Fond d'écrans noir+"waning dangerous spyware&
visper
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
j'ai semble t'il attrapé il y a deux jour un virus et etant assez faible avec se genre de choses j'aimerais quelques informations si possible.
- mon fond d'ecrans est noir avec un message disant :
warning dangerous spyware
many viruses were found on your computer such as: trojan horse, passcapture, etc.
your personal information can fall into ther "third hands"
plz check up the computer with a special software thank
- crtl alt suprim est desactivé
-le dossier "mes document" souvre automatiquement sans aucune commande de ma part
-et une page internet mozilla souvre de meme me proposant d'acheter real antivirus
toutes information ou aide sera la bienvenu...
merci
j'ai semble t'il attrapé il y a deux jour un virus et etant assez faible avec se genre de choses j'aimerais quelques informations si possible.
- mon fond d'ecrans est noir avec un message disant :
warning dangerous spyware
many viruses were found on your computer such as: trojan horse, passcapture, etc.
your personal information can fall into ther "third hands"
plz check up the computer with a special software thank
- crtl alt suprim est desactivé
-le dossier "mes document" souvre automatiquement sans aucune commande de ma part
-et une page internet mozilla souvre de meme me proposant d'acheter real antivirus
toutes information ou aide sera la bienvenu...
merci
A voir également:
- Fond d'écrans noir+"waning dangerous spyware&
- Google fond noir - Guide
- Comment mettre une vidéo en fond d'écran - Guide
- Ecran noir - Guide
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Fond d'écran carousel - Forum Xiaomi
7 réponses
Salut, pour avancer Girly, telecharges Hijackthis sur ton bureau http://www.trendsecure.com/portal/en-US/tools/Security_tools/hijackthis et fermes tous les programmes en cours...-Double-cliques sur Hijackthis et Executes le en cliquant sur " Do a scan and save a log file ">>>Un rapport s'ouvre sur le bloc-note, enregistres le et postes le!
ok
on va passer ceci : (suis bien les instructions ci dessous)
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
on va passer ceci : (suis bien les instructions ci dessous)
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
ok voici le scan hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:29, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\DOCUME~1\nathan\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FA7E42FC-C910-4379-B791-7FD72BE25D10} - C:\WINDOWS\system32\khfExuvT.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\DualPix Exchange\CamService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\xwgtvelr.dll",b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Agendis.LNK = C:\Program Files\Agendis\Agendis.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\nathan\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\nathan\locals~1\temp\ntdll64.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0073EB1.dat
O23 - Service: Aanrur - - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - Nico 9.1 - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:29, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\DOCUME~1\nathan\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FA7E42FC-C910-4379-B791-7FD72BE25D10} - C:\WINDOWS\system32\khfExuvT.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\DualPix Exchange\CamService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\xwgtvelr.dll",b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Agendis.LNK = C:\Program Files\Agendis\Agendis.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\nathan\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\nathan\locals~1\temp\ntdll64.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0073EB1.dat
O23 - Service: Aanrur - - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - Nico 9.1 - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut visper,
Fais ce que je t´ai énoncé ici :
http://www.commentcamarche.net/forum/affich 9897428 fond d ecrans noir waning dangerous spyware?#3
@+
Fais ce que je t´ai énoncé ici :
http://www.commentcamarche.net/forum/affich 9897428 fond d ecrans noir waning dangerous spyware?#3
@+
ok voila le combofix:
ComboFix 08-12-16.03 - nathan 2008-12-17 15:04:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.689 [GMT 13:00]
Lancé depuis: c:\documents and settings\nathan\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\nathan\Application Data\gadcom
c:\documents and settings\nathan\Application Data\ShoppingReport
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\nathan\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\TDSSmxjt.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\osqllvaj.ini
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qoMffDww.dll
c:\windows\system32\rlevtgwx.ini
c:\windows\system32\TDSSoitt.dll
c:\windows\system32\test.ttt
c:\windows\system32\TvuxEfhk.ini
c:\windows\system32\TvuxEfhk.ini2
c:\windows\system32\uniq.tll
c:\windows\system32\WanPacket.dll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wpcap.dll
c:\windows\Tasks\vdiyoayl.job
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_FCI
-------\Legacy_NPF
-------\Service_FCI
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.
2008-12-17 14:51 . 2008-12-17 14:51 <REP> d-------- c:\program files\Trend Micro
2008-12-17 14:41 . 2008-12-17 14:41 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-14 16:18 . 2008-12-14 16:18 <REP> d-------- c:\program files\CCleaner
2008-12-14 16:14 . 2008-12-14 16:15 0 --a------ C:\paths.bat
2008-12-14 16:13 . 2008-12-14 16:13 <REP> d-------- C:\ToolBar SD
2008-12-12 23:33 . 2008-12-12 23:33 <REP> d---s---- c:\program files\Xfire
2008-12-12 23:33 . 2008-12-12 23:33 <REP> d-------- c:\documents and settings\nathan\Application Data\Xfire
2008-12-12 23:13 . 2008-12-12 23:13 <REP> d-------- c:\documents and settings\nathan\Application Data\InstallShield
2008-12-12 17:18 . 2008-12-12 17:18 <REP> d-------- c:\program files\vghd
2008-12-12 17:18 . 2008-12-12 17:18 <REP> d-------- c:\documents and settings\nathan\Application Data\vghd
2008-12-12 17:18 . 2008-12-12 17:18 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-12 17:15 . 2008-12-12 17:15 2 --a------ C:\156505820
2008-12-10 21:33 . 2008-12-10 21:33 <REP> d-------- c:\documents and settings\nathan\Application Data\Azureus
2008-12-10 21:33 . 2008-12-10 21:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-10 21:32 . 2008-12-10 21:32 <REP> d-------- c:\program files\Vuze
2008-12-10 20:48 . 2008-12-10 20:48 <REP> d-------- c:\program files\DNA
2008-12-10 20:48 . 2008-12-10 20:48 <REP> d-------- c:\documents and settings\nathan\Application Data\DNA
2008-12-10 20:47 . 2008-12-10 20:47 <REP> d-------- c:\program files\AskSearch
2008-12-10 20:47 . 2008-12-10 20:47 <REP> d-------- c:\program files\AskBarDis
2008-11-25 13:32 . 2008-11-25 13:32 <REP> d-------- c:\program files\Bridge Building Game
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 04:18 111,616 ----a-w c:\windows\system32\userinit.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-22 05:24 --------- d-----w c:\program files\PKR
2008-10-16 01:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 01:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 01:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 01:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 01:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 01:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 01:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 01:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 01:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 01:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 01:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 01:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 01:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 01:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 14:18 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 03:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-05 19:08 1 ----a-w c:\documents and settings\nathan\SI.bin
2007-12-03 06:48 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2003-07-31 09:21 401,408 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteDX6D3D.dll
2003-07-31 09:20 385,024 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteD3D.dll
2003-07-31 09:19 397,312 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteOpenGL.dll
2003-06-08 17:38 106,496 ----a-w c:\program files\mozilla firefox\plugins\cdrPeops.dll
2003-06-08 17:38 77,824 ----a-w c:\program files\mozilla firefox\plugins\spuPeopsDSound.dll
2008-12-14 03:12 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-13 01:52 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-13 01:52 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-13 01:52 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-13 01:52 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-13 01:52 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"= "c:\program files\Search Settings\kb127\SearchSettings.dll" [2008-06-12 1111904]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"= "c:\program files\AskSearch\bin\DefaultSearch.dll" [2008-09-29 90112]
[HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO]
[HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-06-12 16:57 1111904 --a------ c:\program files\Search Settings\kb127\SearchSettings.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-11-16 21760296]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-10 342848]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2006-09-14 5001216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-10 185784]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamsoul139\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamsoul139\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamsoul139\\condition zero deleted scenes\\hl.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3045:UDP"= 3045:UDP:Windows Media Format SDK (iexplore.exe)
"3044:UDP"= 3044:UDP:Windows Media Format SDK (iexplore.exe)
"3048:UDP"= 3048:UDP:Windows Media Format SDK (iexplore.exe)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2007-01-12 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2007-01-12 78208]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S2 MsgrIntSvc;Serveur intermédiaire pour Messenger;"c:\program files\MsgrIntSvr\MsgrIntSvr.exe" [2007-10-09 360448]
S3 Aanrur;Aanrur; []
S3 camfilt2;camfilt2;c:\windows\system32\Drivers\camfilt2.sys [2007-12-25 94208]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" []
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
*Newly Created Service* - INT15.SYS
.
Contenu du dossier 'Tâches planifiées'
2008-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{100EB1FD-D03E-47FD-81F3-EE91287F9465} - c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
BHO-{D88E1558-7C2D-407A-953A-C044F5607CEA} - c:\program files\Mjcore\Mjcore.dll
BHO-{FA7E42FC-C910-4379-B791-7FD72BE25D10} - c:\windows\system32\khfExuvT.dll
HKCU-Run-ProxyWay - c:\program files\ProxyWay\proxyway.exe
HKLM-Run-Creative WebCam Tray - c:\program files\Creative\Shared Files\CAMTRAY.EXE
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-HerculesCamService - c:\program files\Hercules\DualPix Exchange\CamService.exe
HKLM-Run-09541673 - c:\windows\system32\xwgtvelr.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
LSP: c:\docume~1\nathan\LOCALS~1\Temp\ntdll64.dll
FF - ProfilePath - c:\documents and settings\nathan\Application Data\Mozilla\Firefox\Profiles\lst1v0xv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 15:31:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\nathan\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\drwtsn32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-17 15:32:56 - La machine a redémarré [nathan]
ComboFix-quarantined-files.txt 2008-12-17 02:32:54
Avant-CF: 2,522,415,104 octets libres
Après-CF: 4,372,234,240 octets libres
306 --- E O F --- 2008-12-11 22:18:03
ComboFix 08-12-16.03 - nathan 2008-12-17 15:04:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.689 [GMT 13:00]
Lancé depuis: c:\documents and settings\nathan\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\nathan\Application Data\gadcom
c:\documents and settings\nathan\Application Data\ShoppingReport
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\nathan\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\nathan\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\TDSSmxjt.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\osqllvaj.ini
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qoMffDww.dll
c:\windows\system32\rlevtgwx.ini
c:\windows\system32\TDSSoitt.dll
c:\windows\system32\test.ttt
c:\windows\system32\TvuxEfhk.ini
c:\windows\system32\TvuxEfhk.ini2
c:\windows\system32\uniq.tll
c:\windows\system32\WanPacket.dll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wpcap.dll
c:\windows\Tasks\vdiyoayl.job
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_FCI
-------\Legacy_NPF
-------\Service_FCI
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.
2008-12-17 14:51 . 2008-12-17 14:51 <REP> d-------- c:\program files\Trend Micro
2008-12-17 14:41 . 2008-12-17 14:41 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-14 16:18 . 2008-12-14 16:18 <REP> d-------- c:\program files\CCleaner
2008-12-14 16:14 . 2008-12-14 16:15 0 --a------ C:\paths.bat
2008-12-14 16:13 . 2008-12-14 16:13 <REP> d-------- C:\ToolBar SD
2008-12-12 23:33 . 2008-12-12 23:33 <REP> d---s---- c:\program files\Xfire
2008-12-12 23:33 . 2008-12-12 23:33 <REP> d-------- c:\documents and settings\nathan\Application Data\Xfire
2008-12-12 23:13 . 2008-12-12 23:13 <REP> d-------- c:\documents and settings\nathan\Application Data\InstallShield
2008-12-12 17:18 . 2008-12-12 17:18 <REP> d-------- c:\program files\vghd
2008-12-12 17:18 . 2008-12-12 17:18 <REP> d-------- c:\documents and settings\nathan\Application Data\vghd
2008-12-12 17:18 . 2008-12-12 17:18 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-12 17:15 . 2008-12-12 17:15 2 --a------ C:\156505820
2008-12-10 21:33 . 2008-12-10 21:33 <REP> d-------- c:\documents and settings\nathan\Application Data\Azureus
2008-12-10 21:33 . 2008-12-10 21:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-10 21:32 . 2008-12-10 21:32 <REP> d-------- c:\program files\Vuze
2008-12-10 20:48 . 2008-12-10 20:48 <REP> d-------- c:\program files\DNA
2008-12-10 20:48 . 2008-12-10 20:48 <REP> d-------- c:\documents and settings\nathan\Application Data\DNA
2008-12-10 20:47 . 2008-12-10 20:47 <REP> d-------- c:\program files\AskSearch
2008-12-10 20:47 . 2008-12-10 20:47 <REP> d-------- c:\program files\AskBarDis
2008-11-25 13:32 . 2008-11-25 13:32 <REP> d-------- c:\program files\Bridge Building Game
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 04:18 111,616 ----a-w c:\windows\system32\userinit.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-22 05:24 --------- d-----w c:\program files\PKR
2008-10-16 01:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 01:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 01:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 01:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 01:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 01:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 01:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 01:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 01:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 01:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 01:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 01:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 01:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 01:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 14:18 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 03:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-05 19:08 1 ----a-w c:\documents and settings\nathan\SI.bin
2007-12-03 06:48 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2003-07-31 09:21 401,408 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteDX6D3D.dll
2003-07-31 09:20 385,024 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteD3D.dll
2003-07-31 09:19 397,312 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteOpenGL.dll
2003-06-08 17:38 106,496 ----a-w c:\program files\mozilla firefox\plugins\cdrPeops.dll
2003-06-08 17:38 77,824 ----a-w c:\program files\mozilla firefox\plugins\spuPeopsDSound.dll
2008-12-14 03:12 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-13 01:52 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-13 01:52 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-13 01:52 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-13 01:52 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-13 01:52 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"= "c:\program files\Search Settings\kb127\SearchSettings.dll" [2008-06-12 1111904]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"= "c:\program files\AskSearch\bin\DefaultSearch.dll" [2008-09-29 90112]
[HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO]
[HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-06-12 16:57 1111904 --a------ c:\program files\Search Settings\kb127\SearchSettings.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-11-16 21760296]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-10 342848]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2006-09-14 5001216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-10 185784]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamsoul139\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamsoul139\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamsoul139\\condition zero deleted scenes\\hl.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3045:UDP"= 3045:UDP:Windows Media Format SDK (iexplore.exe)
"3044:UDP"= 3044:UDP:Windows Media Format SDK (iexplore.exe)
"3048:UDP"= 3048:UDP:Windows Media Format SDK (iexplore.exe)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2007-01-12 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2007-01-12 78208]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S2 MsgrIntSvc;Serveur intermédiaire pour Messenger;"c:\program files\MsgrIntSvr\MsgrIntSvr.exe" [2007-10-09 360448]
S3 Aanrur;Aanrur; []
S3 camfilt2;camfilt2;c:\windows\system32\Drivers\camfilt2.sys [2007-12-25 94208]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" []
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]
*Newly Created Service* - INT15.SYS
.
Contenu du dossier 'Tâches planifiées'
2008-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{100EB1FD-D03E-47FD-81F3-EE91287F9465} - c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
BHO-{D88E1558-7C2D-407A-953A-C044F5607CEA} - c:\program files\Mjcore\Mjcore.dll
BHO-{FA7E42FC-C910-4379-B791-7FD72BE25D10} - c:\windows\system32\khfExuvT.dll
HKCU-Run-ProxyWay - c:\program files\ProxyWay\proxyway.exe
HKLM-Run-Creative WebCam Tray - c:\program files\Creative\Shared Files\CAMTRAY.EXE
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-HerculesCamService - c:\program files\Hercules\DualPix Exchange\CamService.exe
HKLM-Run-09541673 - c:\windows\system32\xwgtvelr.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
LSP: c:\docume~1\nathan\LOCALS~1\Temp\ntdll64.dll
FF - ProfilePath - c:\documents and settings\nathan\Application Data\Mozilla\Firefox\Profiles\lst1v0xv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 15:31:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\nathan\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\drwtsn32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-17 15:32:56 - La machine a redémarré [nathan]
ComboFix-quarantined-files.txt 2008-12-17 02:32:54
Avant-CF: 2,522,415,104 octets libres
Après-CF: 4,372,234,240 octets libres
306 --- E O F --- 2008-12-11 22:18:03
la suite :
copie le texte ci dessous :
folder::
c:\program files\vghd
c:\documents and settings\nathan\Application Data\vghd
C:\156505820
c:\program files\Search Settings
c:\program files\AskBarDis
File::
c:\windows\system32\vghd.scr
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"=-
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"=-
[-HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[-HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[-HKEY_CLASSES_ROOT\SearchSettings.BHO]
[-HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[-HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[-HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
Driver::
Aanrur
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.
@+
copie le texte ci dessous :
folder::
c:\program files\vghd
c:\documents and settings\nathan\Application Data\vghd
C:\156505820
c:\program files\Search Settings
c:\program files\AskBarDis
File::
c:\windows\system32\vghd.scr
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"=-
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"=-
[-HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[-HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[-HKEY_CLASSES_ROOT\SearchSettings.BHO]
[-HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[-HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[-HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
Driver::
Aanrur
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.
@+
