15:30 4 --a------ C:\WINDOWS\vx86036.dat
2008-10-16 08:55 . 2008-10-16 08:40 <REP> d-a------ C:\WINDOWS\system32\Opale-v2_0_2_1
2008-10-13 15:31 . 2008-10-13 15:32 <REP> d-------- C:\Program Files\FileZilla
2008-10-07 15:27 . 2008-10-07 15:27 710 --a------ C:\WINDOWS\system32\DWRCCMDError.ini
2008-10-07 14:45 . 2008-10-07 14:45 <REP> d-------- C:\Documents and Settings\adurez\Application Data\DameWare Development
2008-10-07 14:43 . 2008-10-07 14:43 <REP> d-------- C:\Program Files\DameWare Development
2008-10-06 13:09 . 2008-10-14 14:46 2,877 --a------ C:\WINDOWS\system32\DWRCS.INI
2008-10-06 13:03 . 2007-06-05 17:25 229,376 --a------ C:\WINDOWS\system32\DWRCSET.dll
2008-10-06 13:03 . 2007-06-05 17:24 221,696 --a------ C:\WINDOWS\system32\DWRCS.EXE
2008-10-06 13:03 . 2007-06-05 17:25 73,216 --a------ C:\WINDOWS\system32\DWRCST.EXE
2008-10-06 13:03 . 2007-06-05 17:24 53,248 --a------ C:\WINDOWS\system32\DWRCK.DLL
2008-10-01 15:52 . 2008-10-01 15:52 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-30 05:41 . 2008-09-30 05:42 <REP> d-------- C:\Program Files\SLD Codec Pack

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 15:55 --------- d-----w C:\Program Files\Opale
2008-10-13 14:31 --------- d-----w C:\Program Files\FileZilla Client
2008-10-13 14:28 --------- d-----w C:\Documents and Settings\adurez\Application Data\FileZilla
2008-09-23 15:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-23 15:12 --------- d-----w C:\Documents and Settings\adurez\Application Data\InterTrust
2008-09-23 14:02 --------- d-----w C:\Documents and Settings\adurez\Application Data\Xerox
2008-09-23 07:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 07:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-22 10:55 --------- d-----w C:\Program Files\Fichiers communs\Mercury Interactive
2008-09-10 12:35 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-10 09:39 --------- d-----w C:\Program Files\ThinkPad
2008-09-10 09:39 --------- d-----w C:\Program Files\Synaptics
2008-09-10 09:38 --------- d-----w C:\Program Files\Sonic
2008-09-10 09:38 --------- d-----w C:\Program Files\Lenovo
2008-09-10 09:37 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-09-10 09:37 --------- d-----w C:\Program Files\InterVideo
2008-09-10 09:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-10 09:37 --------- d-----w C:\Program Files\Fichiers communs\ThinkVantage Fingerprint Software
2008-09-10 09:36 --------- d-----w C:\Program Files\PDFCreator
2008-09-10 09:36 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-09-10 09:33 --------- d-----w C:\Program Files\IBM
2008-09-10 09:32 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-10 09:32 --------- d-----w C:\Program Files\IMR
2008-09-10 09:32 --------- d-----w C:\Program Files\Aventail Connect
2008-09-10 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aventail
2008-09-10 09:31 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-10 09:26 --------- d-----w C:\Program Files\MobileXpress client
2008-09-10 09:25 --------- d-----w C:\Program Files\Option
2008-09-10 09:25 --------- d-----w C:\Program Files\Java
2008-09-10 09:25 --------- d-----w C:\Program Files\BT Common Client
2008-09-10 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\MobileXpress client
2008-09-10 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BT Common Client
2008-09-10 09:24 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-10 09:23 --------- d-----w C:\Program Files\SEAGULL
2008-09-10 09:22 --------- d-----w C:\Program Files\ISS
2008-09-10 09:20 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 09:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-10 09:17 155,995 ----a-w C:\WINDOWS\java\Packages\97RL71ZR.ZIP
2008-09-10 09:13 --------- d-----w C:\Program Files\McAfee
2008-09-10 09:13 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-09-10 09:13 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2008-09-10 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-10 09:11 --------- d-----w C:\Program Files\Fichiers communs\Bentley Shared
2008-09-10 09:11 --------- d-----w C:\Program Files\Bentley
2008-09-10 09:08 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-10 09:08 21,393 ----a-w C:\WINDOWS\AegisP.sys
2008-09-10 09:07 --------- d-----w C:\Program Files\Sierra Wireless
2008-09-10 09:07 --------- d-----w C:\Program Files\Intel
2008-09-10 09:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-09-10 09:06 --------- d-----w C:\Program Files\CONEXANT
2008-09-10 09:06 --------- d-----w C:\Program Files\Analog Devices
2008-09-10 09:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-10 08:50 --------- d-----w C:\Program Files\Services en ligne
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 131072]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2008-04-04 136512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2005-06-08 20530]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2005-06-08 24626]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2005-06-08 45106]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2005-06-08 20480]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-08 40960]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-10 58416]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-06-11 294912]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-06-11 208896]
"Sxplog"="C:\SxpInst\sxpstub.exe" [2005-10-24 20480]
"SDJobCheck"="C:\Program Files\CA\Unicenter Software Delivery\SD\..\BIN\triggusr.exe" [2006-02-23 32768]
"CA-AMAgent"="C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe" [2003-03-07 45056]
"TpShocks"="TpShocks.exe" [2007-03-29 C:\WINDOWS\system32\TpShocks.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"forceclassiccontrolpanel"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 18:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-06-11 4442]
R2 BT Common Client;BT Common Client;C:\Program Files\BT Common Client\btomosrv.exe [2005-07-01 57344]
R2 MSSQL$OPALE;MSSQL$OPALE;C:\PROGRA~1\Opale\MSDE2000_A_FR\MSSQL$OPALE\Binn\sqlservr.exe [2005-05-03 9150464]
R2 NgVpnMgr;Aventail VPN Client;C:\WINDOWS\system32\ngvpnmgr.exe [2005-10-21 307265]
R2 Opale-Tomcat-4.1.31;Opale-Tomcat-4.1.31;c:\PROGRA~1\Opale\WebServer\jakarta-tomcat-4.1.31\bin\tomcat.exe [2004-09-25 65536]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
R2 SQLAgent$OPALE;SQLAgent$OPALE;C:\PROGRA~1\Opale\MSDE2000_A_FR\MSSQL$OPALE\Binn\sqlagent.EXE [2005-05-03 323584]
R3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [2004-11-02 17536]
R3 LenovoRd;LenovoRd;C:\WINDOWS\system32\Drivers\LenovoRd.sys [2007-05-10 81920]
R3 NgLog;Aventail VPN Logging;C:\WINDOWS\system32\DRIVERS\nglog.sys [2005-10-21 18432]
R3 NgVpn;Aventail VPN Adapter;C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2005-10-21 67584]
R3 RCSpyDDML;RCSpyDDML;C:\WINDOWS\system32\DRIVERS\RCSpyMP.sys [2005-08-09 14336]
S3 NgFilter;Aventail VPN Filter;C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2005-10-21 15360]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 36676]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 24344]
S4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 227285]

*Newly Created Service* - AMOAGENT
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 C:\WINDOWS\Tasks\PMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-06-11 08:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{F7876A75-328C-4865-AC77-B00F7B2E27A6} - C:\WINDOWS\system32\tuvUOIyW.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Settings,ProxyServer = 172.16.40.253:8080
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - -
O15 -: Trusted Zone: aramis.bureauveritas.com
O15 -: Trusted Zone: aramis.analytix.bureauveritas.com
O15 -: Trusted Zone: aramis.campagne.bureauveritas.com
O15 -: Trusted Zone: aramis.pricing.bureauveritas.com
O15 -: Trusted Zone: awi-rec.bureauveritas.com
O15 -: Trusted Zone: awi2.bureauveritas.com
O15 -: Trusted Zone: awi2-dev.bureauveritas.com
O15 -: Trusted Zone: awi2-drp.bureauveritas.com
O15 -: Trusted Zone: awi2-ftp.bureauveritas.com
O15 -: Trusted Zone: awi2-rec.bureauveritas.com
O15 -: Trusted Zone: citrixndc.bureauveritas.com
O15 -: Trusted Zone: ftp.bureauveritas.com
O15 -: Trusted Zone: selligent.bureauveritas.com
O15 -: Trusted Zone: selligentxat.bureauveritas.com
O15 -: Trusted Zone: *.s20frndcscspd01
O15 -: Trusted Zone: *.s20frndcscspd02
O15 -: Trusted Zone: *.smsfrndc01awip1
O15 -: Trusted Zone: *.smsfrndc01awip2
O15 -: Trusted Zone: *.vmsfrndc01awidv
O15 -: Trusted Zone: *.vmsfrndc01awirc

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: SGO - Impression locale - hxxp://sgo-recette2.fr.bureauveritas.com/printapplet.cab
C:\WINDOWS\Downloaded Program Files\SGO - Impression locale.osd

O16 -: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://qualitycenter.bureauveritas.com/qcbin/Spider80.ocx
C:\WINDOWS\Downloaded Program Files\Spider80.ocx

O16 -: {DB4D6F3B-00EC-4F3F-93CA-24984DA67E36} - hxxp://localhost:18080/Opale/activex/OpaleAX.cab
C:\WINDOWS\Downloaded Program Files\OpaleAX.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 10:21:03
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMPrimer]
"ImagePath"="\"C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe\" -DMPRIMER_SERVICE_:"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\notes\bin\ntmulti.exe
C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDServ.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.exe
C:\Program Files\Opale\MSDE2000_A_FR\MSSQL$OPALE\Binn\sqlagent.EXE
C:\WINDOWS\system32\DWRCST.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\SxpInst\sxplog32.exe
C:\WINDOWS\UMCSTUB.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 10:24:12 - La machine a redémarré [ADUREZ]
ComboFix-quarantined-files.txt 2008-10-29 09:24:06

Avant-CF: 20,071,137,280 octets libres
Après-CF: 20,031,070,208 octets libres

330