Virus Antivirus 2009
Résolu
Safius
-
Safius Messages postés 188 Statut Membre -
Safius Messages postés 188 Statut Membre -
Bonjour,
En tappant sur Google "Virus antivirus 2009", j'ai vu plusieurs liens vers ce site où des personnes ont eu exactement le même problème que moi. En voulant répondre à un de ces topics il m'a été conseillé de créer mon propre sujet sur la question. C'est donc ce que je fais ...
Depuis quelques jours, j'ai en permanance des fenêtres me poussant à installer "antivirus2009" et un nombre impressionnant de pub. Déjà auparavant j'avais quelques pub CiD mais là c'est puissance 1000 ! Je suppose que c'est lié au virus antivirus 2009. J'ai fais un scanner avec avast qui m'a trouvé des virus mais n'a pas supprimé celui là.
Sur un autre forum, j'ai vu qu'on pouvait faire une sorte de rapport et qu'on pouvait m'aider sur ce site. J'espère vraiment que vous trouverez la solution.
Merci d'avance.
Voici le rapport avec HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:04, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\ieexplorer32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\HAD\PTW.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Em\Bureau\Coucou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D9EEC67F-E979-4394-AF25-98DBC5EA7BBB} - C:\WINDOWS\system32\nnnkKEXR.dll
O2 - BHO: {a7fde89a-0048-6dd8-1554-87246f95121e} - {e12159f6-4278-4551-8dd6-8400a98edf7a} - C:\WINDOWS\system32\gtguzx.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [c4e3fe58] rundll32.exe "C:\WINDOWS\system32\cvnvsmfc.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [E06FDXRC_208828] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [27394083751167013977194930702190] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Prayer.lnk = C:\HAD\PTW.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: gtguzx.dll
O20 - Winlogon Notify: nnnkKEXR - C:\WINDOWS\SYSTEM32\nnnkKEXR.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
En tappant sur Google "Virus antivirus 2009", j'ai vu plusieurs liens vers ce site où des personnes ont eu exactement le même problème que moi. En voulant répondre à un de ces topics il m'a été conseillé de créer mon propre sujet sur la question. C'est donc ce que je fais ...
Depuis quelques jours, j'ai en permanance des fenêtres me poussant à installer "antivirus2009" et un nombre impressionnant de pub. Déjà auparavant j'avais quelques pub CiD mais là c'est puissance 1000 ! Je suppose que c'est lié au virus antivirus 2009. J'ai fais un scanner avec avast qui m'a trouvé des virus mais n'a pas supprimé celui là.
Sur un autre forum, j'ai vu qu'on pouvait faire une sorte de rapport et qu'on pouvait m'aider sur ce site. J'espère vraiment que vous trouverez la solution.
Merci d'avance.
Voici le rapport avec HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:04, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\ieexplorer32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\HAD\PTW.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Em\Bureau\Coucou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D9EEC67F-E979-4394-AF25-98DBC5EA7BBB} - C:\WINDOWS\system32\nnnkKEXR.dll
O2 - BHO: {a7fde89a-0048-6dd8-1554-87246f95121e} - {e12159f6-4278-4551-8dd6-8400a98edf7a} - C:\WINDOWS\system32\gtguzx.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [c4e3fe58] rundll32.exe "C:\WINDOWS\system32\cvnvsmfc.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [E06FDXRC_208828] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [27394083751167013977194930702190] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Prayer.lnk = C:\HAD\PTW.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: gtguzx.dll
O20 - Winlogon Notify: nnnkKEXR - C:\WINDOWS\SYSTEM32\nnnkKEXR.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:
- Virus Antivirus 2009
- Comodo antivirus - Télécharger - Sécurité
- Virus mcafee - Accueil - Piratage
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Bitdefender antivirus free - Télécharger - Antivirus & Antimalwares
179 réponses
Y a toujouuurs un truc qui doit déconner -_-
Quand je double clique sur combofix, ça ne réagit pas. ça me met la fenêtre noire de C:\ mais elle disparait au bout d'une seconde même pas ...
Quand je double clique sur combofix, ça ne réagit pas. ça me met la fenêtre noire de C:\ mais elle disparait au bout d'une seconde même pas ...
Cliques droit sur l'icone de Combofix -> choisis "renommer" et là tu mets exactement ceci :
ComboFix.exe et valides ...
ensuite re-essaye de le lancer pour voir .... Si cela ne marche pas , dis le moi ....
ComboFix.exe et valides ...
ensuite re-essaye de le lancer pour voir .... Si cela ne marche pas , dis le moi ....
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bien ... télécharges Safius.exe ici :
https://www.sendspace.com/file/yf6xle ( en bas de la page )
( ce n'est autre que combofix renommé )
tu l'enregistres sur ton bureau et reprends la manipe Combofix comme je te lai indiqué ...
j'attends donc le rapport obtenu ... ;)
https://www.sendspace.com/file/yf6xle ( en bas de la page )
( ce n'est autre que combofix renommé )
tu l'enregistres sur ton bureau et reprends la manipe Combofix comme je te lai indiqué ...
j'attends donc le rapport obtenu ... ;)
Hallelujaaah ! xD
Voilà le rapport ! :
ComboFix 08-11-12.02 - Em 2008-11-15 0:25:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.494 [GMT 1:00]
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\windows\system32\Cache
c:\windows\system32\cokpuppm.dll
c:\windows\system32\drivers\TDSSofxh.sys
c:\windows\system32\Drivers\TDSSpaxt.sys
c:\windows\system32\efcCtUOF.dll
c:\windows\system32\efdolwfq.ini
c:\windows\system32\ieupdates.exe
c:\windows\system32\iuwebdom.ini
c:\windows\system32\jecwubjg.ini
c:\windows\system32\mlJYpQiG.dll
c:\windows\system32\nnnmmjJY.dll
c:\windows\system32\nqsfqqed.ini
c:\windows\system32\qoMdcAPh.dll
c:\windows\system32\TDSSbivk.log
c:\windows\system32\TDSSbubx.log
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSkpjp.log
c:\windows\system32\TDSSnmxh.dll
c:\windows\system32\TDSSnrsr.dat
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoexh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSrhym.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\TDSSvvbi.dll
c:\windows\system32\urqRHxVM.dll
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\wvUoMdCr.dll
c:\windows\system32\yjyiteuw.ini
c:\windows\system32\ytebjfnp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.
2008-11-14 22:20 . 2008-11-14 22:20 <REP> d-------- C:\!KillBox
2008-11-14 19:38 . 2008-11-14 19:38 <REP> d-------- c:\program files\Trend Micro
2008-11-14 19:28 . 2008-11-14 19:28 <REP> d-------- c:\program files\CCleaner
2008-11-13 21:43 . 2008-11-13 21:43 4,923 --a------ C:\GenProc.html
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\Em\Application Data\Malwarebytes
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 16:45 . 2008-11-11 17:08 343 --ahs---- c:\windows\system32\ISAdcMoq.ini
2008-11-09 16:23 . 2008-11-09 16:23 <REP> d-------- c:\program files\IBEAD
2008-11-09 16:16 . 2008-11-09 16:16 <REP> d-------- c:\windows\STK016
2008-11-09 16:16 . 2008-11-11 14:28 <REP> d-------- c:\program files\STK016_V2.01
2008-11-09 16:16 . 2003-10-04 00:08 99,476 --a------ c:\windows\system32\drivers\STK016W2.sys
2008-11-09 16:16 . 2003-10-03 23:46 40,960 --a------ c:\windows\system32\STK016P.ax
2008-11-09 16:16 . 2003-10-04 00:08 32,140 --a------ c:\windows\system32\drivers\STK016W1.sys
2008-11-09 12:45 . 2003-08-22 05:53 34,318 --------- c:\windows\system32\drivers\StMp3Rec.sys
2008-11-07 22:32 . 1999-08-04 12:00 1,294,336 --a------ c:\windows\system32\MGIIpl2A6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,261,568 --a------ c:\windows\system32\MGIIpl2M6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,228,800 --a------ c:\windows\system32\MGIIpl2M5.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,105,920 --a------ c:\windows\system32\MGIIpl2P6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,052,672 --a------ c:\windows\system32\MGIIpl2P5.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 23:29 --------- d-----w c:\program files\SPAMfighter
2008-11-14 23:11 --------- d-----w c:\documents and settings\Em\Application Data\Skype
2008-11-14 20:02 --------- d-----w c:\documents and settings\Em\Application Data\EoRezo
2008-11-14 18:02 --------- d-----w c:\documents and settings\Em\Application Data\skypePM
2008-11-11 13:06 --------- d-----w c:\documents and settings\Em\Application Data\KindOpenHole
2008-11-09 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 21:31 --------- d-----w c:\program files\MGI
2008-11-07 21:31 --------- d-----w c:\program files\Fichiers communs\MGI Shared
2008-09-27 19:04 --------- d-----w c:\program files\KindOpenHole
2008-09-24 19:59 --------- d-----w c:\documents and settings\Em\Application Data\Sony
2008-09-24 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-24 19:55 --------- d-----w c:\program files\Sony Ericsson
2008-09-24 19:55 --------- d-----w c:\program files\Sony
2008-09-24 19:44 --------- d-----w c:\program files\Avanquest update
2008-09-24 19:34 --------- d-----w c:\documents and settings\Em\Application Data\Sony Setup
2008-09-24 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-24 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-09-24 19:27 --------- d-----w c:\documents and settings\Em\Application Data\InstallShield
2008-09-14 15:43 --------- d-----w c:\program files\AVIConverter
2008-09-14 15:42 --------- d-----w c:\program files\Consumer Update Firmware
2008-04-25 21:25 339,784 ----a-w c:\documents and settings\Em\Application Data\GDIPFONTCACHEV1.DAT
2008-02-18 18:13 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-29 17:38 72 ----a-w c:\program files\MultiTransefind.ini
2007-06-23 12:47 107 ----a-w c:\windows\system32\config\systemprofile\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\LSDBOT-III\ASPNET\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Em\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Default User\user.bat
2000-10-23 08:37 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"E06FDXRC_208828"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-23 151597]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-05-13 1397760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2002-12-22 2176]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Em\Menu D‚marrer\Programmes\D‚marrage\
Prayer.lnk - c:\had\PTW.EXE [2007-06-24 2432512]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-19 122880]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gtguzx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\Ulead Systems\Vio\Dvacm.acm
"vidc.dvsd"= dvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BT848;AV Basic WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2002-01-27 252276]
R2 BTXBAR;AV Basic WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2002-01-28 12288]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 DCamUSBSTK016;STK016 Camera;c:\windows\system32\DRIVERS\STK016W2.sys [2003-10-04 99476]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Em\Application Data\Mozilla\Firefox\Profiles\gllxb1gi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 00:29:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-15 0:31:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-14 23:31:30
Pre-Run: 45,151,391,744 octets libres
Post-Run: 45,075,279,872 octets libres
216
Voilà le rapport ! :
ComboFix 08-11-12.02 - Em 2008-11-15 0:25:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.494 [GMT 1:00]
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\windows\system32\Cache
c:\windows\system32\cokpuppm.dll
c:\windows\system32\drivers\TDSSofxh.sys
c:\windows\system32\Drivers\TDSSpaxt.sys
c:\windows\system32\efcCtUOF.dll
c:\windows\system32\efdolwfq.ini
c:\windows\system32\ieupdates.exe
c:\windows\system32\iuwebdom.ini
c:\windows\system32\jecwubjg.ini
c:\windows\system32\mlJYpQiG.dll
c:\windows\system32\nnnmmjJY.dll
c:\windows\system32\nqsfqqed.ini
c:\windows\system32\qoMdcAPh.dll
c:\windows\system32\TDSSbivk.log
c:\windows\system32\TDSSbubx.log
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSkpjp.log
c:\windows\system32\TDSSnmxh.dll
c:\windows\system32\TDSSnrsr.dat
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoexh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSrhym.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\TDSSvvbi.dll
c:\windows\system32\urqRHxVM.dll
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\wvUoMdCr.dll
c:\windows\system32\yjyiteuw.ini
c:\windows\system32\ytebjfnp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.
2008-11-14 22:20 . 2008-11-14 22:20 <REP> d-------- C:\!KillBox
2008-11-14 19:38 . 2008-11-14 19:38 <REP> d-------- c:\program files\Trend Micro
2008-11-14 19:28 . 2008-11-14 19:28 <REP> d-------- c:\program files\CCleaner
2008-11-13 21:43 . 2008-11-13 21:43 4,923 --a------ C:\GenProc.html
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\Em\Application Data\Malwarebytes
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 16:45 . 2008-11-11 17:08 343 --ahs---- c:\windows\system32\ISAdcMoq.ini
2008-11-09 16:23 . 2008-11-09 16:23 <REP> d-------- c:\program files\IBEAD
2008-11-09 16:16 . 2008-11-09 16:16 <REP> d-------- c:\windows\STK016
2008-11-09 16:16 . 2008-11-11 14:28 <REP> d-------- c:\program files\STK016_V2.01
2008-11-09 16:16 . 2003-10-04 00:08 99,476 --a------ c:\windows\system32\drivers\STK016W2.sys
2008-11-09 16:16 . 2003-10-03 23:46 40,960 --a------ c:\windows\system32\STK016P.ax
2008-11-09 16:16 . 2003-10-04 00:08 32,140 --a------ c:\windows\system32\drivers\STK016W1.sys
2008-11-09 12:45 . 2003-08-22 05:53 34,318 --------- c:\windows\system32\drivers\StMp3Rec.sys
2008-11-07 22:32 . 1999-08-04 12:00 1,294,336 --a------ c:\windows\system32\MGIIpl2A6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,261,568 --a------ c:\windows\system32\MGIIpl2M6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,228,800 --a------ c:\windows\system32\MGIIpl2M5.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,105,920 --a------ c:\windows\system32\MGIIpl2P6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,052,672 --a------ c:\windows\system32\MGIIpl2P5.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 23:29 --------- d-----w c:\program files\SPAMfighter
2008-11-14 23:11 --------- d-----w c:\documents and settings\Em\Application Data\Skype
2008-11-14 20:02 --------- d-----w c:\documents and settings\Em\Application Data\EoRezo
2008-11-14 18:02 --------- d-----w c:\documents and settings\Em\Application Data\skypePM
2008-11-11 13:06 --------- d-----w c:\documents and settings\Em\Application Data\KindOpenHole
2008-11-09 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 21:31 --------- d-----w c:\program files\MGI
2008-11-07 21:31 --------- d-----w c:\program files\Fichiers communs\MGI Shared
2008-09-27 19:04 --------- d-----w c:\program files\KindOpenHole
2008-09-24 19:59 --------- d-----w c:\documents and settings\Em\Application Data\Sony
2008-09-24 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-24 19:55 --------- d-----w c:\program files\Sony Ericsson
2008-09-24 19:55 --------- d-----w c:\program files\Sony
2008-09-24 19:44 --------- d-----w c:\program files\Avanquest update
2008-09-24 19:34 --------- d-----w c:\documents and settings\Em\Application Data\Sony Setup
2008-09-24 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-24 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-09-24 19:27 --------- d-----w c:\documents and settings\Em\Application Data\InstallShield
2008-09-14 15:43 --------- d-----w c:\program files\AVIConverter
2008-09-14 15:42 --------- d-----w c:\program files\Consumer Update Firmware
2008-04-25 21:25 339,784 ----a-w c:\documents and settings\Em\Application Data\GDIPFONTCACHEV1.DAT
2008-02-18 18:13 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-29 17:38 72 ----a-w c:\program files\MultiTransefind.ini
2007-06-23 12:47 107 ----a-w c:\windows\system32\config\systemprofile\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\LSDBOT-III\ASPNET\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Em\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Default User\user.bat
2000-10-23 08:37 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"E06FDXRC_208828"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-23 151597]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-05-13 1397760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2002-12-22 2176]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Em\Menu D‚marrer\Programmes\D‚marrage\
Prayer.lnk - c:\had\PTW.EXE [2007-06-24 2432512]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-19 122880]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gtguzx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\Ulead Systems\Vio\Dvacm.acm
"vidc.dvsd"= dvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BT848;AV Basic WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2002-01-27 252276]
R2 BTXBAR;AV Basic WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2002-01-28 12288]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 DCamUSBSTK016;STK016 Camera;c:\windows\system32\DRIVERS\STK016W2.sys [2003-10-04 99476]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Em\Application Data\Mozilla\Firefox\Profiles\gllxb1gi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 00:29:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-15 0:31:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-14 23:31:30
Pre-Run: 45,151,391,744 octets libres
Post-Run: 45,075,279,872 octets libres
216
merci ske
--((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
t es au top.........
Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737
Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
peu de temps avant sa mort il cherchait encore...
--((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
t es au top.........
Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737
Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
peu de temps avant sa mort il cherchait encore...
Vu ... j'analyse tout cela et te dis ...
en attendant , essayes de téléchager le setup De Malwarebytes ici :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
et dis moi si cela à marché maintenant ...
en attendant , essayes de téléchager le setup De Malwarebytes ici :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
et dis moi si cela à marché maintenant ...
Jcrois bien qu'Antivirus 2009 ait disparu de mon ordi !
J'attends ta confirmation ...
J'attends ta confirmation ...
oui et non ... reste pas mal de trace encore ... fais ceci pour le moment :
http://www.commentcamarche.net/forum/affich 9371429 virus antivirus 2009?page=6#138
http://www.commentcamarche.net/forum/affich 9371429 virus antivirus 2009?page=6#138
Je poste un message pour chaque rapport c'est mieux !
Pour c:\windows\system32\ISAdcMoq.ini :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.15 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6209 2008.11.14 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.15 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.15 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.15 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.15 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.15 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -
Information additionnelle
File size: 343 bytes
MD5...: c9b1d526be0f6a0b61ec36455962b0f1
SHA1..: 78ea99f4c83c62e61e7e3b4e9c2c7185ed8f46ce
SHA256: 37a2f5c3bbd63c096b338832aee3c5ecf6b0e0fd6b887bdc7fd9848ac1c5c605
SHA512: 925506ae882e1a8ed46b25fee5f4b190f6f3dbee18b2c97b30912ac616fec664
b030a496cb6ef24b617ebbc56951b4ffc9b7d331ce6fcf02041f52db41bcadf8
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
Pour c:\windows\system32\ISAdcMoq.ini :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.15 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6209 2008.11.14 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.15 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.15 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.15 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.15 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.15 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -
Information additionnelle
File size: 343 bytes
MD5...: c9b1d526be0f6a0b61ec36455962b0f1
SHA1..: 78ea99f4c83c62e61e7e3b4e9c2c7185ed8f46ce
SHA256: 37a2f5c3bbd63c096b338832aee3c5ecf6b0e0fd6b887bdc7fd9848ac1c5c605
SHA512: 925506ae882e1a8ed46b25fee5f4b190f6f3dbee18b2c97b30912ac616fec664
b030a496cb6ef24b617ebbc56951b4ffc9b7d331ce6fcf02041f52db41bcadf8
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
Le 2ème est en cours d'éxecution. Je lutte avec mes yeux pour ne pa m'endormir xD Après celui-là on pourrait finir demain ? A moins qu'il ne reste plus grand chose à faire ?
C'est juste que j'ai cours demain matin ^^
C'est juste que j'ai cours demain matin ^^
Voilà pour le 2ème :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.15 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.15 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.15 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.15 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.15 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.15 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -
Information additionnelle
File size: 1228800 bytes
MD5...: e2eda5e4843c03e046e546a6a9602a3d
SHA1..: 28e7baf69de012673e717489dc6e37c6c0ef2896
SHA256: 1eaaa7e9ace909bed72a630623a9bbd0943ad6bbc4d0fecbb0f4a3c1924c7bc8
SHA512: bd9f5e06fa7d86842353cddf8b5f0daac5e1a3132340ac2f120a9da589addab5
90ac44a7506c7f4fdc545a506379eddd76c46de29f85d070606aa13c980028de
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6800150b
timedatestamp.....: 0x36d73541 (Fri Feb 26 23:58:57 1999)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x116978 0x117000 6.44 cabbe243cb744d0af43bb5aa1516cf08
CODE 0x118000 0x2354 0x3000 5.22 92220f8d5850b3912bac6128323f7b33
.rdata 0x11b000 0x7f7 0x1000 3.29 a2eda1decea58d924a7041c39a512ae7
.data 0x11c000 0x36f0 0x4000 3.77 134d5191694be6889ebe07667ffc683f
.data1 0x120000 0x56a0 0x6000 4.45 47f181e9372d40ec60cd20bb4deb922e
DATA 0x126000 0x608 0x1000 1.75 b8c65cf4c43bb27727353fec39fac9e3
.reloc 0x127000 0x40cc 0x5000 5.38 7092df07d15c765a9f7298f04dc58297
( 2 imports )
> MSVCRT.dll: free, _initterm, _adjust_fdiv, malloc, exit, _control87, floor, ceil, memmove
> KERNEL32.dll: TlsGetValue, TlsSetValue, FatalAppExitA, LocalAlloc, TlsAlloc, LocalFree, TlsFree
( 64 exports )
iplAdd, iplAddS, iplAllocateImage, iplAlphaComposite, iplAlphaCompositeC, iplBlur, iplComputeHisto, iplContrastStretch, iplConvert, iplConvolve2D, iplConvolveSep2D, iplCopy, iplCreateConvKernel, iplCreateConvKernelChar, iplCreateImageHeader, iplCreateROI, iplCreateTileInfo, iplDeallocate, iplDecimate, iplDeleteConvKernel, iplDeleteROI, iplDeleteTileInfo, iplError, iplErrorStr, iplExchange, iplFixedFilter, iplFree, iplGetAffineBound, iplGetAffineQuad, iplGetAffineTransform, iplGetBilinearBound, iplGetBilinearQuad, iplGetBilinearTransform, iplGetErrMode, iplGetErrStatus, iplGetLibVersion, iplGetRotateShift, iplHistoEqualize, iplMalloc, iplMaxFilter, iplMedianFilter, iplMinFilter, iplMultiplySScale, iplMultiplyScale, iplRedirectError, iplResize, iplRotate, iplSet, iplSetBorderMode, iplSetErrMode, iplSetErrStatus, iplSetROI, iplSetTileInfo, iplShear, iplSubtract, iplSubtractS, iplWarpAffine, iplWarpBilinear, iplWarpBilinearQ, iplZoom, ipldMalloc, ipliMalloc, iplsMalloc, iplwMalloc
ThreatExpert info: https://www.symantec.com?md5=e2eda5e4843c03e046e546a6a9602a3d
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.15 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.15 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.15 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.15 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.15 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.15 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -
Information additionnelle
File size: 1228800 bytes
MD5...: e2eda5e4843c03e046e546a6a9602a3d
SHA1..: 28e7baf69de012673e717489dc6e37c6c0ef2896
SHA256: 1eaaa7e9ace909bed72a630623a9bbd0943ad6bbc4d0fecbb0f4a3c1924c7bc8
SHA512: bd9f5e06fa7d86842353cddf8b5f0daac5e1a3132340ac2f120a9da589addab5
90ac44a7506c7f4fdc545a506379eddd76c46de29f85d070606aa13c980028de
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6800150b
timedatestamp.....: 0x36d73541 (Fri Feb 26 23:58:57 1999)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x116978 0x117000 6.44 cabbe243cb744d0af43bb5aa1516cf08
CODE 0x118000 0x2354 0x3000 5.22 92220f8d5850b3912bac6128323f7b33
.rdata 0x11b000 0x7f7 0x1000 3.29 a2eda1decea58d924a7041c39a512ae7
.data 0x11c000 0x36f0 0x4000 3.77 134d5191694be6889ebe07667ffc683f
.data1 0x120000 0x56a0 0x6000 4.45 47f181e9372d40ec60cd20bb4deb922e
DATA 0x126000 0x608 0x1000 1.75 b8c65cf4c43bb27727353fec39fac9e3
.reloc 0x127000 0x40cc 0x5000 5.38 7092df07d15c765a9f7298f04dc58297
( 2 imports )
> MSVCRT.dll: free, _initterm, _adjust_fdiv, malloc, exit, _control87, floor, ceil, memmove
> KERNEL32.dll: TlsGetValue, TlsSetValue, FatalAppExitA, LocalAlloc, TlsAlloc, LocalFree, TlsFree
( 64 exports )
iplAdd, iplAddS, iplAllocateImage, iplAlphaComposite, iplAlphaCompositeC, iplBlur, iplComputeHisto, iplContrastStretch, iplConvert, iplConvolve2D, iplConvolveSep2D, iplCopy, iplCreateConvKernel, iplCreateConvKernelChar, iplCreateImageHeader, iplCreateROI, iplCreateTileInfo, iplDeallocate, iplDecimate, iplDeleteConvKernel, iplDeleteROI, iplDeleteTileInfo, iplError, iplErrorStr, iplExchange, iplFixedFilter, iplFree, iplGetAffineBound, iplGetAffineQuad, iplGetAffineTransform, iplGetBilinearBound, iplGetBilinearQuad, iplGetBilinearTransform, iplGetErrMode, iplGetErrStatus, iplGetLibVersion, iplGetRotateShift, iplHistoEqualize, iplMalloc, iplMaxFilter, iplMedianFilter, iplMinFilter, iplMultiplySScale, iplMultiplyScale, iplRedirectError, iplResize, iplRotate, iplSet, iplSetBorderMode, iplSetErrMode, iplSetErrStatus, iplSetROI, iplSetTileInfo, iplShear, iplSubtract, iplSubtractS, iplWarpAffine, iplWarpBilinear, iplWarpBilinearQ, iplZoom, ipldMalloc, ipliMalloc, iplsMalloc, iplwMalloc
ThreatExpert info: https://www.symantec.com?md5=e2eda5e4843c03e046e546a6a9602a3d
Désolé, mais je pensais que tu étais parti hier ...
Alors, j'ai glissé l'icone sur Safius.exe puisque c'est ça qui correspond à Combofix je crois ... Et voilà le rapport (je poste clui de HiJack dans un message suivant) :
ComboFix 08-11-12.02 - Em 2008-11-15 12:21:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.422 [GMT 1:00]
Running from: c:\documents and settings\Em\Bureau\Safius.exe
Command switches used :: c:\documents and settings\Em\Bureau\CFScript.txt
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
FILE ::
c:\windows\system32\ISAdcMoq.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ISAdcMoq.ini
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
2008-11-14 22:20 . 2008-11-14 22:20 <REP> d-------- C:\!KillBox
2008-11-14 19:38 . 2008-11-14 19:38 <REP> d-------- c:\program files\Trend Micro
2008-11-14 19:28 . 2008-11-14 19:28 <REP> d-------- c:\program files\CCleaner
2008-11-13 21:43 . 2008-11-13 21:43 4,923 --a------ C:\GenProc.html
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\Em\Application Data\Malwarebytes
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 16:23 . 2008-11-09 16:23 <REP> d-------- c:\program files\IBEAD
2008-11-09 16:16 . 2008-11-09 16:16 <REP> d-------- c:\windows\STK016
2008-11-09 16:16 . 2008-11-11 14:28 <REP> d-------- c:\program files\STK016_V2.01
2008-11-09 16:16 . 2003-10-04 00:08 99,476 --a------ c:\windows\system32\drivers\STK016W2.sys
2008-11-09 16:16 . 2003-10-03 23:46 40,960 --a------ c:\windows\system32\STK016P.ax
2008-11-09 16:16 . 2003-10-04 00:08 32,140 --a------ c:\windows\system32\drivers\STK016W1.sys
2008-11-09 12:45 . 2003-08-22 05:53 34,318 --------- c:\windows\system32\drivers\StMp3Rec.sys
2008-11-07 22:32 . 1999-08-04 12:00 1,294,336 --a------ c:\windows\system32\MGIIpl2A6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,261,568 --a------ c:\windows\system32\MGIIpl2M6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,228,800 --a------ c:\windows\system32\MGIIpl2M5.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,105,920 --a------ c:\windows\system32\MGIIpl2P6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,052,672 --a------ c:\windows\system32\MGIIpl2P5.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 11:12 --------- d-----w c:\program files\SPAMfighter
2008-11-15 11:11 --------- d-----w c:\documents and settings\Em\Application Data\skypePM
2008-11-15 11:11 --------- d-----w c:\documents and settings\Em\Application Data\Skype
2008-11-14 20:02 --------- d-----w c:\documents and settings\Em\Application Data\EoRezo
2008-11-11 13:06 --------- d-----w c:\documents and settings\Em\Application Data\KindOpenHole
2008-11-09 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 21:31 --------- d-----w c:\program files\MGI
2008-11-07 21:31 --------- d-----w c:\program files\Fichiers communs\MGI Shared
2008-09-27 19:04 --------- d-----w c:\program files\KindOpenHole
2008-09-24 19:59 --------- d-----w c:\documents and settings\Em\Application Data\Sony
2008-09-24 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-24 19:55 --------- d-----w c:\program files\Sony Ericsson
2008-09-24 19:55 --------- d-----w c:\program files\Sony
2008-09-24 19:44 --------- d-----w c:\program files\Avanquest update
2008-09-24 19:34 --------- d-----w c:\documents and settings\Em\Application Data\Sony Setup
2008-09-24 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-24 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-09-24 19:27 --------- d-----w c:\documents and settings\Em\Application Data\InstallShield
2008-04-25 21:25 339,784 ----a-w c:\documents and settings\Em\Application Data\GDIPFONTCACHEV1.DAT
2008-02-18 18:13 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-29 17:38 72 ----a-w c:\program files\MultiTransefind.ini
2007-06-23 12:47 107 ----a-w c:\windows\system32\config\systemprofile\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\LSDBOT-III\ASPNET\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Em\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Default User\user.bat
2000-10-23 08:37 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_ 0.30.59.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-14 23:29:06 220,168 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-15 11:11:02 220,168 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-15 11:11:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2008-11-15 11:11:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"E06FDXRC_208828"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-23 151597]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-05-13 1397760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2002-12-22 2176]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Em\Menu D‚marrer\Programmes\D‚marrage\
Prayer.lnk - c:\had\PTW.EXE [2007-06-24 2432512]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-19 122880]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\Ulead Systems\Vio\Dvacm.acm
"vidc.dvsd"= dvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BT848;AV Basic WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2002-01-27 252276]
R2 BTXBAR;AV Basic WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2002-01-28 12288]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 DCamUSBSTK016;STK016 Camera;c:\windows\system32\DRIVERS\STK016W2.sys [2003-10-04 99476]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 12:23:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-15 12:24:00
ComboFix-quarantined-files.txt 2008-11-15 11:23:58
ComboFix2.txt 2008-11-14 23:31:37
Pre-Run: 45 052 764 160 octets libres
Post-Run: 45,044,596,736 octets libres
152
Alors, j'ai glissé l'icone sur Safius.exe puisque c'est ça qui correspond à Combofix je crois ... Et voilà le rapport (je poste clui de HiJack dans un message suivant) :
ComboFix 08-11-12.02 - Em 2008-11-15 12:21:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.422 [GMT 1:00]
Running from: c:\documents and settings\Em\Bureau\Safius.exe
Command switches used :: c:\documents and settings\Em\Bureau\CFScript.txt
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
FILE ::
c:\windows\system32\ISAdcMoq.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ISAdcMoq.ini
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
2008-11-14 22:20 . 2008-11-14 22:20 <REP> d-------- C:\!KillBox
2008-11-14 19:38 . 2008-11-14 19:38 <REP> d-------- c:\program files\Trend Micro
2008-11-14 19:28 . 2008-11-14 19:28 <REP> d-------- c:\program files\CCleaner
2008-11-13 21:43 . 2008-11-13 21:43 4,923 --a------ C:\GenProc.html
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\Em\Application Data\Malwarebytes
2008-11-11 19:14 . 2008-11-11 19:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 16:23 . 2008-11-09 16:23 <REP> d-------- c:\program files\IBEAD
2008-11-09 16:16 . 2008-11-09 16:16 <REP> d-------- c:\windows\STK016
2008-11-09 16:16 . 2008-11-11 14:28 <REP> d-------- c:\program files\STK016_V2.01
2008-11-09 16:16 . 2003-10-04 00:08 99,476 --a------ c:\windows\system32\drivers\STK016W2.sys
2008-11-09 16:16 . 2003-10-03 23:46 40,960 --a------ c:\windows\system32\STK016P.ax
2008-11-09 16:16 . 2003-10-04 00:08 32,140 --a------ c:\windows\system32\drivers\STK016W1.sys
2008-11-09 12:45 . 2003-08-22 05:53 34,318 --------- c:\windows\system32\drivers\StMp3Rec.sys
2008-11-07 22:32 . 1999-08-04 12:00 1,294,336 --a------ c:\windows\system32\MGIIpl2A6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,261,568 --a------ c:\windows\system32\MGIIpl2M6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,228,800 --a------ c:\windows\system32\MGIIpl2M5.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,105,920 --a------ c:\windows\system32\MGIIpl2P6.dll
2008-11-07 22:32 . 1999-08-04 12:00 1,052,672 --a------ c:\windows\system32\MGIIpl2P5.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 11:12 --------- d-----w c:\program files\SPAMfighter
2008-11-15 11:11 --------- d-----w c:\documents and settings\Em\Application Data\skypePM
2008-11-15 11:11 --------- d-----w c:\documents and settings\Em\Application Data\Skype
2008-11-14 20:02 --------- d-----w c:\documents and settings\Em\Application Data\EoRezo
2008-11-11 13:06 --------- d-----w c:\documents and settings\Em\Application Data\KindOpenHole
2008-11-09 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 21:31 --------- d-----w c:\program files\MGI
2008-11-07 21:31 --------- d-----w c:\program files\Fichiers communs\MGI Shared
2008-09-27 19:04 --------- d-----w c:\program files\KindOpenHole
2008-09-24 19:59 --------- d-----w c:\documents and settings\Em\Application Data\Sony
2008-09-24 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-24 19:55 --------- d-----w c:\program files\Sony Ericsson
2008-09-24 19:55 --------- d-----w c:\program files\Sony
2008-09-24 19:44 --------- d-----w c:\program files\Avanquest update
2008-09-24 19:34 --------- d-----w c:\documents and settings\Em\Application Data\Sony Setup
2008-09-24 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-24 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-09-24 19:27 --------- d-----w c:\documents and settings\Em\Application Data\InstallShield
2008-04-25 21:25 339,784 ----a-w c:\documents and settings\Em\Application Data\GDIPFONTCACHEV1.DAT
2008-02-18 18:13 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-29 17:38 72 ----a-w c:\program files\MultiTransefind.ini
2007-06-23 12:47 107 ----a-w c:\windows\system32\config\systemprofile\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\LSDBOT-III\ASPNET\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Em\user.bat
2007-06-23 12:47 107 ----a-w c:\documents and settings\Default User\user.bat
2000-10-23 08:37 122,880 ----a-r c:\windows\inf\AGFA\Message.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_ 0.30.59.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-14 23:29:06 220,168 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-15 11:11:02 220,168 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-15 11:11:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2008-11-15 11:11:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"E06FDXRC_208828"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-23 151597]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-05-13 1397760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2002-12-22 2176]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Em\Menu D‚marrer\Programmes\D‚marrage\
Prayer.lnk - c:\had\PTW.EXE [2007-06-24 2432512]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-19 122880]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\Ulead Systems\Vio\Dvacm.acm
"vidc.dvsd"= dvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BT848;AV Basic WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2002-01-27 252276]
R2 BTXBAR;AV Basic WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2002-01-28 12288]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 DCamUSBSTK016;STK016 Camera;c:\windows\system32\DRIVERS\STK016W2.sys [2003-10-04 99476]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 12:23:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-15 12:24:00
ComboFix-quarantined-files.txt 2008-11-15 11:23:58
ComboFix2.txt 2008-11-14 23:31:37
Pre-Run: 45 052 764 160 octets libres
Post-Run: 45,044,596,736 octets libres
152
Voilà le rapport HiJack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:05, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [E06FDXRC_208828] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Prayer.lnk = C:\HAD\PTW.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:05, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=FRE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [E06FDXRC_208828] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Prayer.lnk = C:\HAD\PTW.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Tu l'avais téléchargé hier pourtant ^^
-> http://www.commentcamarche.net/forum/affich 9371429 virus antivirus 2009?page=6#136
merki JFK ... ;)
-> http://www.commentcamarche.net/forum/affich 9371429 virus antivirus 2009?page=6#136
merki JFK ... ;)
