Rapport scan verus avec combo fix
roufa_k
-
neor Messages postés 1119 Statut Membre -
neor Messages postés 1119 Statut Membre -
Bonjour,
ComboFix 08-12-12.05 - Khemiri 2008-12-13 20:21:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1279.765 [GMT 1:00]
Lancé depuis: c:\documents and settings\Khemiri\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\program files\delfin
c:\program files\delfin\PromulGate\delfinAD.ebd
c:\program files\delfin\PromulGate\delfinAF.edx
c:\program files\delfin\PromulGate\delfinBD.edx
c:\program files\delfin\PromulGate\delfinCO.edx
c:\program files\delfin\PromulGate\delfinDL.edx
c:\program files\delfin\PromulGate\delfinED.edx
c:\program files\delfin\PromulGate\delfinID.edx
c:\program files\delfin\PromulGate\delfinLD.edx
c:\program files\delfin\PromulGate\delfinLO.ebd
c:\program files\delfin\PromulGate\preference.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u1210371.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\[u]0/u0062597
c:\program files\MyWebSearch\bar\Cache\[u]0/u00798A1
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D24AE.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D2B18.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D3AFA.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D4A1E.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D4D35.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0655CEA.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0657548.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0658EB6.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u06591D7
c:\program files\MyWebSearch\bar\Cache\[u]0/u121C33E
c:\program files\MyWebSearch\bar\Cache\[u]0/u121CE28.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u121E763.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u1220993.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u1221A15.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\PCHealthCenter
c:\program files\PCHealthCenter\2.gif
c:\program files\PCHealthCenter\3.gif
c:\program files\PCHealthCenter\sc.html
C:\ranvrgn.exe
c:\recycler\S-1-5-21-515967899-484763869-1343024091-1001\Dc6\Desktop_.ini
c:\windows\fxstaller.exe
c:\windows\system32\Cache
c:\windows\system32\geBqOeFW.dll
c:\windows\system32\hofnsdtm.dll
c:\windows\system32\jkkHBSIy.dll
c:\windows\system32\mtdsnfoh.ini
c:\windows\system32\nnnnKcYQ.dll
c:\windows\system32\qoMeDVOG.dll
c:\windows\system32\tuvSmmki.dll
c:\windows\system32\WFeOqBeg.ini
c:\windows\system32\WFeOqBeg.ini2
c:\windows\Tasks\dwzbynhz.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.
2008-12-13 18:46 . 2008-12-13 19:56 48,640 -----c--- C:\waxx.exe
2008-12-11 19:56 . 2008-12-11 19:56 <REP> d-------- c:\program files\Elaborate Bytes
2008-12-11 18:27 . 2008-12-11 18:27 <REP> d-------- c:\program files\EAGLE-5.2.0
2008-12-11 18:26 . 2008-12-11 18:26 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\CadSoft
2008-12-07 11:00 . 2008-12-07 11:00 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-12-06 13:13 . 2008-12-06 13:13 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1
2008-12-06 12:41 . 2008-12-13 17:46 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Skype
2008-11-30 08:31 . 2008-11-30 08:31 50 --a------ c:\windows\MegaManager.INI
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Megaupload
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\EmailNotifier
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\All Users\Application Data\Megaupload
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\All Users\Application Data\EmailNotifier
2008-11-26 23:07 . 2008-12-03 21:28 <REP> d-------- c:\program files\Java
2008-11-26 23:07 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-26 23:07 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-23 22:20 . 2008-11-23 22:20 <REP> d-------- c:\program files\EAGLE-4.09r2
2008-11-23 16:21 . 2008-11-30 08:33 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Metacafe
2008-11-23 16:20 . 2008-12-13 20:28 <REP> d-------- c:\program files\Fichiers communs\Akamai
2008-11-23 16:19 . 2008-11-23 16:19 <REP> d-------- c:\program files\Metacafe
2008-11-23 16:19 . 2008-11-30 08:33 <REP> d----c--- c:\documents and settings\All Users\Application Data\Metacafe
2008-11-22 13:48 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-22 13:48 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-11-18 22:20 . 2008-01-17 14:08 72,679 --a------ c:\windows\system32\pubnet.vbs
2008-11-18 22:20 . 2008-11-18 22:20 34,657 --a------ c:\windows\system32\nansy.jpg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 16:24 --------- dc----w c:\documents and settings\Khemiri\Application Data\skypePM
2008-12-06 11:40 --------- dc----w c:\documents and settings\All Users\Application Data\Skype
2008-12-06 11:40 --------- d-----r c:\program files\Skype
2008-11-30 07:57 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-30 07:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 06:54 --------- dc----w c:\documents and settings\Khemiri\Application Data\DMCache
2008-11-16 15:56 --------- dc----w c:\documents and settings\Khemiri\Application Data\Nokia
2008-11-08 13:43 --------- d-----w c:\program files\Samsung
2008-11-07 15:25 --------- dc----w c:\documents and settings\Khemiri\Application Data\Orbit
2008-11-07 15:18 --------- d-----w c:\program files\RocketDock
2008-11-07 15:13 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-11-07 15:12 --------- d-----w c:\program files\VerbAce
2008-11-07 15:12 --------- d-----w c:\program files\Orbitdownloader
2008-11-07 15:12 --------- d-----w c:\program files\HWiNFO32
2008-10-30 19:22 --------- dc----w c:\documents and settings\Khemiri\Application Data\Samsung
2008-10-30 19:19 --------- d-----w c:\program files\Replay Media Catcher
2008-10-27 21:13 --------- dc----w c:\documents and settings\Khemiri\Application Data\GetRightToGo
2008-10-26 20:31 --------- d-----w c:\program files\OrCAD_Demo
2008-10-20 20:27 --------- dc----w c:\documents and settings\Khemiri\Application Data\AVGTOOLBAR
2008-10-19 19:04 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-19 19:04 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-19 19:04 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-19 19:03 --------- dc----w c:\documents and settings\All Users\Application Data\avg8
2008-10-16 17:59 --------- d-----w c:\program files\Fichiers communs\PCSuite
2008-10-16 17:58 --------- d-----w c:\program files\Nokia
2008-10-16 17:54 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-16 17:47 --------- dc----w c:\documents and settings\All Users\Application Data\Installations
2008-10-01 21:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-01 21:26 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-04-23 21:34 2,708,480 ----a-w c:\program files\FLV PlayerFCSetup.exe
2008-04-23 21:30 4,265,560 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2008-04-23 21:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2006-07-29 22:30 266 --sh--w c:\program files\desktop.ini
2004-01-12 06:45 11,854 ----a-w c:\program files\MPLAB_LicenseAgreement.rtf
.
------- Sigcheck -------
2004-08-18 12:22 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\tcpip.sys
2004-08-23 01:35 954368 4387b0d205f8e3bfcb53e2ed6fbf9aeb c:\windows\explorer.exe
2004-08-23 01:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 c:\windows\XPize\Backup\explorer.exe
2004-08-04 03:54 30208 978e23bbab5af4d474da11814d542392 c:\windows\system32\ctfmon.exe
2004-08-04 03:54 30208 978e23bbab5af4d474da11814d542392 c:\windows\system32\dllcache\ctfmon.exe
2004-08-04 03:54 15360 5584247b568c2e53934873f4b655fe6a c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25795368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-01 185872]
"Pubnet"="c:\windows\system32\pubnet.vbs" [2008-01-17 72679]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SoundMan"="SOUNDMAN.EXE" [2002-09-27 c:\windows\Soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]
c:\documents and settings\Besmellah.BESMELLAH-93B5B\Menu D‚marrer\Programmes\D‚marrage\
Reboot.exe [2002-08-20 432128]
c:\documents and settings\khemiri Abderraouf\Menu D‚marrer\Programmes\D‚marrage\
Reboot.exe [2002-08-20 432128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-19 97928]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2008-10-01 14336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-19 76040]
R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS [2008-05-28 8064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27320dc8-a1fa-11dd-8d42-000ae67401fa}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{7ADC07A0-996F-4BBD-AD91-EEEE8A80C54A} - c:\windows\system32\geBqOeFW.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-RunOnce-Execute - c:\windows\System32\Tools\DelFolders.exe
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sagem.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Khemiri\Application Data\Mozilla\Firefox\Profiles\si76wpli.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 20:27:19
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\SETUPAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscript.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 20:32:05 - La machine a redémarré [Khemiri]
ComboFix-quarantined-files.txt 2008-12-13 19:31:59
Avant-CF: 41,639,169,024 octets libres
Après-CF: 41,800,228,352 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=kernel1.exe /tutag=jmobts-bak
350
ComboFix 08-12-12.05 - Khemiri 2008-12-13 20:21:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1279.765 [GMT 1:00]
Lancé depuis: c:\documents and settings\Khemiri\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\program files\delfin
c:\program files\delfin\PromulGate\delfinAD.ebd
c:\program files\delfin\PromulGate\delfinAF.edx
c:\program files\delfin\PromulGate\delfinBD.edx
c:\program files\delfin\PromulGate\delfinCO.edx
c:\program files\delfin\PromulGate\delfinDL.edx
c:\program files\delfin\PromulGate\delfinED.edx
c:\program files\delfin\PromulGate\delfinID.edx
c:\program files\delfin\PromulGate\delfinLD.edx
c:\program files\delfin\PromulGate\delfinLO.ebd
c:\program files\delfin\PromulGate\preference.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u1210371.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\[u]0/u0062597
c:\program files\MyWebSearch\bar\Cache\[u]0/u00798A1
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D24AE.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D2B18.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D3AFA.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D4A1E.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u00D4D35.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0655CEA.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0657548.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0658EB6.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u06591D7
c:\program files\MyWebSearch\bar\Cache\[u]0/u121C33E
c:\program files\MyWebSearch\bar\Cache\[u]0/u121CE28.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u121E763.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u1220993.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u1221A15.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\PCHealthCenter
c:\program files\PCHealthCenter\2.gif
c:\program files\PCHealthCenter\3.gif
c:\program files\PCHealthCenter\sc.html
C:\ranvrgn.exe
c:\recycler\S-1-5-21-515967899-484763869-1343024091-1001\Dc6\Desktop_.ini
c:\windows\fxstaller.exe
c:\windows\system32\Cache
c:\windows\system32\geBqOeFW.dll
c:\windows\system32\hofnsdtm.dll
c:\windows\system32\jkkHBSIy.dll
c:\windows\system32\mtdsnfoh.ini
c:\windows\system32\nnnnKcYQ.dll
c:\windows\system32\qoMeDVOG.dll
c:\windows\system32\tuvSmmki.dll
c:\windows\system32\WFeOqBeg.ini
c:\windows\system32\WFeOqBeg.ini2
c:\windows\Tasks\dwzbynhz.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.
2008-12-13 18:46 . 2008-12-13 19:56 48,640 -----c--- C:\waxx.exe
2008-12-11 19:56 . 2008-12-11 19:56 <REP> d-------- c:\program files\Elaborate Bytes
2008-12-11 18:27 . 2008-12-11 18:27 <REP> d-------- c:\program files\EAGLE-5.2.0
2008-12-11 18:26 . 2008-12-11 18:26 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\CadSoft
2008-12-07 11:00 . 2008-12-07 11:00 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-12-06 13:13 . 2008-12-06 13:13 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1
2008-12-06 12:41 . 2008-12-13 17:46 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Skype
2008-11-30 08:31 . 2008-11-30 08:31 50 --a------ c:\windows\MegaManager.INI
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Megaupload
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\EmailNotifier
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\All Users\Application Data\Megaupload
2008-11-30 08:22 . 2008-11-30 08:22 <REP> d----c--- c:\documents and settings\All Users\Application Data\EmailNotifier
2008-11-26 23:07 . 2008-12-03 21:28 <REP> d-------- c:\program files\Java
2008-11-26 23:07 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-26 23:07 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-23 22:20 . 2008-11-23 22:20 <REP> d-------- c:\program files\EAGLE-4.09r2
2008-11-23 16:21 . 2008-11-30 08:33 <REP> d----c--- c:\documents and settings\Khemiri\Application Data\Metacafe
2008-11-23 16:20 . 2008-12-13 20:28 <REP> d-------- c:\program files\Fichiers communs\Akamai
2008-11-23 16:19 . 2008-11-23 16:19 <REP> d-------- c:\program files\Metacafe
2008-11-23 16:19 . 2008-11-30 08:33 <REP> d----c--- c:\documents and settings\All Users\Application Data\Metacafe
2008-11-22 13:48 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-22 13:48 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-11-18 22:20 . 2008-01-17 14:08 72,679 --a------ c:\windows\system32\pubnet.vbs
2008-11-18 22:20 . 2008-11-18 22:20 34,657 --a------ c:\windows\system32\nansy.jpg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 16:24 --------- dc----w c:\documents and settings\Khemiri\Application Data\skypePM
2008-12-06 11:40 --------- dc----w c:\documents and settings\All Users\Application Data\Skype
2008-12-06 11:40 --------- d-----r c:\program files\Skype
2008-11-30 07:57 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-30 07:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 06:54 --------- dc----w c:\documents and settings\Khemiri\Application Data\DMCache
2008-11-16 15:56 --------- dc----w c:\documents and settings\Khemiri\Application Data\Nokia
2008-11-08 13:43 --------- d-----w c:\program files\Samsung
2008-11-07 15:25 --------- dc----w c:\documents and settings\Khemiri\Application Data\Orbit
2008-11-07 15:18 --------- d-----w c:\program files\RocketDock
2008-11-07 15:13 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-11-07 15:12 --------- d-----w c:\program files\VerbAce
2008-11-07 15:12 --------- d-----w c:\program files\Orbitdownloader
2008-11-07 15:12 --------- d-----w c:\program files\HWiNFO32
2008-10-30 19:22 --------- dc----w c:\documents and settings\Khemiri\Application Data\Samsung
2008-10-30 19:19 --------- d-----w c:\program files\Replay Media Catcher
2008-10-27 21:13 --------- dc----w c:\documents and settings\Khemiri\Application Data\GetRightToGo
2008-10-26 20:31 --------- d-----w c:\program files\OrCAD_Demo
2008-10-20 20:27 --------- dc----w c:\documents and settings\Khemiri\Application Data\AVGTOOLBAR
2008-10-19 19:04 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-19 19:04 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-19 19:04 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-19 19:03 --------- dc----w c:\documents and settings\All Users\Application Data\avg8
2008-10-16 17:59 --------- d-----w c:\program files\Fichiers communs\PCSuite
2008-10-16 17:58 --------- d-----w c:\program files\Nokia
2008-10-16 17:54 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-16 17:47 --------- dc----w c:\documents and settings\All Users\Application Data\Installations
2008-10-01 21:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-01 21:26 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-04-23 21:34 2,708,480 ----a-w c:\program files\FLV PlayerFCSetup.exe
2008-04-23 21:30 4,265,560 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2008-04-23 21:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2006-07-29 22:30 266 --sh--w c:\program files\desktop.ini
2004-01-12 06:45 11,854 ----a-w c:\program files\MPLAB_LicenseAgreement.rtf
.
------- Sigcheck -------
2004-08-18 12:22 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\tcpip.sys
2004-08-23 01:35 954368 4387b0d205f8e3bfcb53e2ed6fbf9aeb c:\windows\explorer.exe
2004-08-23 01:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 c:\windows\XPize\Backup\explorer.exe
2004-08-04 03:54 30208 978e23bbab5af4d474da11814d542392 c:\windows\system32\ctfmon.exe
2004-08-04 03:54 30208 978e23bbab5af4d474da11814d542392 c:\windows\system32\dllcache\ctfmon.exe
2004-08-04 03:54 15360 5584247b568c2e53934873f4b655fe6a c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25795368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-01 185872]
"Pubnet"="c:\windows\system32\pubnet.vbs" [2008-01-17 72679]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SoundMan"="SOUNDMAN.EXE" [2002-09-27 c:\windows\Soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]
c:\documents and settings\Besmellah.BESMELLAH-93B5B\Menu D‚marrer\Programmes\D‚marrage\
Reboot.exe [2002-08-20 432128]
c:\documents and settings\khemiri Abderraouf\Menu D‚marrer\Programmes\D‚marrage\
Reboot.exe [2002-08-20 432128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-19 97928]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2008-10-01 14336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-19 76040]
R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS [2008-05-28 8064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27320dc8-a1fa-11dd-8d42-000ae67401fa}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{7ADC07A0-996F-4BBD-AD91-EEEE8A80C54A} - c:\windows\system32\geBqOeFW.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-RunOnce-Execute - c:\windows\System32\Tools\DelFolders.exe
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sagem.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Khemiri\Application Data\Mozilla\Firefox\Profiles\si76wpli.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 20:27:19
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\SETUPAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscript.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 20:32:05 - La machine a redémarré [Khemiri]
ComboFix-quarantined-files.txt 2008-12-13 19:31:59
Avant-CF: 41,639,169,024 octets libres
Après-CF: 41,800,228,352 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=kernel1.exe /tutag=jmobts-bak
350
A voir également:
- Rapport scan verus avec combo fix
- Scan qr code pc - Guide
- Fix it - Télécharger - Optimisation
- Sfc scan - Guide
- Plan rapport de stage - Guide
- Scan spotify - Guide
3 réponses
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:24, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.safran-electronics-defense.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pubnet] C:\WINDOWS\system32\pubnet.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Babuki.lnk = C:\Program Files\Babuki\Babuki.exe
O4 - Startup: Reboot.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Scan saved at 21:00:24, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.safran-electronics-defense.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pubnet] C:\WINDOWS\system32\pubnet.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Babuki.lnk = C:\Program Files\Babuki\Babuki.exe
O4 - Startup: Reboot.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Bonsoir,
Télécharge HijackThis (outils de dignostic) ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Télécharge HijackThis (outils de dignostic) ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Lance Malwarebyte's https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html…
Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).
--> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
http://site-naheulbeuk.com/
Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).
--> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
http://site-naheulbeuk.com/
