Besoin d'aide pour hijack
tibo
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai vraiment besoin d'aide svp !!!!!
si quelq'un pourrait m'aider sa seré super !! je vous remerci d'avance
voici le rapport de hijackthis :
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\lxbucoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [S60TrayApplication] C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbucoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
J'ai vraiment besoin d'aide svp !!!!!
si quelq'un pourrait m'aider sa seré super !! je vous remerci d'avance
voici le rapport de hijackthis :
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\lxbucoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [S60TrayApplication] C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbucoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
A voir également:
- Besoin d'aide pour hijack
- Hijack this - Télécharger - Antivirus & Antimalwares
- Audio hijack pro - Télécharger - Création musicale
- Analyse de rapport hijack this - Forum Virus
- Igfxtray et igfxpers : résultats hijack ✓ - Forum Virus
- Ordinateur lent analyser rapport hijack svp - Forum Virus
90 réponses
Bon,
-Fait un scan en ligne avec Internet Explorer oblige, lien du scan et du tuto--> https://forum.pcastuces.com/default.asp
-Poste le rapport.
-Fait un scan en ligne avec Internet Explorer oblige, lien du scan et du tuto--> https://forum.pcastuces.com/default.asp
-Poste le rapport.
impossible de faire le scan, lors du téléchargement de l'activex, à la fin sa m'affiche que certains composants sont endomagé ou pas correctement instalé et de renouveler l'instalation. sauf sa fait 3 fois que j'essaye alors que j'ai suivi tout depuis le début (parametre a changer de sécurité
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le combofix
"Thibault" - 2008-10-30 11:21:36 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Thibault\Bureau\"
((((((((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 ))))))))))))))))))))))))))))))))))
2008-10-30 11:12 <REP> d-------- C:\Program Files\Eltima Software
2008-10-30 11:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-10-30 10:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-30 10:49 <REP> d-------- C:\WINDOWS\LastGood
2008-10-29 23:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2008-10-29 22:20 3,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-29 22:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-29 22:19 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-29 22:19 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-29 22:19 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-29 22:19 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-29 22:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-29 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-29 22:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-29 22:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-29 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-29 22:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-29 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2008-10-29 20:56 <REP> d-------- C:\Program Files\Trend Micro
2008-10-29 20:55 <REP> d-------- C:\Program Files\Yahoo!
2008-10-29 19:32 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 19:32 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 19:32 <REP> d-------- C:\DOCUME~1\Thibault\APPLIC~1\Malwarebytes
2008-10-29 19:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-28 15:38 60,578 --a------ C:\WINDOWS\system32\wini10801.exe
2008-09-07 14:00 <REP> d-------- C:\DOCUME~1\Mathieu\APPLIC~1\Samsung
2008-09-07 13:50 <REP> d-------- C:\DOCUME~1\Mathieu\APPLIC~1\Multimedia Player
2008-09-07 13:49 <REP> d-------- C:\DOCUME~1\Mathieu\APPLIC~1\Datalayer
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-10-30 08:54:16 -------- d-----w C:\Program Files\Steam
2008-10-26 08:08:33 465,860 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-10-26 08:08:32 74,264 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-10-18 11:43:45 -------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-18 09:39:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 12:27:55 -------- d-----w C:\Program Files\Firefly Studios
2008-10-08 05:17:05 -------- d-----w C:\Program Files\Lx_cats
2008-10-03 15:53:27 -------- d-----w C:\Program Files\eMule
2008-09-15 15:39:16 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04:17 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" []
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"adiras"="adiras.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 15:36]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 13:29]
"@"="" []
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 18:24]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 00:11]
"S60TrayApplication"="C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.exe" [2007-03-14 15:47]
"DataLayer"="C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE" [2007-02-22 15:04]
"SoundMan"="SOUNDMAN.EXE" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Steam"="c:\program files\steam\steam.exe" [2008-10-10 19:31]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 11:29:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
********************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpaxt.sys"
Completion time: 2008-10-30 11:32:34
C:\ComboFix2.txt ... 2008-10-29 23:27
--- E O F ---
"Thibault" - 2008-10-30 11:21:36 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Thibault\Bureau\"
((((((((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 ))))))))))))))))))))))))))))))))))
2008-10-30 11:12 <REP> d-------- C:\Program Files\Eltima Software
2008-10-30 11:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-10-30 10:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-30 10:49 <REP> d-------- C:\WINDOWS\LastGood
2008-10-29 23:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2008-10-29 22:20 3,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-29 22:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-29 22:19 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-29 22:19 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-29 22:19 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-29 22:19 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-29 22:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-29 22:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-29 22:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-29 22:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-29 22:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-29 22:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-29 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2008-10-29 20:56 <REP> d-------- C:\Program Files\Trend Micro
2008-10-29 20:55 <REP> d-------- C:\Program Files\Yahoo!
2008-10-29 19:32 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 19:32 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 19:32 <REP> d-------- C:\DOCUME~1\Thibault\APPLIC~1\Malwarebytes
2008-10-29 19:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-28 15:38 60,578 --a------ C:\WINDOWS\system32\wini10801.exe
2008-09-07 14:00 <REP> d-------- C:\DOCUME~1\Mathieu\APPLIC~1\Samsung
2008-09-07 13:50 <REP> d-------- C:\DOCUME~1\Mathieu\APPLIC~1\Multimedia Player
2008-09-07 13:49 <REP> d-------- C:\DOCUME~1\Mathieu\APPLIC~1\Datalayer
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-10-30 08:54:16 -------- d-----w C:\Program Files\Steam
2008-10-26 08:08:33 465,860 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-10-26 08:08:32 74,264 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-10-18 11:43:45 -------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-18 09:39:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 12:27:55 -------- d-----w C:\Program Files\Firefly Studios
2008-10-08 05:17:05 -------- d-----w C:\Program Files\Lx_cats
2008-10-03 15:53:27 -------- d-----w C:\Program Files\eMule
2008-09-15 15:39:16 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04:17 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" []
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"adiras"="adiras.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 15:36]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 13:29]
"@"="" []
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 18:24]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 00:11]
"S60TrayApplication"="C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.exe" [2007-03-14 15:47]
"DataLayer"="C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE" [2007-02-22 15:04]
"SoundMan"="SOUNDMAN.EXE" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Steam"="c:\program files\steam\steam.exe" [2008-10-10 19:31]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 11:29:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
********************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpaxt.sys"
Completion time: 2008-10-30 11:32:34
C:\ComboFix2.txt ... 2008-10-29 23:27
--- E O F ---
-Demarrer-->executer-->regedit-->cherche cette clé--> HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv.sys
-Dis moi si tu l'a trouve.
-Dis moi si tu l'a trouve.
Ouvre le poste de travail:
-Option affichage ->affiche les dossiers cachés--> demasque les fichiers proteges du systeme.
-Cherche ceci C:\WINDOWS\system32\drivers\tdssserv.sys
-Option affichage ->affiche les dossiers cachés--> demasque les fichiers proteges du systeme.
-Cherche ceci C:\WINDOWS\system32\drivers\tdssserv.sys
Options affichage ds le poste de travail et coche ds la petite fenetre devant afficher les fichiers et dossiers cachés.
j'ai pas option dans le poste de travail
j'ai juste affichage mais il y a rien sur les fichiers caché
j'ai juste affichage mais il y a rien sur les fichiers caché
c'est j'ai réussi a afficher les dossier cacher. et je n'est pas trouver tdssserv.sys à l'emplacement ou tu ma dit de chercher
(merci a benurrr pour sa participation)
1) Télécharge SDFix d' AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.
Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.
2) Redémarre en mode sans échec
3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
1) Télécharge SDFix d' AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.
Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.
2) Redémarre en mode sans échec
3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
lol
voila le rapport
[b]SDFix: Version 1.238 [/b]
Run by Thibault on 2008-10-30 at 13:40
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted
C:\WINDOWS\system32\eraseme_04872.exe - Deleted
C:\WINDOWS\system32\wini10801.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 13:57:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Thibault\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 31 Jul 2002 104 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Thu 3 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 24 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL0004.tmp"
Sun 4 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL0959.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL1486.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL3077.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL3624.tmp"
Tue 23 May 2006 24,032,768 ...H. --- "C:\Documents and Settings\Mathieu\Application Data\Microsoft\Word\~WRL0783.tmp"
Tue 23 May 2006 21,980,160 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sauvegarde Mini DD\06-07-2006\Stage EDACERE\~WRL3403.tmp"
Tue 16 May 2006 20,026,880 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sauvegarde Mini DD\06-07-2006\Stage EDACERE\SIE Fayet\~WRL3033.tmp"
Thu 18 May 2006 20,052,992 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sauvegarde Mini DD\06-07-2006\Stage EDACERE\SIE Fayet\~WRL3240.tmp"
Sun 29 Jan 2006 10,896,896 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Universit‚\IUP 3\Etude d'impact\Rapport\~WRL2254.tmp"
Tue 24 Jan 2006 12,265,984 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Universit‚\IUP 3\Etude d'impact\Rapport\~WRL2634.tmp"
[b]Finished![/b]
voila le rapport
[b]SDFix: Version 1.238 [/b]
Run by Thibault on 2008-10-30 at 13:40
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted
C:\WINDOWS\system32\eraseme_04872.exe - Deleted
C:\WINDOWS\system32\wini10801.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 13:57:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Thibault\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 31 Jul 2002 104 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Thu 3 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 24 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL0004.tmp"
Sun 4 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL0959.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL1486.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL3077.tmp"
Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sandrine\~WRL3624.tmp"
Tue 23 May 2006 24,032,768 ...H. --- "C:\Documents and Settings\Mathieu\Application Data\Microsoft\Word\~WRL0783.tmp"
Tue 23 May 2006 21,980,160 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sauvegarde Mini DD\06-07-2006\Stage EDACERE\~WRL3403.tmp"
Tue 16 May 2006 20,026,880 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sauvegarde Mini DD\06-07-2006\Stage EDACERE\SIE Fayet\~WRL3033.tmp"
Thu 18 May 2006 20,052,992 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Sauvegarde Mini DD\06-07-2006\Stage EDACERE\SIE Fayet\~WRL3240.tmp"
Sun 29 Jan 2006 10,896,896 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Universit‚\IUP 3\Etude d'impact\Rapport\~WRL2254.tmp"
Tue 24 Jan 2006 12,265,984 A..H. --- "C:\Documents and Settings\Mathieu\Mes documents\Universit‚\IUP 3\Etude d'impact\Rapport\~WRL2634.tmp"
[b]Finished![/b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11, on 2008-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\lxbucoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [S60TrayApplication] C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbucoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
Scan saved at 18:11, on 2008-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\lxbucoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [S60TrayApplication] C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_1\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbucoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
