Virus
rochqui
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Malwarebytes trouve toujours les deux mêmes infections dont Vundo, je les supprimes et 10 minutes aprèes ils sont toujours là.
Que faire
Malwarebytes trouve toujours les deux mêmes infections dont Vundo, je les supprimes et 10 minutes aprèes ils sont toujours là.
Que faire
Configuration: Windows XP Internet Explorer 7.0
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Comment détruire un virus informatique - Guide
- Undisclosed-recipients virus - Guide
- Powershell.exe virus - Guide
- Virus artemis - Forum Virus
4 réponses
Ok.
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
Voila!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:41, on 2008-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Xtreme Desktop\xdc\xdc.exe
C:\Documents and Settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/accueil.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {4989c0f3-3f8d-0719-8ff4-ada7d9cd0e0f} - {f0e0dc9d-7ada-4ff8-9170-d8f33f0c9894} - C:\WINDOWS\system32\qwwkjj.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [XDc] C:\Program Files\Xtreme Desktop\xdc\startxdc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; InfoPath.1; MSN Optimized;CA)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca/mapguide/viewers/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: hfyjeq.dll demcfq.dll qwwkjj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:41, on 2008-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Xtreme Desktop\xdc\xdc.exe
C:\Documents and Settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/accueil.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {4989c0f3-3f8d-0719-8ff4-ada7d9cd0e0f} - {f0e0dc9d-7ada-4ff8-9170-d8f33f0c9894} - C:\WINDOWS\system32\qwwkjj.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [XDc] C:\Program Files\Xtreme Desktop\xdc\startxdc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; InfoPath.1; MSN Optimized;CA)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.gov.pe.ca/mapguide/viewers/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: hfyjeq.dll demcfq.dll qwwkjj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Voila, et maintenant?
ComboFix 08-11-04.02 - default 2008-11-04 20:57:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.203 [GMT -5:00]
Lancé depuis: c:\documents and settings\default\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\default\Application Data\inst.exe
c:\documents and settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\temp\vtmp2
c:\windows\search_res.txt
c:\windows\system32\agxvmwbc.ini
c:\windows\system32\bund1
c:\windows\system32\bund1\temp.txt
c:\windows\system32\cllcdgir.ini
c:\windows\system32\cwdwnjty.ini
c:\windows\system32\dcypbbwb.dll
c:\windows\system32\elqckhbf.dll
c:\windows\system32\EV02
c:\windows\system32\fblpcuua.dll
c:\windows\system32\fxrmbw.dll
c:\windows\system32\IhQtCfhk.ini
c:\windows\system32\iwuxdjis.dll
c:\windows\system32\lbscswlv.ini
c:\windows\system32\MSINET.oca
c:\windows\system32\nnffjppt.ini
c:\windows\system32\obqwebvj.ini
c:\windows\system32\oklwscsx.dll
c:\windows\system32\pnhvlskf.dll
c:\windows\system32\pzgoyk.dll
c:\windows\system32\qwwkjj.dll
c:\windows\system32\shuqcjae.dll
c:\windows\system32\sietrcxb.ini
c:\windows\system32\sxenwkua.ini
c:\windows\system32\ueyolbix.ini
c:\windows\system32\uhamxtrb.ini
c:\windows\system32\utEOnnnn.ini
c:\windows\system32\xhqjbmsm.dll
c:\windows\system32\yqptkk.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-05 au 2008-11-05 ))))))))))))))))))))))))))))))))))))
.
2008-11-03 21:10 . 2008-11-03 21:10 <REP> d-------- c:\program files\CCleaner
2008-11-02 09:23 . 2008-11-02 09:23 45,768 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-11-01 12:17 . 2008-11-01 12:17 <REP> d-------- c:\windows\BDOSCAN8
2008-10-29 20:10 . 2008-10-30 18:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 19:25 . 2008-10-28 19:25 <REP> d-------- c:\temp\xp34
2008-10-28 19:24 . 2008-10-28 19:24 21,504 --a------ c:\windows\system32\drivers\sdtr.sys
2008-10-26 14:03 . 2008-10-26 14:03 <REP> d-------- c:\program files\MSXML 6.0
2008-10-24 20:55 . 2008-10-24 20:55 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-24 20:20 . 2008-11-01 10:09 <REP> d-------- C:\[u]0[/u]81024Mesdocuments02
2008-10-24 20:19 . 2008-10-24 20:19 <REP> d-------- c:\program files\Mediafour
2008-10-24 20:19 . 2008-10-24 20:19 <REP> d-------- c:\documents and settings\default\Application Data\LaCie
2008-10-23 18:13 . 2008-11-02 15:33 <REP> d-------- c:\program files\NOS
2008-10-23 18:13 . 2008-11-02 15:33 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-10-17 18:26 . 2008-10-24 20:49 62 --a------ c:\windows\MotionDirector.INI
2008-10-17 17:31 . 2008-10-17 17:36 <REP> d-------- c:\program files\AviSynth 2.5
2008-10-07 18:01 . 2008-10-07 18:40 639 -rah----- c:\windows\EPMBatch.ept
2008-10-07 17:59 . 2008-10-07 17:59 11 --a------ c:\windows\epmbcd
2008-10-07 17:31 . 2008-10-07 17:59 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-10-07 16:23 . 2008-10-07 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Vso
2008-10-06 20:50 . 2008-06-14 12:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-10-06 20:50 . 2008-06-14 12:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-06 20:22 . 2008-10-06 20:22 <REP> d-------- c:\documents and settings\default\Application Data\Malwarebytes
2008-10-06 20:21 . 2008-10-29 20:28 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-06 20:21 . 2008-10-06 20:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-06 20:21 . 2008-10-22 15:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-06 20:21 . 2008-10-22 15:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-06 19:42 . 2008-11-04 21:02 <REP> d-------- c:\windows\system32\NtmsData
2008-10-06 19:07 . 2008-10-06 19:07 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:43 . 2008-10-05 13:43 <REP> d-------- c:\program files\Astonsoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 01:36 --------- d-----w c:\documents and settings\default\Application Data\LimeWire
2008-11-05 00:28 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 01:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-02 14:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 17:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-30 23:35 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-30 23:35 --------- d-----w c:\program files\MSN Messenger
2008-10-25 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-23 23:20 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-22 21:49 --------- d-----w c:\program files\Norton 360
2008-10-18 21:49 47,360 ----a-w c:\documents and settings\default\Application Data\pcouffin.sys
2008-10-18 21:49 --------- d-----w c:\documents and settings\default\Application Data\Vso
2008-10-07 01:45 --------- d-----w c:\program files\Microsoft Works
2008-10-05 18:52 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-02 03:04 357,768 ----a-w c:\documents and settings\default\SymXPep2.dll
2008-09-29 00:28 --------- d-----w c:\program files\Lavasoft
2008-09-29 00:28 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-09-29 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-28 00:32 --------- d-----w c:\program files\Google
2008-09-27 21:55 --------- d-----w c:\program files\QuickTime
2008-09-27 21:52 --------- d-----w c:\program files\Windows Media Bonus Pack for Windows XP
2008-09-27 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-19 00:31 355 ----a-w C:\736.bat
2008-09-14 00:45 --------- d-----w c:\documents and settings\default\Application Data\Talkback
2008-09-14 00:43 --------- d-----w c:\program files\Real
2008-09-14 00:43 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-14 00:43 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-13 22:21 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-13 22:04 --------- d-----w c:\program files\Fichiers communs\Ulead Systems
2008-09-13 22:04 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-09-13 22:03 --------- d-----w c:\documents and settings\default\Application Data\Ulead Systems
2008-09-05 23:04 --------- d-----w c:\program files\DivX
2007-10-08 22:44 12,856 ----a-w c:\documents and settings\default\Application Data\wklnhst.dat
2007-10-01 20:22 87,608 ----a-w c:\documents and settings\default\Application Data\ezpinst.exe
2005-10-28 22:43 21 -c--a-w c:\program files\Fichiers communs\appop.log
2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2006-06-12 23:47 952 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 68856]
"Google Update"="c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"XDc"="c:\program files\Xtreme Desktop\xdc\startxdc.exe" [2006-10-02 1383478]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-13 185896]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hfyjeq.dll demcfq.dll qwwkjj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SATARAID5.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SATARAID5.lnk
backup=c:\windows\pss\SATARAID5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a--c--- 2005-04-29 18:50 278528 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-03-28 11018]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-03-04 8704]
S1 sdtr;sdtr;c:\windows\system32\drivers\sdtr.sys [2008-10-28 21504]
S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2005-06-14 20480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b752d7-6676-11da-9fbc-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051d9a4a-a231-11dd-b1d7-0015f2540b86}]
\Shell\Shell00\Command - H:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f4d402-2613-11da-ab18-806d6172696f}]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353153f4-4805-11da-b7c5-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7dd04c4-25e1-11da-820b-806d6172696f}]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb59832e-85b8-11da-82fe-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea641702-261c-11da-b5c6-806d6172696f}]
\Shell\AutoRun\command - F:\autorun.exe
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Tâches planifiées'
2008-11-04 c:\windows\Tasks\Ad-Aware.job
- c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2008-10-29 20:18]
2008-11-05 c:\windows\Tasks\AE4375D590A0E9C5.job
- c:\docume~1\default\applic~1\stylec~1\surf lite bin.exe []
2008-11-05 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 18:41]
2008-11-05 c:\windows\Tasks\User_Feed_Synchronization-{79778744-22AA-49B6-9080-C0430348869A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{f0e0dc9d-7ada-4ff8-9170-d8f33f0c9894} - c:\windows\system32\qwwkjj.dll
HKCU-Run-Warez - c:\program files\Warez\Warez.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Media Center PC 3.0; .NET CLR 1.0.3705; .NET
HKLM-Run-EPSON Stylus CX4600 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\default\Application Data\Mozilla\Firefox\Profiles\rbadc1o5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 21:04:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\netdde.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\clipsrv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\imapi.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\tlntsvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Xtreme Desktop\xdc\xdc.exe
.
**************************************************************************
.
Heure de fin: 2008-11-04 21:13:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-05 02:13:30
Avant-CF: 87 567 597 568 octets libres
Après-CF: 87,557,439,488 octets libres
262 --- E O F --- 2008-10-24 00:32:17
ComboFix 08-11-04.02 - default 2008-11-04 20:57:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.203 [GMT -5:00]
Lancé depuis: c:\documents and settings\default\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\default\Application Data\inst.exe
c:\documents and settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\temp\vtmp2
c:\windows\search_res.txt
c:\windows\system32\agxvmwbc.ini
c:\windows\system32\bund1
c:\windows\system32\bund1\temp.txt
c:\windows\system32\cllcdgir.ini
c:\windows\system32\cwdwnjty.ini
c:\windows\system32\dcypbbwb.dll
c:\windows\system32\elqckhbf.dll
c:\windows\system32\EV02
c:\windows\system32\fblpcuua.dll
c:\windows\system32\fxrmbw.dll
c:\windows\system32\IhQtCfhk.ini
c:\windows\system32\iwuxdjis.dll
c:\windows\system32\lbscswlv.ini
c:\windows\system32\MSINET.oca
c:\windows\system32\nnffjppt.ini
c:\windows\system32\obqwebvj.ini
c:\windows\system32\oklwscsx.dll
c:\windows\system32\pnhvlskf.dll
c:\windows\system32\pzgoyk.dll
c:\windows\system32\qwwkjj.dll
c:\windows\system32\shuqcjae.dll
c:\windows\system32\sietrcxb.ini
c:\windows\system32\sxenwkua.ini
c:\windows\system32\ueyolbix.ini
c:\windows\system32\uhamxtrb.ini
c:\windows\system32\utEOnnnn.ini
c:\windows\system32\xhqjbmsm.dll
c:\windows\system32\yqptkk.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-05 au 2008-11-05 ))))))))))))))))))))))))))))))))))))
.
2008-11-03 21:10 . 2008-11-03 21:10 <REP> d-------- c:\program files\CCleaner
2008-11-02 09:23 . 2008-11-02 09:23 45,768 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-11-01 12:17 . 2008-11-01 12:17 <REP> d-------- c:\windows\BDOSCAN8
2008-10-29 20:10 . 2008-10-30 18:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 19:25 . 2008-10-28 19:25 <REP> d-------- c:\temp\xp34
2008-10-28 19:24 . 2008-10-28 19:24 21,504 --a------ c:\windows\system32\drivers\sdtr.sys
2008-10-26 14:03 . 2008-10-26 14:03 <REP> d-------- c:\program files\MSXML 6.0
2008-10-24 20:55 . 2008-10-24 20:55 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-10-24 20:20 . 2008-11-01 10:09 <REP> d-------- C:\[u]0[/u]81024Mesdocuments02
2008-10-24 20:19 . 2008-10-24 20:19 <REP> d-------- c:\program files\Mediafour
2008-10-24 20:19 . 2008-10-24 20:19 <REP> d-------- c:\documents and settings\default\Application Data\LaCie
2008-10-23 18:13 . 2008-11-02 15:33 <REP> d-------- c:\program files\NOS
2008-10-23 18:13 . 2008-11-02 15:33 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-10-17 18:26 . 2008-10-24 20:49 62 --a------ c:\windows\MotionDirector.INI
2008-10-17 17:31 . 2008-10-17 17:36 <REP> d-------- c:\program files\AviSynth 2.5
2008-10-07 18:01 . 2008-10-07 18:40 639 -rah----- c:\windows\EPMBatch.ept
2008-10-07 17:59 . 2008-10-07 17:59 11 --a------ c:\windows\epmbcd
2008-10-07 17:31 . 2008-10-07 17:59 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-10-07 16:23 . 2008-10-07 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Vso
2008-10-06 20:50 . 2008-06-14 12:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-10-06 20:50 . 2008-06-14 12:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-06 20:22 . 2008-10-06 20:22 <REP> d-------- c:\documents and settings\default\Application Data\Malwarebytes
2008-10-06 20:21 . 2008-10-29 20:28 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-06 20:21 . 2008-10-06 20:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-06 20:21 . 2008-10-22 15:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-06 20:21 . 2008-10-22 15:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-06 19:42 . 2008-11-04 21:02 <REP> d-------- c:\windows\system32\NtmsData
2008-10-06 19:07 . 2008-10-06 19:07 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:43 . 2008-10-05 13:43 <REP> d-------- c:\program files\Astonsoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 01:36 --------- d-----w c:\documents and settings\default\Application Data\LimeWire
2008-11-05 00:28 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 01:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-02 14:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 17:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-30 23:35 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-30 23:35 --------- d-----w c:\program files\MSN Messenger
2008-10-25 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-23 23:20 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-22 21:49 --------- d-----w c:\program files\Norton 360
2008-10-18 21:49 47,360 ----a-w c:\documents and settings\default\Application Data\pcouffin.sys
2008-10-18 21:49 --------- d-----w c:\documents and settings\default\Application Data\Vso
2008-10-07 01:45 --------- d-----w c:\program files\Microsoft Works
2008-10-05 18:52 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-02 03:04 357,768 ----a-w c:\documents and settings\default\SymXPep2.dll
2008-09-29 00:28 --------- d-----w c:\program files\Lavasoft
2008-09-29 00:28 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-09-29 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-28 00:32 --------- d-----w c:\program files\Google
2008-09-27 21:55 --------- d-----w c:\program files\QuickTime
2008-09-27 21:52 --------- d-----w c:\program files\Windows Media Bonus Pack for Windows XP
2008-09-27 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-19 00:31 355 ----a-w C:\736.bat
2008-09-14 00:45 --------- d-----w c:\documents and settings\default\Application Data\Talkback
2008-09-14 00:43 --------- d-----w c:\program files\Real
2008-09-14 00:43 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-14 00:43 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-13 22:21 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-13 22:04 --------- d-----w c:\program files\Fichiers communs\Ulead Systems
2008-09-13 22:04 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-09-13 22:03 --------- d-----w c:\documents and settings\default\Application Data\Ulead Systems
2008-09-05 23:04 --------- d-----w c:\program files\DivX
2007-10-08 22:44 12,856 ----a-w c:\documents and settings\default\Application Data\wklnhst.dat
2007-10-01 20:22 87,608 ----a-w c:\documents and settings\default\Application Data\ezpinst.exe
2005-10-28 22:43 21 -c--a-w c:\program files\Fichiers communs\appop.log
2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2006-06-12 23:47 952 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 68856]
"Google Update"="c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"XDc"="c:\program files\Xtreme Desktop\xdc\startxdc.exe" [2006-10-02 1383478]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-13 185896]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hfyjeq.dll demcfq.dll qwwkjj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SATARAID5.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SATARAID5.lnk
backup=c:\windows\pss\SATARAID5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a--c--- 2005-04-29 18:50 278528 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-03-28 11018]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-03-04 8704]
S1 sdtr;sdtr;c:\windows\system32\drivers\sdtr.sys [2008-10-28 21504]
S3 NAL;Nal Service ;c:\windows\system32\Drivers\iqvw32.sys [2005-06-14 20480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b752d7-6676-11da-9fbc-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051d9a4a-a231-11dd-b1d7-0015f2540b86}]
\Shell\Shell00\Command - H:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f4d402-2613-11da-ab18-806d6172696f}]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{353153f4-4805-11da-b7c5-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7dd04c4-25e1-11da-820b-806d6172696f}]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb59832e-85b8-11da-82fe-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea641702-261c-11da-b5c6-806d6172696f}]
\Shell\AutoRun\command - F:\autorun.exe
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Tâches planifiées'
2008-11-04 c:\windows\Tasks\Ad-Aware.job
- c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2008-10-29 20:18]
2008-11-05 c:\windows\Tasks\AE4375D590A0E9C5.job
- c:\docume~1\default\applic~1\stylec~1\surf lite bin.exe []
2008-11-05 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 18:41]
2008-11-05 c:\windows\Tasks\User_Feed_Synchronization-{79778744-22AA-49B6-9080-C0430348869A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{f0e0dc9d-7ada-4ff8-9170-d8f33f0c9894} - c:\windows\system32\qwwkjj.dll
HKCU-Run-Warez - c:\program files\Warez\Warez.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Media Center PC 3.0; .NET CLR 1.0.3705; .NET
HKLM-Run-EPSON Stylus CX4600 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\default\Application Data\Mozilla\Firefox\Profiles\rbadc1o5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 21:04:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\netdde.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\clipsrv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\imapi.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\tlntsvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Xtreme Desktop\xdc\xdc.exe
.
**************************************************************************
.
Heure de fin: 2008-11-04 21:13:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-05 02:13:30
Avant-CF: 87 567 597 568 octets libres
Après-CF: 87,557,439,488 octets libres
262 --- E O F --- 2008-10-24 00:32:17
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
Je suis néophyte dans ce domaine.
Merci d'y aller doucement!
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1337
Windows 5.1.2600 Service Pack 2
2008-11-04 18:54:31
mbam-log-2008-11-04 (18-54-31).txt
Type de recherche: Examen rapide
Eléments examinés: 57012
Temps écoulé: 7 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)